VirtualBox

Opened 11 years ago

Last modified 4 years ago

#12038 new defect

bridged interface one way VLAN traffic

Reported by: svschmid Owned by:
Component: network Version: VirtualBox 4.2.16
Keywords: vlan tag Cc:
Guest type: Linux Host type: Mac OS X

Description

A trunk port which is connected to the host adapter, is defined as a bridged interface. On the guest host (Debian 3.2.32-1 x86_64)vlan support is enabled and the subinterfaces are up. The host OS version is MAC OS 10.8.4. The packet sniffer traces of the host physical interface and the virtualbox adapter interface shows that the packets ( pppoe padi ) send by the guest, will be send with the right vlan tag to the destination (seen on adapter and host interface level). The request packet (pppoe pado) is seen only in the packet dump of the host interface (also with the expected vlan tag) but not seen in the virtualbox adapter dump ( result packet will not be send to guest os). I have seen the same behavior when using a tagged vlan as a source interface for a guest network adapter. I have tested this with the virtio-net and 82540EM network adapter types (same behavior).

Kind regards Sven

Change History (6)

comment:1 by kaijen, 9 years ago

I see the same behaviour with my VB 4.3.20 on my Mac. In my case DHCP DISCOVER packets leave the guest tagged correctly. I can trace the DHCP OFFER packets on the host but they never make it into the guest. The OFFER packets look just fine and are tagged correctly.

Is there any chance this problem will be addressed?

comment:2 by jessyjames, 8 years ago

same thing still in 5.0.10... If I ping around, I see that the Host can ping the VM and the GW (different HW box), but the VM and the GW can't reach each other. on the GW I see an arp entry for the VM, but not the other way round (VM see's no arp)

tcpdump shows the same: packages are received and send by the GW, but they never appear on the VM. further tests included a different HW-box, disabling the host-firewall (just to be sure) and i tried a different VLAN as well as different virtual network cards (PCnet-Fast III and para-virt) its still the same: packages leave the VM but its not receiving.

Please help or address this issue in a future release.

thanks & br, jessy

Last edited 8 years ago by jessyjames (previous) (diff)

comment:3 by Ovidiu Poncea, 7 years ago

Hi Guys,

Seems that the same problem is reproducible in 5.1.16. I have ubuntu 16.04 as the virtualbox host and a centos 7.3 guest. I created the bridged interfaces on the host as described in the initial description. I see arp requests arriving from guests to hosts with correct vlans then I also see replies leaving the host with the correct vlan but guest does not get them.

Any news on this?

I use linux bridge with veth pair. The linux bridge is attached to virtualbox as "Bridged adapter". Network interface type configured in vbox is virtio-net. All interfaces are up and configured with promiscous all (both the host and the vbox interfaces)

Current chain of networked virtual devices on host: vb21data1 # the linuxbridge vb21data1-v <-> vb21data1-vp # the veth pair vb21data1-v.500@vb21data1-v # the vlan interface

Chain itself is: vb21data1-v.500@vb21data1-v <-> vb21data1-v <-> vb21data1-vp <-> vb21data1 <-> vbox guest 

ovidiu@tg10:~/cgcs/sources$ brctl show
bridge name	bridge id		STP enabled	interfaces
[...CUT...]
vb21data0		8000.3a127184ec61	no		vb21data0-vp
vb21data1		8000.fe652b531051	no		vb21data1-vp
[...CUT...]

Ip of the host is: 

151: vb21data1-v.500@vb21data1-v: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether de:e8:35:58:b2:0a brd ff:ff:ff:ff:ff:ff
    inet 192.168.201.250/24 scope global vb21data1-v.500
       valid_lft forever preferred_lft forever
    inet6 fe80::dce8:35ff:fe58:b20a/64 scope link 
       valid_lft forever preferred_lft forever

On the guest, on vlan 500 I have 192.168.201.3

Pinging from the guests when running I get: 

vidiu@tg10:~/.ssh$ sudo tcpdump -ne -i vb21data1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vb21data1, link-type EN10MB (Ethernet), capture size 262144 bytes
15:23:38.633456 fa:16:3e:64:dc:1f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 500, p 0, ethertype ARP, Request who-has 192.168.201.250 tell 192.168.201.3, length 28
15:23:38.633504 de:e8:35:58:b2:0a > fa:16:3e:64:dc:1f, ethertype 802.1Q (0x8100), length 46: vlan 500, p 0, ethertype ARP, Reply 192.168.201.250 is-at de:e8:35:58:b2:0a, length 28
15:23:38.633515 fa:16:3e:64:dc:1f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 500, p 0, ethertype ARP, Request who-has 192.168.201.250 tell 192.168.201.3, length 28
15:23:39.633285 fa:16:3e:64:dc:1f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 500, p 0, ethertype ARP, Request who-has 192.168.201.250 tell 192.168.201.3, length 28
15:23:39.633313 de:e8:35:58:b2:0a > fa:16:3e:64:dc:1f, ethertype 802.1Q (0x8100), length 46: vlan 500, p 0, ethertype ARP, Reply 192.168.201.250 is-at de:e8:35:58:b2:0a, length 28
15:23:39.633321 fa:16:3e:64:dc:1f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 500, p 0, ethertype ARP, Request who-has 192.168.201.250 tell 192.168.201.3, length 28
15:23:40.633424 fa:16:3e:64:dc:1f > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 500, p 0, ethertype ARP, Request who-has 192.168.201.250 tell 192.168.201.3, length 28

This is ok but the guest does not receive the responses...

Script for creating the setup on the host (relevant code copy pasted from a larger one): 

# Set variables
ID=21
BR_DATA1="vb${ID}data1"

# Private network
VLAN_PRIVATE=500
BR_PRIVATE=$BR_DATA1
IP_PRIVATE=192.168.201.250/24 # ip2 used for SSH

nets="PRIVATE"

if [ $OPERATION == "create" ]; then
    echo "Creating bridges and interfaces for setup $ID"
    # Create bridges
    sudo brctl addbr $BR_DATA0
    sudo brctl addbr $BR_DATA1

    # Create peers
    for net in $nets; do
        eval bridge=\${BR_$net}
        eval ipaddr=\${IP_$net}
        eval vlan=\${VLAN_$net}
        sudo ip link add ${bridge}-v type veth peer name ${bridge}-vp
        sudo ip link add link ${bridge}-v name ${bridge}-v.${vlan} type vlan id ${vlan}

        sudo ip link set ${bridge}-v promisc on
        sudo ip link set ${bridge}-vp promisc on

        sudo brctl addif ${bridge} ${bridge}-vp
        sleep 1
        sudo ip a a ${ipaddr} dev ${bridge}-v.${vlan}
    done
fi

Thank you, Ovidiu

comment:4 by Sergey I., 7 years ago

5.1.28 still doesn't work

comment:5 by marcel-elements, 5 years ago

Still not fixed in 5.2.26 (Host OSX 10.14.3, guest Linux 4.9.95-gentoo, Intel virtual adapter)

I've tested a simple ping with wireshark running both on the host and the guest. The Mac OS wireshark sees ARP requests twice, followed by one response from the firewall. The guest sees only the outgoing traffic, but not the ARP responses. When setting the mac address manually, the host receives the PING responses but the guest again does not.

I've noticed there are a number of related "obsolete" issues: #5415 #11804

comment:6 by tulipb, 4 years ago

it is not fixed even in 6.1.12 - same behavior on Linux host (no matter which - tried Fedora and Ubuntu) with Win 10 guest. host's vlan interface cannot be bridged into guest. damn.

Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use