libre #smartos

17 Oct 2023

SmartOS -- A Modern, Open Source, Datacenter Operating System | smartos.org | github.com/TritonDataCenter/smartos-live | github.com/TritonDataCenter/triton | Security -- TritonDataCenter.com/security-issues | Channel logs - log.omnios.org/smartos

• 10:31
  xmerlin
  In recent months, I have seen changes to add promisc support to viona (for example illumos#14716). Has the issue with supporting mechanisms like CARP or VRRP been resolved after the adoption of viona?
• 10:31
  jinni
  illumos.org/issues/14716
• 13:43
  sjorge
  xmerlin: for me they have not
• 13:43
  sjorge
  the VM still sees traffic for all vlans in the nic the vnic is on
• 13:44
  sjorge
  so having 2 vnic's in different vlans on the same underlaying nic resulted in weird duplicate traffic according to the vm's OS
• 13:45
  sjorge
  because it saw the same traffic for both carp vips on both vnics
• 13:48
  xmerlin
  :(
• 13:50
  xmerlin
  it's not a secondary feature, this bug prevent every firewall / vm in HA
• 14:18
  sjorge
  I think Patrick or Andy at some point explained it that this is because when entering promisc on the viona nic, it puts the underlying nic into promisc mode and forwards all traffic it sees to the vnic
• 14:19
  sjorge
  I think on stuff like vmware it works differently because the VM only sees the traffic for the vlan of the vmxnet adaptor
• 14:19
  sjorge
  I got closeish by adding the CARP mac as a secondary-mac to the vnic, but it still had issues because CARP puts the NIC in the VM in promisc mode so that didn't help
• 17:05
  sjorge
  i also think there were some issues with zones on the same host that was backup
• 20:26
  xmerlin
  sjorge, putting two instances on two hosts is acceptable ...some times ago I've tested also vrrp in zones as described in the wiki but it doesn't work as expected ...so it looks like a regression