Virtualized VLAN priority stripped
-
Hi !
I have an issue with VLAN priorities through a virtualized pfSense appliance.For my ISP to allow me to get an IP address on WAN I need to set a priority on DHCP requests which are within a VLAN. Problem, when I set this priority I can see the right Priority in Packet Capture of pfSense (If I capture the parent interface, not the WAN directly) but if I mirror packets on my manageable switch and inspect traffic over wireshark, the priority is 0.
I use vmxnet adapters in VMWare over a trunk interface (4095 VLAN set) but is there anything special to know on a virtualized pfSense ? Like some hazardous hardware offloading or vmWare stripping priorities somehow ? I also don't have vmware package installed, because I am unable to connect to internet.
I tried :
- Setting the priority on DHCP packets in WAN configuration : Packet Capture OK, switch KO.
- Setting priority directly on intercace : Packet Capture OK, swicth KO.
-
Does it actually strip the tags completely or is it somehow just changing the priority to 0?
Are you able to test it on real hardware?
Can you setup a NIC as pass-though to the pfSense VM?
Steve
-
The VLAN tag is present, I have the right VLAN but from priority 6 (In Packet Capture in pfSense) the priority becomes 0 in wireshark on mirrored port.
I would say that on real hardware this would work, because I can see a priority 6 in packet capture. The problem as far as I've tested would come between pfSense and the switch (So any driver of ESXi or Networking inside ESXi ...)I tried to pass-through a NIC into pfSense but the only one I have is a Realtek one, and the relationship between Realtek and FreeBSD is kinda complicated. But I can try for testing purposes.
-
Yeah, I would certainly try that. At the vert least it will confirm where the issue it. It may work just fine.
Steve
-
Can open-vm-tools modify the vmx drivers and solve such problems ? Or difference between vmx and e1000 drivers be the answer to my issue ?
-
I'm not aware of anything that would do that in a driver or the tools. It seems like it would have to be something in ESXi.
I would try an e1000 NIC there if you have not already though.Steve
-
@stephenw10
Just to come back with a working solution.
On the 4port intel card I've passthrough one NIC, problem solved immediately. So this is as far as i've seen a ESXi issue, either vmx driver nor vswitch stuff.