Incoming VLAN traffic fails to reach VLAN interface if PCP != 0 (ESXi)


  • Hello everybody,

    I have a very simple problem: on my (virtual) setup incoming VLAN traffic fails to reach the related VLAN interface if PCP is set to anything else than the default value (0).
    It stops at the parent interface.

    The test setup is:
    pfSense1 (opt1/VLAN1) –- vSwitch (dedicated, trunk ports) --- pfSense2 (opt1/VLAN1)
    Host: ESXi 5.5 on a Dell Powerdge 2900 II (integrated BMC5708 NICs)
    NICs: E1000 virtual adapters (but same problem with VMXNET3)
    pfSense: 2.1.3 (but same problem with current 2.2-alpha)

    pfSense1 interface:

    em2_vlan1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=3 <rxcsum,txcsum>ether 00:0c:29:1d:ab:59
            inet6 fe80::20c:29ff:fe1d:ab59%em2_vlan1 prefixlen 64 scopeid 0x8
            inet 10.1.1.1 netmask 0xffffff00 broadcast 10.1.1.255
            nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
            status: active
            vlan: 1 vlanpcp: 0 parent interface: em2</full-duplex></performnud,auto_linklocal></rxcsum,txcsum></up,broadcast,running,simplex,multicast> 
    

    pfSense2 interface:

    em2_vlan1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=3 <rxcsum,txcsum>ether 00:0c:29:f9:fd:18
            inet6 fe80::20c:29ff:fef9:fd18%em2_vlan1 prefixlen 64 scopeid 0x8
            inet 10.1.1.2 netmask 0xffffff00 broadcast 10.1.1.255
            nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
            status: active
            vlan: 1 vlanpcp: 0 parent interface: em2</full-duplex></performnud,auto_linklocal></rxcsum,txcsum></up,broadcast,running,simplex,multicast> 
    

    If PCP is set to 0 on both, there is no problem (traffic goes through and machines can ping each other).
    If one or both have their PCP not set to 0 (even if it's identical on both sides) the problem appears.

    I don't understand how it could be a configuration problem, and yet if it's a bug it seems simple enough it would be surprising for it to have slipped through.
    Although I agree that the setup (ESXi + VLAN PCP) may be a bit uncommon.

    Any suggestion or idea is welcome.
    Also it may be similar to Issue #2613 (resolved): https://redmine.pfsense.org/issues/2613.


  • Well I guess I'll create a bug report.
    It would be interesting to see if anybody running ESXi can reproduce the problem tho.

  • Banned

    I dont get your setup…. Why 2 pfsense on the same interface and why do they broadcast on the same IP address??


  • This is just quick test setup I put together with minimal configuration, to reproduce the problem in the simplest way.
    The actual setup is an usual single WAN pfSense box.