QinQ not working

ChrisCCC

Hi all.

I'm trying to configure QinQ on one of my routers. I can add the QinQ and the child VLANs, no problem. These appear within the interface assignment page as "VLAN 2000" and "QinQ 100" respectively.

The issue arises when I then assign to either of these interfaces. As soon as I change the interface assignment, I receive a warning about one of the virtual IPs assigned to that interface, telling me the interface doesn't exist. I can also see that the main IP for the interface hasn't been configured and, when looking in status -> Interfaces, I can see that the interface status is showing as down.

I've had a look into this and believe I may have found the cause of the problem. I think that internally pfSense is using the wrong interface name to configure the interface. If I take a look at ifconfig, the interfaces in question appear as:

lagg0_2000: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=3 <rxcsum,txcsum>ether 00:03:2d:28:05:e9
inet6 fe80::203:2dff:fe28:5e9%lagg0_2000 prefixlen 64 scopeid 0x2c
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
status: active
vlan: 2000 vlanpcp: 0 parent interface: lagg0
lagg0_2000_100: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=28 <vlan_mtu,jumbo_mtu>ether 00:03:2d:28:05:e9
inet6 fe80::203:2dff:fe28:5e9%lagg0_2000_100 prefixlen 64 scopeid 0x2d
nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
status: active</full-duplex></performnud,auto_linklocal></vlan_mtu,jumbo_mtu></up,broadcast,running,simplex,multicast></performnud,auto_linklocal></rxcsum,txcsum></up,broadcast,running,simplex,multicast>

If I then take a look in the system log I see entries such as

Apr 20 15:48:01  php-fpm  81591  /interfaces_assign.php: The command '/usr/sbin/arp -d -i 'vlan2000_100' -a > /dev/null 2>&1 ' returned exit code '1', the output was '' 
Apr 20 15:48:01  php-fpm  81591  /interfaces_assign.php: The command '/sbin/ifconfig 'vlan2000_100' -staticarp ' returned exit code '1', the output was 'ifconfig: interface vlan2000_100 does not exist'

As you can see, the correct interface name is "lagg0_2000_100", however pfSense appears to be addressing it as  "vlan2000_100". Is this a known issue, or have I misinterpreted something here?

I was originally running 2.1.5 and have now upgraded to 2.3, the issue persists across both versions. Also worth noting, is that the lagg doesn't affect this behaviour, it's the same if I configure the QinQ straight on a physical interface.

Thanks.

ChrisCCC

To follow up on this. I’ve managed to modify the entry in the config file to read the correct interface name (lagg0_2000_100). After restoring the config, and after a subsequent reboot, the interface works.

Unfortunately, pfSense doesn’t see this as a valid interface in the assignments tab, so any changes to interface assignments result in the interface failing again.

Any ideas?

ChrisCCC

I've managed to resolve this by editing assign_interfaces.php.

By changing the following section

/* add QinQ interfaces /
if (is_array($config['qinqs']['qinqentry']) && count($config['qinqs']['qinqentry'])) {
foreach ($config['qinqs']['qinqentry'] as $qinq) {
$portlist["vlan{$qinq['tag']}"]['descr'] = "VLAN {$qinq['tag']}";
$portlist["vlan{$qinq['tag']}"]['isqinq'] = true;
/ QinQ members */
$qinqifs = explode(' ', $qinq['members']);
foreach ($qinqifs as $qinqif) {
$portlist["vlan{$qinq['tag']}{$qinqif}"]['descr'] = "QinQ {$qinqif}";
$portlist["vlan{$qinq['tag']}{$qinqif}"]['isqinq'] = true;
}
}
}

to

/* add QinQ interfaces /
if (is_array($config['qinqs']['qinqentry']) && count($config['qinqs']['qinqentry'])) {
foreach ($config['qinqs']['qinqentry'] as $qinq) {
$portlist["{$qinq['vlanif']}"]['descr'] = "VLAN {$qinq['tag']}";
$portlist["{$qinq['vlanif']}"]['isqinq'] = true;
/ QinQ members */
$qinqifs = explode(' ', $qinq['members']);
foreach ($qinqifs as $qinqif) {
$portlist["{$qinq['vlanif']}{$qinqif}"]['descr'] = "QinQ {$qinqif}";
$portlist["{$qinq['vlanif']}{$qinqif}"]['isqinq'] = true;
}
}
}

interface assignments now work as expected. Is this the best solution to my problem and is it likely to be supportable in the long term?

Thanks.

David_W

You should open an issue on pfSense Base redmine (click to link), referencing this thread.

ChrisCCC

I've changed this further to correct the interface descriptions. Currently you don't see the parent interface of the VLAN or QinQ so if you're using the same VLAN tag on multiple interfaces, it's difficult to differentiate.

With the changes below, the description of the interfaces will now be "VLAN XXX on %parentinterface%" for the top level VLAN and "QinQ XXX on VLAN XXX on %parentinterface" for the QinQ VLAN.

/* add QinQ interfaces /
if (is_array($config['qinqs']['qinqentry']) && count($config['qinqs']['qinqentry'])) {
foreach ($config['qinqs']['qinqentry'] as $qinq) {
$portlist["{$qinq['vlanif']}"]['descr'] = "VLAN {$qinq['tag']} on {$qinq['if']}";
$portlist["{$qinq['vlanif']}"]['isqinq'] = true;
/ QinQ members */
$qinqifs = explode(' ', $qinq['members']);
foreach ($qinqifs as $qinqif) {
$portlist["{$qinq['vlanif']}{$qinqif}"]['descr'] = "QinQ {$qinqif} on VLAN {$qinq['tag']} on {$qinq['if']}";
$portlist["{$qinq['vlanif']}{$qinqif}"]['isqinq'] = true;
}
}
}

stephenw10

Please add any comments or (better  :)) pull requests to this open bug report: https://redmine.pfsense.org/issues/4669
This does appear to be broken.

Steve

ChrisCCC

Unfortunately, this is still not working. Whilst superficially, everything appears OK, traffic over the QinQ interface doesn’t go anywhere (Using the parent VLAN works no problem). I’ve taken another look at ifconfig and have noticed a difference between the parent VLAN and the QinQ VLAN.

lagg0_2001: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=3 <rxcsum,txcsum>ether 00:03:2d:28:05:e9
        inet6 fe80::203:2dff:fe28:5e9%lagg0_2001 prefixlen 64 scopeid 0x2f
        nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect
        status: active
        vlan: 2001 vlanpcp: 0 parent interface: lagg0
lagg0_2001_100: flags=8943 <up,broadcast,running,promisc,simplex,multicast>metric 0 mtu 1500
        options=28 <vlan_mtu,jumbo_mtu>ether 00:03:2d:28:05:e9
        inet6 fe80::203:2dff:fe28:5e9%lagg0_2001_100 prefixlen 64 scopeid 0x30
        inet 192.168.161.49 netmask 0xfffffff8 broadcast 192.168.161.55
        inet 192.168.161.51 netmask 0xfffffff8 broadcast 192.168.161.55 vhid 1
        nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        carp: MASTER vhid 1 advbase 1 advskew 0</full-duplex></performnud,auto_linklocal></vlan_mtu,jumbo_mtu></up,broadcast,running,promisc,simplex,multicast></performnud,auto_linklocal></rxcsum,txcsum></up,broadcast,running,simplex,multicast>

Notice that lagg0_2001 has the line:

vlan: 2001 vlanpcp: 0 parent interface: lagg0

From this, I would assume that lagg0_2001_100 should have a line similar to:

vlan: 100 vlanpcp: 0 parent interface: lagg0_2001

Unfortunately I don’t have a great understanding of the internals of networking in BSD. This is also fairly mission critical for the current project I’m working on so any ideas would be greatly appreciated.

ChrisCCC

This issue was resolved by making the changes in /etc/inc/interfaces.inc posted by stephenw10 here https://github.com/stephenw10/pfsense/commit/c821a915b1228ed734a6439d816d4ab04590e8cb

After a reboot, traffic is now passing correctly across the QinQ VLAN.