I've setup a pfsense guest on KVM and and trying to pass tagged and untagged traffics to the VM for obvious reasons. My setup looks like this –>
The KVM has 2 NICs(both virtio type):
- 1st(for untagged and tagged traffics): macvtap(vepa) linked to enp1s0f0.
- 2nd(for untagged data only): macvtap(passthrough) linked to enp1s0f3.
- Wire1(untagged 10 + tagged vlan 28) ==> enp1s0f0 of the host.
- Wire2(untagged) ==> enp1s0f3 of the host.
VM has 2 static IP configured 10.10.10.1 and 10.10.28.1 and DHCP on 2nd NIC.
Now, the problem is : all the traffic over untagged vlan is going through in and out without problem, but tagged traffic is completely lost somewhere.
i.e. ping between 10.10.10.1 and other host on same vlan works easy but 10.10.28.1 is not reachable at all.
Now I tried Wireshark promiscuous mode on enp1s0f0 and when Wireshark is running, tagged data passing through. Finally found, promiscuous mode makes the difference to pass tagged data, but that cant be a permanent solution.
I read lots of wikis and blogs, none has clear setup config for similar requirements. I'm not sure where I'm going wrong with the setup?
Best Answer
Well, after couple of tries, I'm able to figure out an workaround. I followed the bridge way and that finally worked. I'm in a kind of impression, this is way better that leaving a port promiscuous, since that'll increase CPU overhead.
In case someone followed through here, leaving the quick guide to setup the bridge: Create a bridge --> add the eth port to the bridge --> add Manual IP to the bridge --> set the bridge interface as KVM nic.
I'll still look for macvtap way. If anyone have any insight, thank you for sharing..