kern/156408: [vlan] Routing failure when using VLANs vs. Physical ethernet interfaces.

Thomas Johnson tom at claimlynx.com
Wed Apr 20 16:00:22 UTC 2011 

The following reply was made to PR kern/156408; it has been noted by GNATS.

From: Thomas Johnson <tom at claimlynx.com>
To: bug-followup at FreeBSD.org, tom at claimlynx.com
Cc:  
Subject: re: kern/156408: [vlan] Routing failure when using VLANs vs. Physical
 ethernet interfaces.
Date: Wed, 20 Apr 2011 10:21:27 -0500

 --20cf307d01eeabd00704a15b2dba
 Content-Type: text/plain; charset=ISO-8859-1
 
 After further investigation, I have learned some new information that may or
 may not be useful.
 
 Although I am able to connect from a host on the office lan over the bridge
 to hosts on the data center lan, the firewall itself is unable to connect to
 these same hosts. This can be corrected by adding host static routes to the
 firewall in the same manner as I described in my initial PR. This behavior
 appears to be a result of the 172.31.0.0/16 route pointing at the vlan500
 interface, as I see ARP requests for dc hosts leave the firewall on the
 local lan (vlan500).
 
 By comparison, my existing/old firewall has a matching route for
 172.31.0.0/16 pointing at the local lan (in that case, the lan is a physical
 adapter, not a vlan). Connections from the firewall to hosts at the dc lan
 work correctly, and I see ARP requests on both the lan interface and the vpn
 tap interface.
 
 -- 
 Thomas Johnson
 ClaimLynx, Inc.
 
 --20cf307d01eeabd00704a15b2dba
 Content-Type: text/html; charset=ISO-8859-1
 Content-Transfer-Encoding: quoted-printable
 
 After further investigation, I have learned some new information that may o=
 r may not be useful.<br><br>Although I am able to connect from a host on th=
 e office lan over the bridge to hosts on the data center lan, the firewall =
 itself is unable to connect to these same hosts. This can be corrected by a=
 dding host static routes to the firewall in the same manner as I described =
 in my initial PR. This behavior appears to be a result of the <a href=3D"ht=
 tp://172.31.0.0/16" target=3D"_blank">172.31.0.0/16</a> route pointing at t=
 he vlan500 interface, as I see ARP requests for dc hosts leave the firewall=
  on the local lan (vlan500).<br>
 
 <br>By comparison, my existing/old firewall has a matching route for <a hre=
 f=3D"http://172.31.0.0/16">172.31.0.0/16</a> pointing at the local lan (in =
 that case, the lan is a physical adapter, not a vlan). Connections from the=
  firewall to hosts at the dc lan work correctly, and I see ARP requests on =
 both the lan interface and the vpn tap interface.<br clear=3D"all">
 <br>-- <br>Thomas Johnson<br>ClaimLynx, Inc.<br>
 
 --20cf307d01eeabd00704a15b2dba--

More information about the freebsd-net mailing list