Bridges on VLAN-tagged interfaces.

Harry Schmalzbauer freebsd at omnilan.de
Fri Mar 15 10:22:08 UTC 2019 

Am 11.03.2019 um 11:48 schrieb Eric Bautsch:
…
> |ifconfig bridge create ifconfig bridge1 addm re0.33|
>
> If I now put an IP on that bridge instead of re0.33, it does not ping.
>
> If I do a broadcast ping from another host on that network thus 
> (Solaris system issuing the ping):
> ping -sn 192.168.33.255
>
> I can see packets arriving if I |tcpdump -i re0.33| and if I |tcpdump 
> -i bridge1|
> However, on neither interface do I see any pings coming in when I ping 
> it's own address (in this case 192.168.33.20).

IP stack processes them without passing it to the interface(s), so 
that's not unusual.


> The Solaris system issuing the pings has learned the arp address of 
> the bridge though:
> Code:
>
> |root at gaspra # arp -an | grep 192.168.33.20 net1 192.168.33.20 
> 255.255.255.255 02:a7:91:b6:3a:01|
>
> If I |tcpdump -i bridge1|, I do get some packets, but not any echo 
> requests:
> Code:
>
> |root at bianca # tcpdump -i bridge1 tcpdump: verbose output suppressed, 
> use -v or -vv for full protocol decode listening on bridge1, link-type 
> EN10MB (Ethernet), capture size 262144 bytes 11:05:26.081185 ARP, 
> Request who-has 192.168.33.20 (Broadcast) tell 
> juliet-punchin.swangage.co.uk, length 46 11:05:26.081197 ARP, Reply 
> 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui Unknown), length 28 
> 11:05:38.201079 IP6 fe80::7285:c2ff:fea6:583c > ff02::2: ICMP6, router 
> solicitation, length 16 11:06:04.079441 ARP, Request who-has 
> 192.168.33.20 (Broadcast) tell juliet-punchin.swangage.co.uk, length 
> 46 11:06:04.079464 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 
> (oui Unknown), length 28 11:06:17.588644 ARP, Request who-has 
> 192.168.33.20 (Broadcast) tell gaspra-punchin.swangage.co.uk, length 
> 46 11:06:17.588665 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 
> (oui Unknown), length 28|

If I read it corretcly, all you get are ethernet broadcast frames.
(Hard) Reading next:
…
> |root at bianca # ifconfig -a re0: 
> flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 
> mtu 1500 
> options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE> 
> ether 80🇪🇪73:63:5c:48 media: Ethernet autoselect (1000baseT 
> <full-duplex,master>) status: active nd6 
> options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> lo0: 
> flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 
> options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 
> ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 
> 127.0.0.1 netmask 0xff000000 groups: lo nd6 
> options=21<PERFORMNUD,AUTO_LINKLOCAL> bridge0: 
> flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 
> ether 02:a7:91:b6:3a:00 inet 192.168.140.85 netmask 0xffffff00 
> broadcast 192.168.140.255 id 00:00:00:00:00:00 priority 32768 
> hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 
> timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 
> member: re0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 
> port 1 priority 128 path cost 55 groups: bridge nd6 
> options=9<PERFORMNUD,IFDISABLED> re0.33: 
> flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 
> mtu 1500 options=80003<RXCSUM,TXCSUM,LINKSTATE> ether 
> 80🇪🇪73:63:5c:48 inet6 fe80::82ee:73ff:fe63:5c48%re0.33 prefixlen 64 
> scopeid 0x4 groups: vlan vlan: 33 vlanpcp: 0 parent interface: re0 
> media: Ethernet autoselect (1000baseT <full-duplex,master>) status: 
> active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> bridge1: 
> flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 
> ether 02:a7:91:b6:3a:01 inet 192.168.33.20 netmask 0xffffff00 
> broadcast 192.168.33.255 id 00:00:00:00:00:00 priority 32768 hellotime 
> 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 
> root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: 
> re0.33 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 
> 4 priority 128 path cost 20000 groups: bridge nd6 
> options=9<PERFORMNUD,IFDISABLED> root at bianca #|

Here you have a universally administered addresses (UAA) on the parent 
interface re0, which is the same for the vlan clone re0.33, and a 
locally administered addresses (LAA) on if_bridge(4), which was verified 
to be announced.
In order to get through the MAC filter of the ethernet interface, re0.33 
must be in PROMISC mode.
I remember having seen two different PROMISC interface status – never 
tracked it down.  But issuing 'ifconfig re0.33 promisc' might result in 
a second PROMISC status report on re0.33 and a working setup...
If so, one has to discover the mystery of the 1st PROMISC status report, 
and file a bug reports probably.

Best,

-harry

More information about the freebsd-net mailing list