Bridges on VLAN-tagged interfaces.

Eric Bautsch eric.bautsch at pobox.com
Sat Mar 16 20:10:25 UTC 2019 

Thanks, Harry.

I'll hopefully get a chance to try this tomorrow.... I'll let the list know the 
outcome.


Eric


P.S. Sorry for the formatting, no idea why that got re-formatted on the list.....



On 15/03/19 11:02, Harry Schmalzbauer wrote:
> Am 15.03.2019 um 11:21 schrieb Harry Schmalzbauer:
>> Am 11.03.2019 um 11:48 schrieb Eric Bautsch:
>>>>> |ifconfig bridge create ifconfig bridge1 addm re0.33|
>>>
>>> If I now put an IP on that bridge instead of re0.33, it does not ping.
>>>
>>> If I do a broadcast ping from another host on that network thus (Solaris 
>>> system issuing the ping):
>>> ping -sn 192.168.33.255
>>>
>>> I can see packets arriving if I |tcpdump -i re0.33| and if I |tcpdump -i 
>>> bridge1|
>>> However, on neither interface do I see any pings coming in when I ping it's 
>>> own address (in this case 192.168.33.20).
>>
>> IP stack processes them without passing it to the interface(s), so that's not 
>> unusual.
>>
>>
>>> The Solaris system issuing the pings has learned the arp address of the 
>>> bridge though:
>>> Code:
>>>
>>> |root at gaspra # arp -an | grep 192.168.33.20 net1 192.168.33.20 
>>> 255.255.255.255 02:a7:91:b6:3a:01|
>>>
>>> If I |tcpdump -i bridge1|, I do get some packets, but not any echo requests:
>>> Code:
>>>
>>> |root at bianca # tcpdump -i bridge1 tcpdump: verbose output suppressed, use -v 
>>> or -vv for full protocol decode listening on bridge1, link-type EN10MB 
>>> (Ethernet), capture size 262144 bytes 11:05:26.081185 ARP, Request who-has 
>>> 192.168.33.20 (Broadcast) tell juliet-punchin.swangage.co.uk, length 46 
>>> 11:05:26.081197 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui 
>>> Unknown), length 28 11:05:38.201079 IP6 fe80::7285:c2ff:fea6:583c > ff02::2: 
>>> ICMP6, router solicitation, length 16 11:06:04.079441 ARP, Request who-has 
>>> 192.168.33.20 (Broadcast) tell juliet-punchin.swangage.co.uk, length 46 
>>> 11:06:04.079464 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui 
>>> Unknown), length 28 11:06:17.588644 ARP, Request who-has 192.168.33.20 
>>> (Broadcast) tell gaspra-punchin.swangage.co.uk, length 46 11:06:17.588665 
>>> ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui Unknown), length 28|
>>
>> If I read it corretcly, all you get are ethernet broadcast frames.
>> (Hard) Reading next:
>>>>> |root at bianca # ifconfig -a re0: 
>>> flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 
>>> options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE> 
>>> ether 80🇪🇪73:63:5c:48 media: Ethernet autoselect (1000baseT 
>>> <full-duplex,master>) status: active nd6 
>>> options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> lo0: 
>>> flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 
>>> options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 
>>> prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 127.0.0.1 
>>> netmask 0xff000000 groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> 
>>> bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 
>>> 1500 ether 02:a7:91:b6:3a:00 inet 192.168.140.85 netmask 0xffffff00 
>>> broadcast 192.168.140.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 
>>> fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 
>>> 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: re0 
>>> flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 1 priority 
>>> 128 path cost 55 groups: bridge nd6 options=9<PERFORMNUD,IFDISABLED> re0.33: 
>>> flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 
>>> options=80003<RXCSUM,TXCSUM,LINKSTATE> ether 80🇪🇪73:63:5c:48 inet6 
>>> fe80::82ee:73ff:fe63:5c48%re0.33 prefixlen 64 scopeid 0x4 groups: vlan vlan: 
>>> 33 vlanpcp: 0 parent interface: re0 media: Ethernet autoselect (1000baseT 
>>> <full-duplex,master>) status: active nd6 
>>> options=21<PERFORMNUD,AUTO_LINKLOCAL> bridge1: 
>>> flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether 
>>> 02:a7:91:b6:3a:01 inet 192.168.33.20 netmask 0xffffff00 broadcast 
>>> 192.168.33.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 
>>> maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 
>>> 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: re0.33 
>>> flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 4 priority 
>>> 128 path cost 20000 groups: bridge nd6 options=9<PERFORMNUD,IFDISABLED> 
>>> root at bianca #|
>>
>> Here you have a universally administered addresses (UAA) on the parent 
>> interface re0, which is the same for the vlan clone re0.33, and a locally 
>> administered addresses (LAA) on if_bridge(4), which was verified to be 
>> announced.
>> In order to get through the MAC filter of the ethernet interface, re0.33 must 
>> be in PROMISC mode.
>> I remember having seen two different PROMISC interface status – never tracked 
>> it down.  But issuing 'ifconfig re0.33 promisc' might result in a second 
>> PROMISC status report on re0.33 and a working setup...
>
> Should have read man page before posting, sorry.  This is supposed to be done 
> by ifconfig(8)'s "addm" command.
> But like mentioned, I can see PROMISC _two_ times in the interface status line 
> of ifconfig(8), after putting the interface manually in permanent promisc mode 
> (stable/12).
>
> Don't know how the filter of the parent interface is involved in the vlan 
> clone and I have no idea if "addm" respects it, in case it is involved.
> Before code inspection, I'd try and put the parent re0 manually into permanent 
> promisc mode and see if you can see unicast frames afterwards.
>
> -Harry
>
>
-- 
  
       ____
      /          .                           Eric A. Bautsch
     /--   __       ___                ______________________________________
    /     /    /   /                  /
   (_____/____(___(__________________/       email: eric.bautsch at pobox.com

More information about the freebsd-net mailing list