Hi Uwe, Nice to meet you. Please allow me for one more week to come back to you as im on working absence, recovering from illness and did not address this stuff for long. Thanks for catching this either!
BR Peter -----Original Message----- From: Uwe Kleine-König <uklei...@debian.org> Sent: Wednesday, November 6, 2024 9:53 PM To: GASPAROVIC Peter OBS/MKT <peter.gasparo...@orange.com>; 1054...@bugs.debian.org Cc: 'Daniel Gröber' <d...@darkboxed.org> Subject: Re: Bug#1054642: Failing ARP relay from external -> Linux bridge -> veth port --> NS veth port Hello Peter, On Wed, Jan 03, 2024 at 10:21:21PM +0000, peter.gasparo...@orange.com wrote: > Hi Daniel, > hope you are good, had peaceful Christmas time, entering yet better NY 2024 > hope so... sorry for overlooking this, even wanted to respond early December, > then got delayed again.. Now I do so as its still interesting to me! > > 1) yes, my sole quick method was "ip nei" command to confirm the ARP > passthrough > 2) no firewall at all, plain Debian installation > 3) you will not believe --> but before Xmas and now, it all works and MAC is > passed e2e. That's so pitty. Only change I made was my underlay change of > vSwitch uplink to another port... because I re-considered my overall lab > setup, yet it hardly could improve this as the external MAC made it to > external (VLAN) iface of the bridge, before/. Anyhow, possibly I understand > the "bridge fbd" only shows learned MACs on given interface (my VLAN199) and > is not supposed to attribute it to all others all way up to NS, like I > attempted to guess.. > > Finally, either this of MACVLAN setup (where I found this), I have new > finding which I don’t like as it creates a hell of duplicate traffic into > network. The problem is, that either VETH or MACVLAN-configured IP host's VM > duplicates incoming packets on its receiving port, connected to vSphere > vSwitch, which in turn just dully floods it to uplinks, where my Wireshark > sniffer sees it. This is how I discovered that. > I prepared this diagram for you to see and tell. > https://docs.google.com/document/d/1mNkZswDSG_OjLnsgXJvIX2tUGSEebcZf72 > 0eS29eFCA/edit?usp=sharing I have problems understanding your mail. Under 3) you write "it all works" but then there are still some issues about duplicate traffic (which isn't the original problem?). Can you please clearify if there is still something to do/fix? Best regards Uwe ____________________________________________________________________________________________________________ Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration, Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci. This message and its attachments may contain confidential or privileged information that may be protected by law; they should not be distributed, used or copied without authorisation. If you have received this email in error, please notify the sender and delete this message and its attachments. As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified. Thank you.
