Re: Bridges on VLAN-tagged interfaces.

Sat, 16 Mar 2019 13:11:56 -0700 

Thanks, Harry.
I'll hopefully get a chance to try this tomorrow.... I'll let the list know the outcome. 


Eric


P.S. Sorry for the formatting, no idea why that got re-formatted on the 
list.....



On 15/03/19 11:02, Harry Schmalzbauer wrote:

Am 15.03.2019 um 11:21 schrieb Harry Schmalzbauer:

Am 11.03.2019 um 11:48 schrieb Eric Bautsch:
…

|ifconfig bridge create ifconfig bridge1 addm re0.33|

If I now put an IP on that bridge instead of re0.33, it does not ping.


If I do a broadcast ping from another host on that network thus (Solaris 
system issuing the ping):

ping -sn 192.168.33.255


I can see packets arriving if I |tcpdump -i re0.33| and if I |tcpdump -i 
bridge1|
However, on neither interface do I see any pings coming in when I ping it's 
own address (in this case 192.168.33.20).



IP stack processes them without passing it to the interface(s), so that's not 
unusual.




The Solaris system issuing the pings has learned the arp address of the 
bridge though:

Code:


|root@gaspra # arp -an | grep 192.168.33.20 net1 192.168.33.20 
255.255.255.255 02:a7:91:b6:3a:01|


If I |tcpdump -i bridge1|, I do get some packets, but not any echo requests:
Code:


|root@bianca # tcpdump -i bridge1 tcpdump: verbose output suppressed, use -v 
or -vv for full protocol decode listening on bridge1, link-type EN10MB 
(Ethernet), capture size 262144 bytes 11:05:26.081185 ARP, Request who-has 
192.168.33.20 (Broadcast) tell juliet-punchin.swangage.co.uk, length 46 
11:05:26.081197 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui 
Unknown), length 28 11:05:38.201079 IP6 fe80::7285:c2ff:fea6:583c > ff02::2: 
ICMP6, router solicitation, length 16 11:06:04.079441 ARP, Request who-has 
192.168.33.20 (Broadcast) tell juliet-punchin.swangage.co.uk, length 46 
11:06:04.079464 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui 
Unknown), length 28 11:06:17.588644 ARP, Request who-has 192.168.33.20 
(Broadcast) tell gaspra-punchin.swangage.co.uk, length 46 11:06:17.588665 
ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui Unknown), length 28|


If I read it corretcly, all you get are ethernet broadcast frames.
(Hard) Reading next:
…

|root@bianca # ifconfig -a re0: 
flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 
options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE> 
ether 80🇪🇪73:63:5c:48 media: Ethernet autoselect (1000baseT 
<full-duplex,master>) status: active nd6 
options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> lo0: 
flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1 
prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 127.0.0.1 
netmask 0xff000000 groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> 
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 
1500 ether 02:a7:91:b6:3a:00 inet 192.168.140.85 netmask 0xffffff00 
broadcast 192.168.140.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 
fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 
00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: re0 
flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 1 priority 
128 path cost 55 groups: bridge nd6 options=9<PERFORMNUD,IFDISABLED> re0.33: 
flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500 
options=80003<RXCSUM,TXCSUM,LINKSTATE> ether 80🇪🇪73:63:5c:48 inet6 
fe80::82ee:73ff:fe63:5c48%re0.33 prefixlen 64 scopeid 0x4 groups: vlan vlan: 
33 vlanpcp: 0 parent interface: re0 media: Ethernet autoselect (1000baseT 
<full-duplex,master>) status: active nd6 
options=21<PERFORMNUD,AUTO_LINKLOCAL> bridge1: 
flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether 
02:a7:91:b6:3a:01 inet 192.168.33.20 netmask 0xffffff00 broadcast 
192.168.33.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 
00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: re0.33 
flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 4 priority 
128 path cost 20000 groups: bridge nd6 options=9<PERFORMNUD,IFDISABLED> 
root@bianca #|



Here you have a universally administered addresses (UAA) on the parent 
interface re0, which is the same for the vlan clone re0.33, and a locally 
administered addresses (LAA) on if_bridge(4), which was verified to be 
announced.
In order to get through the MAC filter of the ethernet interface, re0.33 must 
be in PROMISC mode.
I remember having seen two different PROMISC interface status – never tracked 
it down.  But issuing 'ifconfig re0.33 promisc' might result in a second 
PROMISC status report on re0.33 and a working setup...



Should have read man page before posting, sorry.  This is supposed to be done 
by ifconfig(8)'s "addm" command.
But like mentioned, I can see PROMISC _two_ times in the interface status line 
of ifconfig(8), after putting the interface manually in permanent promisc mode 
(stable/12).



Don't know how the filter of the parent interface is involved in the vlan 
clone and I have no idea if "addm" respects it, in case it is involved.
Before code inspection, I'd try and put the parent re0 manually into permanent 
promisc mode and see if you can see unicast frames afterwards.


-Harry



--

 
      ____

     /          .                           Eric A. Bautsch
    /--   __       ___                ______________________________________
   /     /    /   /                  /
  (_____/____(___(__________________/       email: eric.baut...@pobox.com

_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"






















					Reply via email to