Hello,
I have to build a bridge between two offices (on both sides it is used
the same network range 192.168.1.0/24). Firstly I've build a tunnel (I
am using ipsec between external IPs x.x.x.x and y.y.y.y), after that the
bridge is brought up.
# Office 1 (OpenBSD 4.0 stable + RAID)
ifconfig gif0 create up
ifconfig gif0 tunnel x.x.x.x y.y.y.y up
ifconfig bridge0 create
brconfig bridge0 link2 add gif0 add em1 up
# Office 2 (OpenBSD 3.9-current Tue Mar 28 12:19:43 EST 2006)
ifconfig gif0 create up
ifconfig gif0 tunnel y.y.y.y x.x.x.x up
ifconfig bridge0 create
brconfig bridge0 link2 add gif0 add sis1 up
Ping at office1 from 192.168.1.10 to office2 192.168.1.224 results in:
[office1]# tcpdump -i bridge0
tcpdump: WARNING: bridge0: no IPv4 address assigned
tcpdump: listening on bridge0, link-type EN10MB
01:19:40.438748 arp who-has 192.168.1.224 tell 192.168.1.10
01:19:41.272234 192.168.1.71.1001 > 192.168.1.106.1038: P
236330675:236330930(255) ack 4095749983 win 1024 (DF)
01:19:41.448759 arp who-has 192.168.1.224 tell 192.168.1.10
01:19:42.458768 arp who-has 192.168.1.224 tell 192.168.1.10
01:19:43.468651 arp who-has 192.168.1.224 tell 192.168.1.10
01:19:44.272149 192.168.1.71.1001 > 192.168.1.106.1038: P 0:255(255) ack
1 win 1024 (DF)
01:19:44.420315 0:c0:2:b8:10:89 Broadcast 8137 60:
ffff 0022 0004 0000 0000 ffff ffff ffff
0452 0000 0000 00c0 02b8 1089 4013 0003
0004 2500 0000 0000 0000 0000 0000
01:19:44.421681 0:c0:2:b8:10:89 Broadcast 8137 60:
ffff 0022 0004 0000 0000 ffff ffff ffff
0452 0000 0000 00c0 02b8 1089 4013 0001
0004 4646 4343 4143 4143 4143 4143
01:19:44.423181 0:c0:2:b8:10:89 Broadcast 8137 60:
ffff 0022 0004 0000 0000 ffff ffff ffff
0452 0000 0000 00c0 02b8 1089 4013 0001
0278 4143 4143 4143 4143 4143 4143
01:19:44.424554 0:c0:2:b8:10:89 > Broadcast sap e0 ui/C len=43
01:19:44.426053 0:c0:2:b8:10:89 > Broadcast sap e0 ui/C len=43
01:19:44.427550 0:c0:2:b8:10:89 > Broadcast sap e0 ui/C len=43
01:19:44.428921 0.00:c0:02:b8:10:89.4013 >
0.ff:ff:ff:ff:ff:ff.452:ipx-sap-nearest-req 4 'ACACACACACAB'
01:19:44.430423 0.00:c0:02:b8:10:89.4013 >
0.ff:ff:ff:ff:ff:ff.452:ipx-sap-req 4 'ACACACACACAC'
01:19:44.431799 0.00:c0:02:b8:10:89.4013 >
0.ff:ff:ff:ff:ff:ff.452:ipx-sap-req 278 '%'
01:19:44.433295 0:c0:2:b8:10:89 > Broadcast sap aa ui/C len=35
01:19:44.434793 0:c0:2:b8:10:89 > Broadcast sap aa ui/C len=35
01:19:44.436295 0:c0:2:b8:10:89 > Broadcast sap aa ui/C len=35
01:19:44.478657 arp who-has 192.168.1.224 tell 192.168.1.10
[office2]# tcpdump -i bridge0
tcpdump: WARNING: bridge0: no IPv4 address assigned
tcpdump: listening on bridge0, link-type EN10MB
01:19:39.978778 arp who-has 192.168.1.224 tell 192.168.1.10
01:19:39.979173 arp reply 192.168.1.224 is-at 0:90:f5:3a:60:5d
01:19:40.812774 192.168.1.71.1001 > 192.168.1.106.1038: P
236330675:236330930(255) ack 4095749983 win 1024 (DF)
01:19:40.988375 arp who-has 192.168.1.224 tell 192.168.1.10
01:19:40.988779 arp reply 192.168.1.224 is-at 0:90:f5:3a:60:5d
01:19:41.998454 arp who-has 192.168.1.224 tell 192.168.1.10
01:19:41.998851 arp reply 192.168.1.224 is-at 0:90:f5:3a:60:5d
01:19:43.008207 arp who-has 192.168.1.224 tell 192.168.1.10
01:19:43.008598 arp reply 192.168.1.224 is-at 0:90:f5:3a:60:5d
01:19:43.813431 192.168.1.71.1001 > 192.168.1.106.1038: P 0:255(255) ack
1 win 1024 (DF)
01:19:43.960733 0:c0:2:b8:10:89 Broadcast 8137 60:
ffff 0022 0004 0000 0000 ffff ffff ffff
0452 0000 0000 00c0 02b8 1089 4013 0003
0004 2500 0000 0000 0000 0000 0000
01:19:43.966483 0:c0:2:b8:10:89 Broadcast 8137 60:
ffff 0022 0004 0000 0000 ffff ffff ffff
0452 0000 0000 00c0 02b8 1089 4013 0001
0004 4646 4343 4143 4143 4143 4143
01:19:43.971356 0:c0:2:b8:10:89 Broadcast 8137 60:
ffff 0022 0004 0000 0000 ffff ffff ffff
0452 0000 0000 00c0 02b8 1089 4013 0001
0278 4143 4143 4143 4143 4143 4143
01:19:43.975948 0:c0:2:b8:10:89 > Broadcast sap e0 ui/C len=43
01:19:43.979014 0:c0:2:b8:10:89 > Broadcast sap e0 ui/C len=43
01:19:43.982276 0:c0:2:b8:10:89 > Broadcast sap e0 ui/C len=43
01:19:43.985574 0.00:c0:02:b8:10:89.4013 >
0.ff:ff:ff:ff:ff:ff.452:ipx-sap-nearest-req 4 'ACACACACACAB'
01:19:43.988682 0.00:c0:02:b8:10:89.4013 >
0.ff:ff:ff:ff:ff:ff.452:ipx-sap-req 4 'ACACACACACAC'
01:19:43.991850 0.00:c0:02:b8:10:89.4013 >
0.ff:ff:ff:ff:ff:ff.452:ipx-sap-req 278 '%'
01:19:43.994915 0:c0:2:b8:10:89 > Broadcast sap aa ui/C len=35
01:19:43.998049 0:c0:2:b8:10:89 > Broadcast sap aa ui/C len=35
01:19:44.001198 0:c0:2:b8:10:89 > Broadcast sap aa ui/C len=35
01:19:44.017823 arp who-has 192.168.1.224 tell 192.168.1.10
01:19:44.018217 arp reply 192.168.1.224 is-at 0:90:f5:3a:60:5d
It looks like arp requests are passing from bridge to bridge, but there
is no icmp traffic.
[Office2]# tcpdump: listening on sis1, link-type EN10MB
02:16:28.277715 192.168.1.71.1001 > 192.168.1.106.1038: P
236330675:236330930(255) ack 4095749983 win 1024 (DF)
02:16:31.276658 192.168.1.71.1001 > 192.168.1.106.1038: P 0:255(255) ack
1 win 1024 (DF)
02:16:34.275853 192.168.1.71.1001 > 192.168.1.106.1038: P 0:255(255) ack
1 win 1024 (DF)
02:16:34.879178 arp who-has 192.168.1.224 tell 192.168.1.10
02:16:34.879348 arp reply 192.168.1.224 is-at 0:90:f5:3a:60:5d
02:16:35.888486 arp who-has 192.168.1.224 tell 192.168.1.10
02:16:35.888660 arp reply 192.168.1.224 is-at 0:90:f5:3a:60:5d
02:16:36.898801 arp who-has 192.168.1.224 tell 192.168.1.10
02:16:36.898967 arp reply 192.168.1.224 is-at 0:90:f5:3a:60:5d
02:16:36.969480 255.1.145.zip > 0.0.zip: at-#6 25
02:16:37.275749 192.168.1.71.1001 > 192.168.1.106.1038: P 0:255(255) ack
1 win 1024 (DF)
02:16:37.909164 arp who-has 192.168.1.224 tell 192.168.1.10
02:16:37.909325 arp reply 192.168.1.224 is-at 0:90:f5:3a:60:5dd
02:16:37.979330 255.1.145.zip > 0.0.zip: at-#6 25
02:16:38.191321 0:c0:2:b8:10:89 > 3:0:0:0:0:1 sap f0 ui/C len=163
02:16:38.919409 arp who-has 192.168.1.224 tell 192.168.1.10
02:16:38.919571 arp reply 192.168.1.224 is-at 0:90:f5:3a:60:5d
02:16:38.989187 255.1.145.zip > 0.0.zip: at-#6 25
02:16:40.275189 192.168.1.71.1001 > 192.168.1.106.1038: P 0:255(255) ack
1 win 1024 (DF)
>From this dump (on internal interface at office2) I can assume that the
bridge is up, arp traffic is passing but nothing else.
What I am missing here, hints?
Regards,
Mitja
