[Bridge] using bridges to connect vlans and untagged data

[Bridge] using bridges to connect vlans and untagged data

[Zoilo Gomez]

I have the following interfaces:
=> vlan22 and vlan2 on eth0
=> vlan23 and untagged traffic on eth1

The essence is that:
=> vlan22@eth0 and vlan23@eth1 need to be bridged, and
=> vlan2@eth0 and the untagged traffic on eth1 need to be bridged.

Software:
=> Gentoo 10.1
=> linux 2.6.32.7 vanilla
=> vconfig 1.9
=> bridge-utils 1.4

===== My implementation:

vconfig add eth0 2
vconfig add eth0 22

vconfig add eth1 23

brctl addbr br0
brctl addif br0 vlan2
brctl addif br0 eth1

brctl addbr br1
brctl addif br1 vlan22
brctl addif br1 vlan23

ebtables -P FORWARD DROP

ebtables -A FORWARD -j ACCEPT -p ! 802_1Q -i eth1 -o vlan2
ebtables -A FORWARD -j ACCEPT -p ! 802_1Q -i vlan2 -o eth1

ebtables -A FORWARD -j ACCEPT -i vlan23 -o vlan22
ebtables -A FORWARD -j ACCEPT -i vlan22 -o vlan23

Unfortunately, the vlan23 interface stops receiving data as soon as eth1 
is connected to br0. It seems that the bridge sucks all data from eth1, 
effectively disabling vlan23; why is this?

How can I get access to the untagged data on eth1, while simultaneously 
using vlan23@eth1 ?

Or should I use a different approach?

Z.

Re: [Bridge] using bridges to connect vlans and untagged data

[richardvoigt]

On Sun, Feb 21, 2010 at 5:24 PM, Zoilo Gomez <zoilo@xs4all.nl> wrote:
> I have the following interfaces:
> => vlan22 and vlan2 on eth0
> => vlan23 and untagged traffic on eth1
>
> The essence is that:
> => vlan22@eth0 and vlan23@eth1 need to be bridged, and
> => vlan2@eth0 and the untagged traffic on eth1 need to be bridged.
>
> Software:
> => Gentoo 10.1
> => linux 2.6.32.7 vanilla
> => vconfig 1.9
> => bridge-utils 1.4
>
> ===== My implementation:
>
> vconfig add eth0 2
> vconfig add eth0 22
>
> vconfig add eth1 23
>
> brctl addbr br0
> brctl addif br0 vlan2
> brctl addif br0 eth1
>
> brctl addbr br1
> brctl addif br1 vlan22
> brctl addif br1 vlan23
>
> ebtables -P FORWARD DROP
>
> ebtables -A FORWARD -j ACCEPT -p ! 802_1Q -i eth1 -o vlan2
> ebtables -A FORWARD -j ACCEPT -p ! 802_1Q -i vlan2 -o eth1
>
> ebtables -A FORWARD -j ACCEPT -i vlan23 -o vlan22
> ebtables -A FORWARD -j ACCEPT -i vlan22 -o vlan23
>
> Unfortunately, the vlan23 interface stops receiving data as soon as eth1
> is connected to br0. It seems that the bridge sucks all data from eth1,
> effectively disabling vlan23; why is this?
>
> How can I get access to the untagged data on eth1, while simultaneously
> using vlan23@eth1 ?
>
> Or should I use a different approach?

This is an issue with linux vlan support, there is no interface for
untagged traffic.  eth1 represents all traffic through that nic
whether tagged or not.

You should ask this question again on the vlan mailing list, maybe
there's a new configuration option I don't know about or maybe they
can offer a workaround.

>
> Z.
>
> _______________________________________________
> Bridge mailing list
> Bridge@lists.linux-foundation.org
> https://lists.linux-foundation.org/mailman/listinfo/bridge
>

Re: [Bridge] using bridges to connect vlans and untagged data

[Zoilo Gomez]

Thank you Richard.

Anyway, I just found the solution while re-reading the FAQ 
http://ebtables.sourceforge.net/misc/brnf-faq.html (see section 3: How 
do I let vlan-tagged traffic go through a vlan bridge port and the other 
traffic through a non-vlan bridge port?).

And lo-and-behold - after adding the ebtables rule ....

ebtables -t broute -A BROUTING -j DROP -i eth1 -p 802_1Q --vlan-id 23

.... now everything works like a charm!

I can now ping through br1 as well (br0 was never a problem) - 
vlan23-traffic arriving on eth1 does not get bridged, but instead the 
vlan23-tag is stripped and the packet then arrives magically on my 
vlan23-interface.

Only after reading this part for the 3rd time just now, I suddenly 
understood the meaning, added the brouter rule, and done.

Thank you all for your support,

Z.


richardvoigt@gmail.com wrote:
> On Sun, Feb 21, 2010 at 5:24 PM, Zoilo Gomez <zoilo@xs4all.nl> wrote:
>   
>> I have the following interfaces:
>> => vlan22 and vlan2 on eth0
>> => vlan23 and untagged traffic on eth1
>>
>> The essence is that:
>> => vlan22@eth0 and vlan23@eth1 need to be bridged, and
>> => vlan2@eth0 and the untagged traffic on eth1 need to be bridged.
>>
>> Software:
>> => Gentoo 10.1
>> => linux 2.6.32.7 vanilla
>> => vconfig 1.9
>> => bridge-utils 1.4
>>
>> ===== My implementation:
>>
>> vconfig add eth0 2
>> vconfig add eth0 22
>>
>> vconfig add eth1 23
>>
>> brctl addbr br0
>> brctl addif br0 vlan2
>> brctl addif br0 eth1
>>
>> brctl addbr br1
>> brctl addif br1 vlan22
>> brctl addif br1 vlan23
>>
>> ebtables -P FORWARD DROP
>>
>> ebtables -A FORWARD -j ACCEPT -p ! 802_1Q -i eth1 -o vlan2
>> ebtables -A FORWARD -j ACCEPT -p ! 802_1Q -i vlan2 -o eth1
>>
>> ebtables -A FORWARD -j ACCEPT -i vlan23 -o vlan22
>> ebtables -A FORWARD -j ACCEPT -i vlan22 -o vlan23
>>
>> Unfortunately, the vlan23 interface stops receiving data as soon as eth1
>> is connected to br0. It seems that the bridge sucks all data from eth1,
>> effectively disabling vlan23; why is this?
>>
>> How can I get access to the untagged data on eth1, while simultaneously
>> using vlan23@eth1 ?
>>
>> Or should I use a different approach?
>>     
>
> This is an issue with linux vlan support, there is no interface for
> untagged traffic.  eth1 represents all traffic through that nic
> whether tagged or not.
>
> You should ask this question again on the vlan mailing list, maybe
> there's a new configuration option I don't know about or maybe they
> can offer a workaround.
>
>   
>> Z.
>>
>> _______________________________________________
>> Bridge mailing list
>> Bridge@lists.linux-foundation.org
>> https://lists.linux-foundation.org/mailman/listinfo/bridge
>>
>>     
>
>   

[Bridge] Slow receive side on bridge

[james.card]

[-- Attachment #1: Type: text/plain, Size: 2061 bytes --]

Hi,

I have a CentOS 5.4 distro running Xen on top of a Linux bridge (set up by Xen).  I have noticed by using iPerf in bidirectional mode that the traffic going into the server running the bridge is quite a bit slower with the bridge enabled than when it isn't.   The HW is a multiblade setup (8 blades each running CentOS 5.x).  On one of the blades, I shut down Xen and initially run with the bridge shut down and transferred a file from another machine using scp.  I then started up the bridge and transferred the same file and you can see below there is a big difference (3.6MB/s vs 23.2KB/s).  I stopped Xen before doing the following...

Any help on where to look would be helpful.  I was going to shut down all but one blade to see if it could be a lack of STP causing issues.

-- Xen bridge initially shut down

[root@bsbchp003 ~]# brctl show
bridge name    bridge id        STP enabled    interfaces
virbr0        8000.000000000000    yes

-- transfer the 3.7GB file

[root@bsbchp003 ~]# scp card@harvard:bigfile .
bigfile                                                                                                                                                                 100% 3685KB   3.6MB/s   00:00

-- start the bridge

[root@bsbchp003 ~]# /etc/xen/scripts/network-bridge start
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
Nothing to flush.
Nothing to flush.
Waiting for peth0 to negotiate link..[root@bsbchp003 ~]#

-- the Xen bridge is now up

[root@bsbchp003 ~]# brctl show
bridge name    bridge id        STP enabled    interfaces
virbr0        8000.000000000000    yes
xenbr0        8000.feffffffffff    no        peth0
                            vif0.0
[root@bsbchp003 ~]# scp card@harvard:bigfile .
bigfile                                                                                                                                                                 100% 3685KB  23.2KB/s   02:39
[root@bsbchp003 ~]#

[-- Attachment #2: Type: text/html, Size: 4661 bytes --]