Re: VLAN 1 - Native

Re: VLAN 1 - Native

[Leonardo Uzcudun]

________________________________
Da: Leonardo Uzcudun <uzcudunl@yahoo.it>
A: "netdev@vger.kernel.org" <netdev@vger.kernel.org> 
Inviato: Mercoledì 1 Febbraio 2012 12:22
Oggetto: VLAN 1 - Native

Hello:

I'm connecting my Linux computer (debian 2.6.32-5) to a switch to implement vlans.

All is working fine except for the VLAN 1. Of sure you are aware of this situation and i would like to knoe if there is any parameter or setting that i should set in the vlan (linux side, not switch) configuration. Here's my configuration:
ip addr add 0.0.0.0 dev eth0
ip link set eth0 up
ip link add link eth0 name eth0.1 type vlan id 1
ip link add link eth0 name eth0.101 type vlan id 101
ip addr add 0.0.0.0 dev eth0.1
ip addr add 0.0.0.0 dev eth0.101
ip link set eth0.101 up
ip link set eth0.1 up
brctl addbr br_vlan_1
brctl addbr br_vlan_101
brctl addif br_vlan_1 eth0.1
brctl addif br_vlan_101 eth0.101
ip addr add 0.0.0.0 dev br_vlan_1
ip
addr add 0.0.0.0 dev br_vlan_101
ip link set br_vlan_1 up
ip link set br_vlan_101 up

Traffic on vlan 101 is working fine. Traffic on VLAN 1 is not working cause the packets are going out from eth0 like tagged. How could i set the VID 1 as untagged?

Thanks a lot.

BR,

Leo

Re: VLAN 1 - Native

[Eric Dumazet]

Le mercredi 01 février 2012 à 11:24 +0000, Leonardo Uzcudun a écrit :
> ________________________________
> Da: Leonardo Uzcudun <uzcudunl@yahoo.it>
> A: "netdev@vger.kernel.org" <netdev@vger.kernel.org> 
> Inviato: Mercoledì 1 Febbraio 2012 12:22
> Oggetto: VLAN 1 - Native
> 
> Hello:
> 
> I'm connecting my Linux computer (debian 2.6.32-5) to a switch to
> implement vlans.
> 
> All is working fine except for the VLAN 1. Of sure you are aware of
> this situation and i would like to knoe if there is any parameter or
> setting that i should set in the vlan (linux side, not switch)
> configuration. Here's my configuration:
> ip addr add 0.0.0.0 dev eth0
> ip link set eth0 up
> ip link add link eth0 name eth0.1 type vlan id 1
> ip link add link eth0 name eth0.101 type vlan id 101
> ip addr add 0.0.0.0 dev eth0.1
> ip addr add 0.0.0.0 dev eth0.101
> ip link set eth0.101 up
> ip link set eth0.1 up
> brctl addbr br_vlan_1
> brctl addbr br_vlan_101
> brctl addif br_vlan_1 eth0.1
> brctl addif br_vlan_101 eth0.101
> ip addr add 0.0.0.0 dev br_vlan_1
> ip
> addr add 0.0.0.0 dev br_vlan_101
> ip link set br_vlan_1 up
> ip link set br_vlan_101 up
> 
> Traffic on vlan 101 is working fine. Traffic on VLAN 1 is not working
> cause the packets are going out from eth0 like tagged. How could i set
> the VID 1 as untagged?

What do you mean by "sending packets for VID 1, untagged " ?

What is the difference between vlan 101 and vlan 1 ?

Re: VLAN 1 - Native

[yao zhao]

On Wed, Feb 1, 2012 at 9:50 AM, yao zhao <yao.development@gmail.com> wrote:
>
>
> On Wed, Feb 1, 2012 at 8:04 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
>>
>> Le mercredi 01 février 2012 à 11:24 +0000, Leonardo Uzcudun a écrit :
>> > ________________________________
>> > Da: Leonardo Uzcudun <uzcudunl@yahoo.it>
>> > A: "netdev@vger.kernel.org" <netdev@vger.kernel.org>
>> > Inviato: Mercoledì 1 Febbraio 2012 12:22
>> > Oggetto: VLAN 1 - Native
>> >
>> > Hello:
>> >
>> > I'm connecting my Linux computer (debian 2.6.32-5) to a switch to
>> > implement vlans.
>> >
>> > All is working fine except for the VLAN 1. Of sure you are aware of
>> > this situation and i would like to knoe if there is any parameter or
>> > setting that i should set in the vlan (linux side, not switch)
>> > configuration. Here's my configuration:
>> > ip addr add 0.0.0.0 dev eth0
>> > ip link set eth0 up
>> > ip link add link eth0 name eth0.1 type vlan id 1
>> > ip link add link eth0 name eth0.101 type vlan id 101
>> > ip addr add 0.0.0.0 dev eth0.1
>> > ip addr add 0.0.0.0 dev eth0.101
>> > ip link set eth0.101 up
>> > ip link set eth0.1 up
>> > brctl addbr br_vlan_1
>> > brctl addbr br_vlan_101
>> > brctl addif br_vlan_1 eth0.1
>> > brctl addif br_vlan_101 eth0.101
>> > ip addr add 0.0.0.0 dev br_vlan_1
>> > ip
>> > addr add 0.0.0.0 dev br_vlan_101
>> > ip link set br_vlan_1 up
>> > ip link set br_vlan_101 up
>> >
>> > Traffic on vlan 101 is working fine. Traffic on VLAN 1 is not working
>> > cause the packets are going out from eth0 like tagged. How could i set
>> > the VID 1 as untagged?
>>
>> What do you mean by "sending packets for VID 1, untagged " ?
>>
 on switch like Cisco: vlan 1 is the native vlan or default vlan so it is
 untagged. untagged means packet has no vlan header.

>>
>> What is the difference between vlan 101 and vlan 1 ?

 No other difference. Just because it is vlan 1  which is special in
 switches(of course it can be changed on switch side but he doesn't want to)
>>
>>
>>
>>
>>
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe netdev" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
>

Re: VLAN 1 - Native

[Eric Dumazet]

Le mercredi 01 février 2012 à 09:57 -0500, yao zhao a écrit :
> On Wed, Feb 1, 2012 at 9:50 AM, yao zhao <yao.development@gmail.com> wrote:
> >
> >
> > On Wed, Feb 1, 2012 at 8:04 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> >>
> >> Le mercredi 01 février 2012 à 11:24 +0000, Leonardo Uzcudun a écrit :
> >> > ________________________________
> >> > Da: Leonardo Uzcudun <uzcudunl@yahoo.it>
> >> > A: "netdev@vger.kernel.org" <netdev@vger.kernel.org>
> >> > Inviato: Mercoledì 1 Febbraio 2012 12:22
> >> > Oggetto: VLAN 1 - Native
> >> >
> >> > Hello:
> >> >
> >> > I'm connecting my Linux computer (debian 2.6.32-5) to a switch to
> >> > implement vlans.
> >> >
> >> > All is working fine except for the VLAN 1. Of sure you are aware of
> >> > this situation and i would like to knoe if there is any parameter or
> >> > setting that i should set in the vlan (linux side, not switch)
> >> > configuration. Here's my configuration:
> >> > ip addr add 0.0.0.0 dev eth0
> >> > ip link set eth0 up
> >> > ip link add link eth0 name eth0.1 type vlan id 1
> >> > ip link add link eth0 name eth0.101 type vlan id 101
> >> > ip addr add 0.0.0.0 dev eth0.1
> >> > ip addr add 0.0.0.0 dev eth0.101
> >> > ip link set eth0.101 up
> >> > ip link set eth0.1 up
> >> > brctl addbr br_vlan_1
> >> > brctl addbr br_vlan_101
> >> > brctl addif br_vlan_1 eth0.1
> >> > brctl addif br_vlan_101 eth0.101
> >> > ip addr add 0.0.0.0 dev br_vlan_1
> >> > ip
> >> > addr add 0.0.0.0 dev br_vlan_101
> >> > ip link set br_vlan_1 up
> >> > ip link set br_vlan_101 up
> >> >
> >> > Traffic on vlan 101 is working fine. Traffic on VLAN 1 is not working
> >> > cause the packets are going out from eth0 like tagged. How could i set
> >> > the VID 1 as untagged?
> >>
> >> What do you mean by "sending packets for VID 1, untagged " ?
> >>
>  on switch like Cisco: vlan 1 is the native vlan or default vlan so it is
>  untagged. untagged means packet has no vlan header.
> 
> >>
> >> What is the difference between vlan 101 and vlan 1 ?
> 
>  No other difference. Just because it is vlan 1  which is special in
>  switches(of course it can be changed on switch side but he doesn't want to)

VID=1 is not the "known" native vlan at all, this is a vendor (stupid ?)
extension.

There is no ID reserved to untagged traffic in the 802.1Q specs, since
by definition, if traffic is untagged, there is _no_ VLAN tag in the
frame.

Untagged traffic on linux is on eth0 itself (ingress or egress), not on
eth0.xxx

Re: VLAN 1 - Native

[Leonardo Uzcudun]

Yes, all those points are clear. My question is: can i do anything in the linux side (i can't change the switch config) to make the traffic on vlan 1 to function?

Example: how do those linux-wifi-access points that support vlans are able to have VLAN 1 and other vlans?

Thanks again.

Leo



----- Messaggio originale -----
Da: Eric Dumazet <eric.dumazet@gmail.com>
A: yao zhao <yao.development@gmail.com>
Cc: Leonardo Uzcudun <uzcudunl@yahoo.it>; "netdev@vger.kernel.org" <netdev@vger.kernel.org>
Inviato: Mercoledì 1 Febbraio 2012 16:05
Oggetto: Re: VLAN 1 - Native

Le mercredi 01 février 2012 à 09:57 -0500, yao zhao a écrit :
> On Wed, Feb 1, 2012 at 9:50 AM, yao zhao <yao.development@gmail.com> wrote:
> >
> >
> > On Wed, Feb 1, 2012 at 8:04 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> >>
> >> Le mercredi 01 février 2012 à 11:24 +0000, Leonardo Uzcudun a écrit :
> >> > ________________________________
> >> > Da: Leonardo Uzcudun <uzcudunl@yahoo.it>
> >> > A: "netdev@vger.kernel.org" <netdev@vger.kernel.org>
> >> > Inviato: Mercoledì 1 Febbraio 2012 12:22
> >> > Oggetto: VLAN 1 - Native
> >> >
> >> > Hello:
> >> >
> >> > I'm connecting my Linux computer (debian 2.6.32-5) to a switch to
> >> > implement vlans.
> >> >
> >> > All is working fine except for the VLAN 1. Of sure you are aware of
> >> > this situation and i would like to knoe if there is any parameter or
> >> > setting that i should set in the vlan (linux side, not switch)
> >> > configuration. Here's my configuration:
> >> > ip addr add 0.0.0.0 dev eth0
> >> > ip link set eth0 up
> >> > ip link add link eth0 name eth0.1 type vlan id 1
> >> > ip link add link eth0 name eth0.101 type vlan id 101
> >> > ip addr add 0.0.0.0 dev eth0.1
> >> > ip addr add 0.0.0.0 dev eth0.101
> >> > ip link set eth0.101 up
> >> > ip link set eth0.1 up
> >> > brctl addbr br_vlan_1
> >> > brctl addbr br_vlan_101
> >> > brctl addif br_vlan_1 eth0.1
> >> > brctl addif br_vlan_101 eth0.101
> >> > ip addr add 0.0.0.0 dev br_vlan_1
> >> > ip
> >> > addr add 0.0.0.0 dev br_vlan_101
> >> > ip link set br_vlan_1 up
> >> > ip link set br_vlan_101 up
> >> >
> >> > Traffic on vlan 101 is working fine. Traffic on VLAN 1 is not working
> >> > cause the packets are going out from eth0 like tagged. How could i set
> >> > the VID 1 as untagged?
> >>
> >> What do you mean by "sending packets for VID 1, untagged " ?
> >>
>  on switch like Cisco: vlan 1 is the native vlan or default vlan so it is
>  untagged. untagged means packet has no vlan header.
> 
> >>
> >> What is the difference between vlan 101 and vlan 1 ?
> 
>  No other difference. Just because it is vlan 1  which is special in
>  switches(of course it can be changed on switch side but he doesn't want to)

VID=1 is not the "known" native vlan at all, this is a vendor (stupid ?)
extension.

There is no ID reserved to untagged traffic in the 802.1Q specs, since
by definition, if traffic is untagged, there is _no_ VLAN tag in the
frame.

Untagged traffic on linux is on eth0 itself (ingress or egress), not on
eth0.xxx

Re: VLAN 1 - Native

[Eric Dumazet]

Le mercredi 01 février 2012 à 15:14 +0000, Leonardo Uzcudun a écrit :
> Yes, all those points are clear. My question is: can i do anything in
> the linux side (i can't change the switch config) to make the traffic
> on vlan 1 to function?
> 
> Example: how do those linux-wifi-access points that support vlans are
> able to have VLAN 1 and other vlans?

eth0 will receive your "untagged" traffic, exactly if you had no vlan
config on your machine.

eth0 will send your "untagged" traffic, exactly if you had no vlan
config on your machine.

If "eth0" name doesnt please you, you can rename it to eth0.1 or
eth0.untag


ip link set dev eth0 name eth0.untag

Re: VLAN 1 - Native

[yao zhao]

On Wed, Feb 1, 2012 at 10:05 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> Le mercredi 01 février 2012 à 09:57 -0500, yao zhao a écrit :
>> On Wed, Feb 1, 2012 at 9:50 AM, yao zhao <yao.development@gmail.com> wrote:
>> >
>> >
>> > On Wed, Feb 1, 2012 at 8:04 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
>> >>
>> >> Le mercredi 01 février 2012 à 11:24 +0000, Leonardo Uzcudun a écrit :
>> >> > ________________________________
>> >> > Da: Leonardo Uzcudun <uzcudunl@yahoo.it>
>> >> > A: "netdev@vger.kernel.org" <netdev@vger.kernel.org>
>> >> > Inviato: Mercoledì 1 Febbraio 2012 12:22
>> >> > Oggetto: VLAN 1 - Native
>> >> >
>> >> > Hello:
>> >> >
>> >> > I'm connecting my Linux computer (debian 2.6.32-5) to a switch to
>> >> > implement vlans.
>> >> >
>> >> > All is working fine except for the VLAN 1. Of sure you are aware of
>> >> > this situation and i would like to knoe if there is any parameter or
>> >> > setting that i should set in the vlan (linux side, not switch)
>> >> > configuration. Here's my configuration:
>> >> > ip addr add 0.0.0.0 dev eth0
>> >> > ip link set eth0 up
>> >> > ip link add link eth0 name eth0.1 type vlan id 1
>> >> > ip link add link eth0 name eth0.101 type vlan id 101
>> >> > ip addr add 0.0.0.0 dev eth0.1
>> >> > ip addr add 0.0.0.0 dev eth0.101
>> >> > ip link set eth0.101 up
>> >> > ip link set eth0.1 up
>> >> > brctl addbr br_vlan_1
>> >> > brctl addbr br_vlan_101
>> >> > brctl addif br_vlan_1 eth0.1
>> >> > brctl addif br_vlan_101 eth0.101
>> >> > ip addr add 0.0.0.0 dev br_vlan_1
>> >> > ip
>> >> > addr add 0.0.0.0 dev br_vlan_101
>> >> > ip link set br_vlan_1 up
>> >> > ip link set br_vlan_101 up
>> >> >
>> >> > Traffic on vlan 101 is working fine. Traffic on VLAN 1 is not working
>> >> > cause the packets are going out from eth0 like tagged. How could i set
>> >> > the VID 1 as untagged?
>> >>
>> >> What do you mean by "sending packets for VID 1, untagged " ?
>> >>
>>  on switch like Cisco: vlan 1 is the native vlan or default vlan so it is
>>  untagged. untagged means packet has no vlan header.
>>
>> >>
>> >> What is the difference between vlan 101 and vlan 1 ?
>>
>>  No other difference. Just because it is vlan 1  which is special in
>>  switches(of course it can be changed on switch side but he doesn't want to)
>
> VID=1 is not the "known" native vlan at all, this is a vendor (stupid ?)
> extension.
>
That is true. But in IEEE standard it also said you can specify
whether a vlan can be untagged or tagged on egress.

> There is no ID reserved to untagged traffic in the 802.1Q specs, since
> by definition, if traffic is untagged, there is _no_ VLAN tag in the
> frame.
>
> Untagged traffic on linux is on eth0 itself (ingress or egress), not on
> eth0.xxx
>
If you want linux to do as a switch too, then you can have to make up
something that what ERic said, use physical interface as the vlan 1,
as it is untagged. When vlan 1 is not native vlan you have to change
back to eth0.1. and change that new native vlan to physical interface.

yao
>
>
>

Re: VLAN 1 - Native

[Leonardo Uzcudun]

I'm sorry guys but i'm not understanding. Allow me to ask in a different way.

I've a linux computer with 3 network cards (eth0, eth1 and eth2)

eth0 is connected to a switch with vlans config.
eth1 is connected to a network that has VID 1
eth2 is connected to a network that has VID 101

I've the following configuration:

ip addr add 0.0.0.0 dev eth0
ip link set eth0 up
ip link add link eth0 name eth0.1 type vlan id 1
ip link add link eth0 name eth0.101 type vlan id 101
ip addr add 0.0.0.0 dev eth0.1
ip addr add 0.0.0.0 dev eth0.101
ip link set eth0.101 up
ip link set eth0.1 up
brctl addbr br_vlan_1
brctl addbr br_vlan_101
brctl addif br_vlan_1 eth0.1 eth1
brctl addif br_vlan_101 eth0.101 eth2
ip addr add 0.0.0.0 dev br_vlan_1
ip addr add 0.0.0.0 dev br_vlan_101
ip link set br_vlan_1 up
ip link set br_vlan_101 up


with this setup, the traffic on VID 101 is working fine. The devices across the switch and eth2 communicate each other but, the devices on VID 1 don't communicate with those connected to eth1

If I remove eth0.1 and add eth0 to br_vlan_1 i have the opposite situation:
the traffic on VID 101 is NOT working. The devices across the switch and eth2 DO NOT communicate each other
but, the devices on VID 1 communicate with those connected to eth1. Of course on br_vlan_1 i'm getting the VID 1 traffic AND the VID 101....

Thanks again,

Leo





----- Messaggio originale -----
Da: yao zhao <yao.development@gmail.com>
A: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Leonardo Uzcudun <uzcudunl@yahoo.it>; "netdev@vger.kernel.org" <netdev@vger.kernel.org>
Inviato: Mercoledì 1 Febbraio 2012 17:25
Oggetto: Re: VLAN 1 - Native

On Wed, Feb 1, 2012 at 10:05 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> Le mercredi 01 février 2012 à 09:57 -0500, yao zhao a écrit :
>> On Wed, Feb 1, 2012 at 9:50 AM, yao zhao <yao.development@gmail.com> wrote:
>> >
>> >
>> > On Wed, Feb 1, 2012 at 8:04 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
>> >>
>> >> Le mercredi 01 février 2012 à 11:24 +0000, Leonardo Uzcudun a écrit :
>> >> > ________________________________
>> >> > Da: Leonardo Uzcudun <uzcudunl@yahoo.it>
>> >> > A: "netdev@vger.kernel.org" <netdev@vger.kernel.org>
>> >> > Inviato: Mercoledì 1 Febbraio 2012 12:22
>> >> > Oggetto: VLAN 1 - Native
>> >> >
>> >> > Hello:
>> >> >
>> >> > I'm connecting my Linux computer (debian 2.6.32-5) to a switch to
>> >> > implement vlans.
>> >> >
>> >> > All is working fine except for the VLAN 1. Of sure you are aware of
>> >> > this situation and i would like to knoe if there is any parameter or
>> >> > setting that i should set in the vlan (linux side, not switch)
>> >> > configuration. Here's my configuration:
>> >> > ip addr add 0.0.0.0 dev eth0
>> >> > ip link set eth0 up
>> >> > ip link add link eth0 name eth0.1 type vlan id 1
>> >> > ip link add link eth0 name eth0.101 type vlan id 101
>> >> > ip addr add 0.0.0.0 dev eth0.1
>> >> > ip addr add 0.0.0.0 dev eth0.101
>> >> > ip link set eth0.101 up
>> >> > ip link set eth0.1 up
>> >> > brctl addbr br_vlan_1
>> >> > brctl addbr br_vlan_101
>> >> > brctl addif br_vlan_1 eth0.1
>> >> > brctl addif br_vlan_101 eth0.101
>> >> > ip addr add 0.0.0.0 dev br_vlan_1
>> >> > ip
>> >> > addr add 0.0.0.0 dev br_vlan_101
>> >> > ip link set br_vlan_1 up
>> >> > ip link set br_vlan_101 up
>> >> >
>> >> > Traffic on vlan 101 is working fine. Traffic on VLAN 1 is not working
>> >> > cause the packets are going out from eth0 like tagged. How could i set
>> >> > the VID 1 as untagged?
>> >>
>> >> What do you mean by "sending packets for VID 1, untagged " ?
>> >>
>>  on switch like Cisco: vlan 1 is the native vlan or default vlan so it is
>>  untagged. untagged means packet has no vlan header.
>>
>> >>
>> >> What is the difference between vlan 101 and vlan 1 ?
>>
>>  No other difference. Just because it is vlan 1  which is special in
>>  switches(of course it can be changed on switch side but he doesn't want to)
>
> VID=1 is not the "known" native vlan at all, this is a vendor (stupid ?)
> extension.
>
That is true. But in IEEE standard it also said you can specify
whether a vlan can be untagged or tagged on egress.

> There is no ID reserved to untagged traffic in the 802.1Q specs, since
> by definition, if traffic is untagged, there is _no_ VLAN tag in the
> frame.
>
> Untagged traffic on linux is on eth0 itself (ingress or egress), not on
> eth0.xxx
>
If you want linux to do as a switch too, then you can have to make up
something that what ERic said, use physical interface as the vlan 1,
as it is untagged. When vlan 1 is not native vlan you have to change
back to eth0.1. and change that new native vlan to physical interface.

yao
>
>
>

Re: VLAN 1 - Native

[Eric Dumazet]

Le mercredi 01 février 2012 à 16:44 +0000, Leonardo Uzcudun a écrit :
> I'm sorry guys but i'm not understanding. Allow me to ask in a
> different way.
> 
> I've a linux computer with 3 network cards (eth0, eth1 and eth2)
> 
> eth0 is connected to a switch with vlans config.
> eth1 is connected to a network that has VID 1
> eth2 is connected to a network that has VID 101
> 
> I've the following configuration:
> 
> ip addr add 0.0.0.0 dev eth0
> ip link set eth0 up
> ip link add link eth0 name eth0.1 type vlan id 1
> ip link add link eth0 name eth0.101 type vlan id 101
> ip addr add 0.0.0.0 dev eth0.1
> ip addr add 0.0.0.0 dev eth0.101
> ip link set eth0.101 up
> ip link set eth0.1 up
> brctl addbr br_vlan_1
> brctl addbr br_vlan_101
> brctl addif br_vlan_1 eth0.1 eth1
> brctl addif br_vlan_101 eth0.101 eth2
> ip addr add 0.0.0.0 dev br_vlan_1
> ip addr add 0.0.0.0 dev br_vlan_101
> ip link set br_vlan_1 up
> ip link set br_vlan_101 up
> 
> 
> with this setup, the traffic on VID 101 is working fine. The devices
> across the switch and eth2 communicate each other but, the devices on
> VID 1 don't communicate with those connected to eth1
> 
> If I remove eth0.1 and add eth0 to br_vlan_1 i have the opposite
> situation:
> the traffic on VID 101 is NOT working. The devices across the switch
> and eth2 DO NOT communicate each other
> but, the devices on VID 1 communicate with those connected to eth1. Of
> course on br_vlan_1 i'm getting the VID 1 traffic AND the VID 101....


This might work on recent kernels, please try them.

This is netdev list, after all ;)

Re: VLAN 1 - Native

[yao zhao]

How about this?

brctl addif br_vlan_1 eth0 eth1
brctl addif br_vlan_101 eth0.101 eth2.101

yao
On Wed, Feb 1, 2012 at 11:44 AM, Leonardo Uzcudun <uzcudunl@yahoo.it> wrote:
> I'm sorry guys but i'm not understanding. Allow me to ask in a different way.
>
> I've a linux computer with 3 network cards (eth0, eth1 and eth2)
>
> eth0 is connected to a switch with vlans config.
> eth1 is connected to a network that has VID 1
> eth2 is connected to a network that has VID 101
>
> I've the following configuration:
>
> ip addr add 0.0.0.0 dev eth0
> ip link set eth0 up
> ip link add link eth0 name eth0.1 type vlan id 1
> ip link add link eth0 name eth0.101 type vlan id 101
> ip addr add 0.0.0.0 dev eth0.1
> ip addr add 0.0.0.0 dev eth0.101
> ip link set eth0.101 up
> ip link set eth0.1 up
> brctl addbr br_vlan_1
> brctl addbr br_vlan_101
> brctl addif br_vlan_1 eth0.1 eth1
> brctl addif br_vlan_101 eth0.101 eth2
> ip addr add 0.0.0.0 dev br_vlan_1
> ip addr add 0.0.0.0 dev br_vlan_101
> ip link set br_vlan_1 up
> ip link set br_vlan_101 up
>
>
> with this setup, the traffic on VID 101 is working fine. The devices across the switch and eth2 communicate each other but, the devices on VID 1 don't communicate with those connected to eth1
>
> If I remove eth0.1 and add eth0 to br_vlan_1 i have the opposite situation:
> the traffic on VID 101 is NOT working. The devices across the switch and eth2 DO NOT communicate each other
> but, the devices on VID 1 communicate with those connected to eth1. Of course on br_vlan_1 i'm getting the VID 1 traffic AND the VID 101....
>
> Thanks again,
>
> Leo
>
>
>
>
>
> ----- Messaggio originale -----
> Da: yao zhao <yao.development@gmail.com>
> A: Eric Dumazet <eric.dumazet@gmail.com>
> Cc: Leonardo Uzcudun <uzcudunl@yahoo.it>; "netdev@vger.kernel.org" <netdev@vger.kernel.org>
> Inviato: Mercoledì 1 Febbraio 2012 17:25
> Oggetto: Re: VLAN 1 - Native
>
> On Wed, Feb 1, 2012 at 10:05 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
>> Le mercredi 01 février 2012 à 09:57 -0500, yao zhao a écrit :
>>> On Wed, Feb 1, 2012 at 9:50 AM, yao zhao <yao.development@gmail.com> wrote:
>>> >
>>> >
>>> > On Wed, Feb 1, 2012 at 8:04 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
>>> >>
>>> >> Le mercredi 01 février 2012 à 11:24 +0000, Leonardo Uzcudun a écrit :
>>> >> > ________________________________
>>> >> > Da: Leonardo Uzcudun <uzcudunl@yahoo.it>
>>> >> > A: "netdev@vger.kernel.org" <netdev@vger.kernel.org>
>>> >> > Inviato: Mercoledì 1 Febbraio 2012 12:22
>>> >> > Oggetto: VLAN 1 - Native
>>> >> >
>>> >> > Hello:
>>> >> >
>>> >> > I'm connecting my Linux computer (debian 2.6.32-5) to a switch to
>>> >> > implement vlans.
>>> >> >
>>> >> > All is working fine except for the VLAN 1. Of sure you are aware of
>>> >> > this situation and i would like to knoe if there is any parameter or
>>> >> > setting that i should set in the vlan (linux side, not switch)
>>> >> > configuration. Here's my configuration:
>>> >> > ip addr add 0.0.0.0 dev eth0
>>> >> > ip link set eth0 up
>>> >> > ip link add link eth0 name eth0.1 type vlan id 1
>>> >> > ip link add link eth0 name eth0.101 type vlan id 101
>>> >> > ip addr add 0.0.0.0 dev eth0.1
>>> >> > ip addr add 0.0.0.0 dev eth0.101
>>> >> > ip link set eth0.101 up
>>> >> > ip link set eth0.1 up
>>> >> > brctl addbr br_vlan_1
>>> >> > brctl addbr br_vlan_101
>>> >> > brctl addif br_vlan_1 eth0.1
>>> >> > brctl addif br_vlan_101 eth0.101
>>> >> > ip addr add 0.0.0.0 dev br_vlan_1
>>> >> > ip
>>> >> > addr add 0.0.0.0 dev br_vlan_101
>>> >> > ip link set br_vlan_1 up
>>> >> > ip link set br_vlan_101 up
>>> >> >
>>> >> > Traffic on vlan 101 is working fine. Traffic on VLAN 1 is not working
>>> >> > cause the packets are going out from eth0 like tagged. How could i set
>>> >> > the VID 1 as untagged?
>>> >>
>>> >> What do you mean by "sending packets for VID 1, untagged " ?
>>> >>
>>>  on switch like Cisco: vlan 1 is the native vlan or default vlan so it is
>>>  untagged. untagged means packet has no vlan header.
>>>
>>> >>
>>> >> What is the difference between vlan 101 and vlan 1 ?
>>>
>>>  No other difference. Just because it is vlan 1  which is special in
>>>  switches(of course it can be changed on switch side but he doesn't want to)
>>
>> VID=1 is not the "known" native vlan at all, this is a vendor (stupid ?)
>> extension.
>>
> That is true. But in IEEE standard it also said you can specify
> whether a vlan can be untagged or tagged on egress.
>
>> There is no ID reserved to untagged traffic in the 802.1Q specs, since
>> by definition, if traffic is untagged, there is _no_ VLAN tag in the
>> frame.
>>
>> Untagged traffic on linux is on eth0 itself (ingress or egress), not on
>> eth0.xxx
>>
> If you want linux to do as a switch too, then you can have to make up
> something that what ERic said, use physical interface as the vlan 1,
> as it is untagged. When vlan 1 is not native vlan you have to change
> back to eth0.1. and change that new native vlan to physical interface.
>
> yao
>>
>>
>>
>

Re: VLAN 1 - Native

[Ben Hutchings]

On Wed, 2012-02-01 at 12:25 -0500, yao zhao wrote:
> How about this?
> 
> brctl addif br_vlan_1 eth0 eth1

Right, VID 1 is not special to Linux.

> brctl addif br_vlan_101 eth0.101 eth2.101

I think you mean eth2 rather than eth2.101.

This should work on:
1. Linux 2.6.36 and earlier, if eth0 has VLAN tag offload.
2. Linux 3.2 and later.

Ben.

-- 
Ben Hutchings, Staff Engineer, Solarflare
Not speaking for my employer; that's the marketing department's job.
They asked us to note that Solarflare product names are trademarked.

Re: VLAN 1 - Native

[Michal Soltys]

On 12-02-01 17:44, Leonardo Uzcudun wrote:
> I'm sorry guys but i'm not understanding. Allow me to ask in a different way.
>
> I've a linux computer with 3 network cards (eth0, eth1 and eth2)
>
> eth0 is connected to a switch with vlans config.
> eth1 is connected to a network that has VID 1
> eth2 is connected to a network that has VID 101
>

Assuming you have:

eth0: 1u 101t
eth1: 1u
eth2: 101u

would this work for you ?:

ip link add link eth0 name eth0.101 type vlan id 101
ebtables -t broute -A BROUTING -i eth0 --vlan-id 101 -j DROP
brctl addbr br_vlan_1
brctl addbr br_vlan_101
brctl addif br_vlan_1 eth0 eth1
brctl addif br_vlan_101 eth0.101 eth2

ebtables should make 101 tagged traffic go through br_vlan_101 instead 
of br_vlan_1

I think there's also option for doing it with single bridge interface 
and some more complex ebtables rules, but the above if I didn't miss 
anything, should work fine.

Re: VLAN 1 - Native

[yao zhao]

On Wed, Feb 1, 2012 at 1:14 PM, Ben Hutchings <bhutchings@solarflare.com> wrote:
> On Wed, 2012-02-01 at 12:25 -0500, yao zhao wrote:
>> How about this?
>>
>> brctl addif br_vlan_1 eth0 eth1
>
> Right, VID 1 is not special to Linux.
>
>> brctl addif br_vlan_101 eth0.101 eth2.101
>
> I think you mean eth2 rather than eth2.101.
>
I guess he means vlan 101 is tagged on eth2, if not (connected to
host, access port) then you are right.

> This should work on:
> 1. Linux 2.6.36 and earlier, if eth0 has VLAN tag offload.
> 2. Linux 3.2 and later.
>
Any reason?

> Ben.
>
> --
> Ben Hutchings, Staff Engineer, Solarflare
> Not speaking for my employer; that's the marketing department's job.
> They asked us to note that Solarflare product names are trademarked.
>

Re: VLAN 1 - Native

[Eric Dumazet]

Le mercredi 01 février 2012 à 15:52 -0500, yao zhao a écrit :

> > This should work on:
> > 1. Linux 2.6.36 and earlier, if eth0 has VLAN tag offload.
> > 2. Linux 3.2 and later.
> >
> Any reason?

Code was vastly changed by Jesse Gross in 2.6.36, and many adjustements,
bug fixes were needed to stabilize the thing.

This is was I suggested to try a recent kernel.

2.6.32 is too old to be discussed on netdev anymore.

Re: VLAN 1 - Native

[Leonardo Uzcudun]

Hello Guys,

Tested also in Ubuntu 2.6.38-13 and it is not working.
Tomorrow i'll test Michal suggestion and i'll let you know.



----- Messaggio originale -----
Da: Eric Dumazet <eric.dumazet@gmail.com>
A: yao zhao <yao.development@gmail.com>
Cc: Ben Hutchings <bhutchings@solarflare.com>; Leonardo Uzcudun <uzcudunl@yahoo.it>; "netdev@vger.kernel.org" <netdev@vger.kernel.org>
Inviato: Mercoledì 1 Febbraio 2012 22:01
Oggetto: Re: VLAN 1 - Native

Le mercredi 01 février 2012 à 15:52 -0500, yao zhao a écrit :

> > This should work on:
> > 1. Linux 2.6.36 and earlier, if eth0 has VLAN tag offload.
> > 2. Linux 3.2 and later.
> >
> Any reason?

Code was vastly changed by Jesse Gross in 2.6.36, and many adjustements,
bug fixes were needed to stabilize the thing.

This is was I suggested to try a recent kernel.

2.6.32 is too old to be discussed on netdev anymore.

Re: VLAN 1 - Native

[Leonardo Uzcudun]

Hello Michal:

It is working on kernel 3.0.0-15 Ubuntu. I've just to modify the ebtables command as:
ebtables -t broute -A BROUTING -i eth0 -p 802_1Q --vlan-id 101 -j DROP (protocol is a must when you use --vlan-id)


I'll test it on kernel 2.6.32-5 Debian


Just last question,in the case i should implement this kind of configuration in a kernel 2.6.31, should i backport/patch anything? is it a bad idea (running it on 2.6.31)?

Thanks again.

BR,

Leo



----- Messaggio originale -----
Da: Michal Soltys <soltys@ziu.info>
A: Leonardo Uzcudun <uzcudunl@yahoo.it>
Cc: yao zhao <yao.development@gmail.com>; Eric Dumazet <eric.dumazet@gmail.com>; "netdev@vger.kernel.org" <netdev@vger.kernel.org>
Inviato: Mercoledì 1 Febbraio 2012 20:26
Oggetto: Re: VLAN 1 - Native

On 12-02-01 17:44, Leonardo Uzcudun wrote:
> I'm sorry guys but i'm not understanding. Allow me to ask in a different way.
>
> I've a linux computer with 3 network cards (eth0, eth1 and eth2)
>
> eth0 is connected to a switch with vlans config.
> eth1 is connected to a network that has VID 1
> eth2 is connected to a network that has VID 101
>

Assuming you have:

eth0: 1u 101t
eth1: 1u
eth2: 101u

would this work for you ?:

ip link add link eth0 name eth0.101 type vlan id 101
ebtables -t broute -A BROUTING -i eth0 --vlan-id 101 -j DROP
brctl addbr br_vlan_1
brctl addbr br_vlan_101
brctl addif br_vlan_1 eth0 eth1
brctl addif br_vlan_101 eth0.101 eth2

ebtables should make 101 tagged traffic go through br_vlan_101 instead 
of br_vlan_1

I think there's also option for doing it with single bridge interface 
and some more complex ebtables rules, but the above if I didn't miss 
anything, should work fine.

Re: VLAN 1 - Native

[Eric Dumazet]

Le jeudi 02 février 2012 à 09:09 +0000, Leonardo Uzcudun a écrit :
> Hello Michal:
> 
> It is working on kernel 3.0.0-15 Ubuntu. I've just to modify the
> ebtables command as:
> ebtables -t broute -A BROUTING -i eth0 -p 802_1Q --vlan-id 101 -j DROP
> (protocol is a must when you use --vlan-id)
> 
> 
> I'll test it on kernel 2.6.32-5 Debian
> 
> 
> Just last question,in the case i should implement this kind of
> configuration in a kernel 2.6.31, should i backport/patch anything? is
> it a bad idea (running it on 2.6.31)?

This is going to be tough. 

The point of Jesse Gross (and others) work was exactly to permit better
vlan/bridge integration/stacking.

I am not saying you cant do it. If you really have time you certainly
can.

Re: VLAN 1 - Native

[Benny Amorsen]

Eric Dumazet <eric.dumazet@gmail.com> writes:

> There is no ID reserved to untagged traffic in the 802.1Q specs, since
> by definition, if traffic is untagged, there is _no_ VLAN tag in the
> frame.

This is not entirely true. If you want to send 802.1p-tagged packets
without a specific VLAN, you should use the 0 tag. I would say that
comes quite close to "The ID reserved to untagged traffic is 0".

It is, however, not 1.


/Benny

Re: VLAN 1 - Native

[Michal Soltys]

On 02.02.2012 10:12, Eric Dumazet wrote:
> Le jeudi 02 février 2012 à 09:09 +0000, Leonardo Uzcudun a écrit :
>> Hello Michal:
>>
>> It is working on kernel 3.0.0-15 Ubuntu. I've just to modify the
>> ebtables command as:
>> ebtables -t broute -A BROUTING -i eth0 -p 802_1Q --vlan-id 101 -j DROP
>> (protocol is a must when you use --vlan-id)
>>
>>
>> I'll test it on kernel 2.6.32-5 Debian
>>
>>
>> Just last question,in the case i should implement this kind of
>> configuration in a kernel 2.6.31, should i backport/patch anything? is
>> it a bad idea (running it on 2.6.31)?
>
> This is going to be tough.
>

Btw, this (ebtables broute drop) method has been mentioned in bridge-nf 
faq for ages (through most/all 2.6 kernels at least) - and for the very 
purpose of directing tagged/not tagged traffic to proper bridge 
interfaces. Shouldn't 2.6.31 be pretty safe in that regard ?

Or did you mean backporting/patching part ?

> The point of Jesse Gross (and others) work was exactly to permit better
> vlan/bridge integration/stacking.
>

Just to be sure - are those patches in any way changing / deprecating / 
conflicting with ebtables approach ?

Re: VLAN 1 - Native

[Eric Dumazet]

Le jeudi 02 février 2012 à 13:10 +0100, Benny Amorsen a écrit :
> Eric Dumazet <eric.dumazet@gmail.com> writes:
> 
> > There is no ID reserved to untagged traffic in the 802.1Q specs, since
> > by definition, if traffic is untagged, there is _no_ VLAN tag in the
> > frame.
> 
> This is not entirely true. If you want to send 802.1p-tagged packets
> without a specific VLAN, you should use the 0 tag. I would say that
> comes quite close to "The ID reserved to untagged traffic is 0".
> 
> It is, however, not 1.
> 

There is a big confusion on the subject and terminology


_IF_ a 802.1Q Header is present in a frame, VID is a 12 bits field.
In the standard, only 0x000 and 0xFFF are reserved. Not 1.
On linux you can still use the full range, if you really want.

_IF_ no 802.1Q header is present, there is no VLAN id included in the
frame. This is what I called "Untagged"


To send a frame without 802.1Q header on linux, use the undelying
device, eth0.

Dont expect eth0.XXX to send a frame without 802.1Q header, since
eth0.XXX is _requested_ to send a 802.1Q header.

Re: VLAN 1 - Native

[Jesse Gross]

On Thu, Feb 2, 2012 at 4:17 AM, Michal Soltys <soltys@ziu.info> wrote:
> On 02.02.2012 10:12, Eric Dumazet wrote:
>>
>> Le jeudi 02 février 2012 à 09:09 +0000, Leonardo Uzcudun a écrit :
>>>
>>> Hello Michal:
>>>
>>> It is working on kernel 3.0.0-15 Ubuntu. I've just to modify the
>>> ebtables command as:
>>> ebtables -t broute -A BROUTING -i eth0 -p 802_1Q --vlan-id 101 -j DROP
>>> (protocol is a must when you use --vlan-id)
>>>
>>>
>>> I'll test it on kernel 2.6.32-5 Debian
>>>
>>>
>>> Just last question,in the case i should implement this kind of
>>> configuration in a kernel 2.6.31, should i backport/patch anything? is
>>> it a bad idea (running it on 2.6.31)?
>>
>>
>> This is going to be tough.
>>
>
> Btw, this (ebtables broute drop) method has been mentioned in bridge-nf faq
> for ages (through most/all 2.6 kernels at least) - and for the very purpose
> of directing tagged/not tagged traffic to proper bridge interfaces.
> Shouldn't 2.6.31 be pretty safe in that regard ?
>
> Or did you mean backporting/patching part ?
>
>
>> The point of Jesse Gross (and others) work was exactly to permit better
>> vlan/bridge integration/stacking.
>>
>
> Just to be sure - are those patches in any way changing / deprecating /
> conflicting with ebtables approach ?

Nothing in ebtables changed.  The part that is different here is
whether the vlan device or the bridge takes priority for tagged
frames.  So on new kernels your ebtables command to reject packets
from the bridge back to the device isn't necessary because the device
will just take it in the first place but it shouldn't break things.

Based on your description, I suspect that this will work fine on your
old kernel.  Part of the problem that was fixed is that the result was
hardware dependent.