[Bridge] Bridge and VLANs. Strange behaviour.

All of lore.kernel.org
 help / color / mirror / Atom feed

* [Bridge] Bridge and VLANs. Strange behaviour.
@ 2009-09-04  3:14 Gustavo Martin
  2009-09-04 19:53 ` Nicolas de Pesloüan
  0 siblings, 1 reply; 3+ messages in thread
From: Gustavo Martin @ 2009-09-04  3:14 UTC (permalink / raw)
  To: bridge


[-- Attachment #1.1: Type: text/plain, Size: 834 bytes --]

Hello list,

      I am trying to understand how the linux-based bridges work but I am
watching very strange things.

      For example, if I have this configuration for the bridge BR0 with 2
physical interfaces eth0 and eth1:

[image: trying1.jpg]

     If PC1 sends an ARP REQUEST, PC2 receives this ARP REQUEST but they are
in different VLANs!
     Why the VLAN 20 can receive ARP REQUEST messages from the VLAN 10 and
why the VLAN 10 can receive ARP REPLY messages from VLAN 20 if they are
different VLANs? This is crazy for me.
     I think linux-based bridges don't work very well with VLANs (probably I
am wrong because I am just a beginner)
     Can someone help me to understand that? Your help would be very
appreciated. :-)

Thanks in advance and sorry for my English.

-- 
Gustavo Martín Morcuende

[-- Attachment #1.2: Type: text/html, Size: 944 bytes --]

[-- Attachment #2: trying1.jpg --]
[-- Type: image/jpeg, Size: 21465 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [Bridge] Bridge and VLANs. Strange behaviour.
  2009-09-04  3:14 [Bridge] Bridge and VLANs. Strange behaviour Gustavo Martin
@ 2009-09-04 19:53 ` Nicolas de Pesloüan
  2009-09-04 21:01   ` Gustavo Martin
  0 siblings, 1 reply; 3+ messages in thread
From: Nicolas de Pesloüan @ 2009-09-04 19:53 UTC (permalink / raw)
  To: Gustavo Martin; +Cc: bridge

Gustavo Martin wrote:
> Hello list,
> 
>       I am trying to understand how the linux-based bridges work but I 
> am watching very strange things.
> 
>       For example, if I have this configuration for the bridge BR0 with 
> 2 physical interfaces eth0 and eth1:
> 
> trying1.jpg
> 
>      If PC1 sends an ARP REQUEST, PC2 receives this ARP REQUEST but they 
> are in different VLANs!
>      Why the VLAN 20 can receive ARP REQUEST messages from the VLAN 10 
> and why the VLAN 10 can receive ARP REPLY messages from VLAN 20 if they 
> are different VLANs? This is crazy for me.
>      I think linux-based bridges don't work very well with VLANs 
> (probably I am wrong because I am just a beginner)
>      Can someone help me to understand that? Your help would be very 
> appreciated. :-)

The behavior you describe is normal and exactly the one you asked for.

You have put eth0.10 and eth1.20 in the same bridge, so you asked to bridge 
between eth0.10 and eth1.20.

When a 802.1Q tagged packet is received on eth0, the kernel removes the 802.1Q 
header, having VLAN ID=10, then deliver the packet to eth0.10. Then, the kernel 
deliver the packet to the bridge, because eth0.10 is a member of the bridge.

At this time, the bridge code has no knowledge of the original VLAN ID because 
this VLAN ID was removed before the bridge code has an opportunity to look at it.

The bridge code send the un tagged packet to the right output port if it can 
find a suitable destination mac address entry in its mac_to_port table. Else, it 
simply send the untagged packet to all ports except the one where the packet was 
received on.

So the untagged packet is sent to eth1.20. Then, the kernel add a 802.1Q header 
to the packet, with VLAN ID=20, then deliver the packet to eth1, to be sent on 
the wire.

And you end up with the behavior you describe.

If you want to bridge all ports in VLAN 10 together, all ports in VLAN 20 
together, and route between VLAN 10 and VLAN 20, you need to setup two different 
bridges :

br10 : eth0.10 + eth1.10 + ... + ethN.10 and possibly some non-802.1Q ports.
br20 : eth0.20 + eth1.20 + ... + ethN.20 and possibly some non-802.1Q ports.

Then setup an IP address in the right subnet on br10 (192.168.1.1) and br20 
(172.16.1.1).

Then ensure that routing is enabled :

echo 1 > /proc/sys/net/ipv4/ip_forward

Feel free to ask, if all this is not clear enough.

	Nicolas.
> 
> Thanks in advance and sorry for my English.
> 
> -- 
> Gustavo Martín Morcuende

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [Bridge] Bridge and VLANs. Strange behaviour.
  2009-09-04 19:53 ` Nicolas de Pesloüan
@ 2009-09-04 21:01   ` Gustavo Martin
  0 siblings, 0 replies; 3+ messages in thread
From: Gustavo Martin @ 2009-09-04 21:01 UTC (permalink / raw)
  To: Nicolas de Pesloüan; +Cc: bridge

[-- Attachment #1: Type: text/plain, Size: 2884 bytes --]

Thank you very much Nicolas,

     Your answer was very clear.

Thank you again for your help.

Gustavo Martin Morcuende


2009/9/4 Nicolas de Pesloüan <nicolas.2p.debian@free.fr>

> Gustavo Martin wrote:
>
>> Hello list,
>>
>>      I am trying to understand how the linux-based bridges work but I am
>> watching very strange things.
>>
>>      For example, if I have this configuration for the bridge BR0 with 2
>> physical interfaces eth0 and eth1:
>>
>> trying1.jpg
>>
>>     If PC1 sends an ARP REQUEST, PC2 receives this ARP REQUEST but they
>> are in different VLANs!
>>     Why the VLAN 20 can receive ARP REQUEST messages from the VLAN 10 and
>> why the VLAN 10 can receive ARP REPLY messages from VLAN 20 if they are
>> different VLANs? This is crazy for me.
>>     I think linux-based bridges don't work very well with VLANs (probably
>> I am wrong because I am just a beginner)
>>     Can someone help me to understand that? Your help would be very
>> appreciated. :-)
>>
>
> The behavior you describe is normal and exactly the one you asked for.
>
> You have put eth0.10 and eth1.20 in the same bridge, so you asked to bridge
> between eth0.10 and eth1.20.
>
> When a 802.1Q tagged packet is received on eth0, the kernel removes the
> 802.1Q header, having VLAN ID=10, then deliver the packet to eth0.10. Then,
> the kernel deliver the packet to the bridge, because eth0.10 is a member of
> the bridge.
>
> At this time, the bridge code has no knowledge of the original VLAN ID
> because this VLAN ID was removed before the bridge code has an opportunity
> to look at it.
>
> The bridge code send the un tagged packet to the right output port if it
> can find a suitable destination mac address entry in its mac_to_port table.
> Else, it simply send the untagged packet to all ports except the one where
> the packet was received on.
>
> So the untagged packet is sent to eth1.20. Then, the kernel add a 802.1Q
> header to the packet, with VLAN ID=20, then deliver the packet to eth1, to
> be sent on the wire.
>
> And you end up with the behavior you describe.
>
> If you want to bridge all ports in VLAN 10 together, all ports in VLAN 20
> together, and route between VLAN 10 and VLAN 20, you need to setup two
> different bridges :
>
> br10 : eth0.10 + eth1.10 + ... + ethN.10 and possibly some non-802.1Q
> ports.
> br20 : eth0.20 + eth1.20 + ... + ethN.20 and possibly some non-802.1Q
> ports.
>
> Then setup an IP address in the right subnet on br10 (192.168.1.1) and br20
> (172.16.1.1).
>
> Then ensure that routing is enabled :
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> Feel free to ask, if all this is not clear enough.
>
>        Nicolas.
>
>
>> Thanks in advance and sorry for my English.
>>
>> --
>> Gustavo Martín Morcuende
>>
>
>


-- 
Gustavo Martín Morcuende

[-- Attachment #2: Type: text/html, Size: 3627 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2009-09-04 21:01 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-09-04  3:14 [Bridge] Bridge and VLANs. Strange behaviour Gustavo Martin
2009-09-04 19:53 ` Nicolas de Pesloüan
2009-09-04 21:01   ` Gustavo Martin

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.