[Bridge] Bridge and VLANs. Strange behaviour.

Gustavo Martin gu.martinm at gmail.com
Fri Sep 4 14:01:31 PDT 2009 

Thank you very much Nicolas,

     Your answer was very clear.

Thank you again for your help.

Gustavo Martin Morcuende


2009/9/4 Nicolas de Pesloüan <nicolas.2p.debian at free.fr>

> Gustavo Martin wrote:
>
>> Hello list,
>>
>>      I am trying to understand how the linux-based bridges work but I am
>> watching very strange things.
>>
>>      For example, if I have this configuration for the bridge BR0 with 2
>> physical interfaces eth0 and eth1:
>>
>> trying1.jpg
>>
>>     If PC1 sends an ARP REQUEST, PC2 receives this ARP REQUEST but they
>> are in different VLANs!
>>     Why the VLAN 20 can receive ARP REQUEST messages from the VLAN 10 and
>> why the VLAN 10 can receive ARP REPLY messages from VLAN 20 if they are
>> different VLANs? This is crazy for me.
>>     I think linux-based bridges don't work very well with VLANs (probably
>> I am wrong because I am just a beginner)
>>     Can someone help me to understand that? Your help would be very
>> appreciated. :-)
>>
>
> The behavior you describe is normal and exactly the one you asked for.
>
> You have put eth0.10 and eth1.20 in the same bridge, so you asked to bridge
> between eth0.10 and eth1.20.
>
> When a 802.1Q tagged packet is received on eth0, the kernel removes the
> 802.1Q header, having VLAN ID=10, then deliver the packet to eth0.10. Then,
> the kernel deliver the packet to the bridge, because eth0.10 is a member of
> the bridge.
>
> At this time, the bridge code has no knowledge of the original VLAN ID
> because this VLAN ID was removed before the bridge code has an opportunity
> to look at it.
>
> The bridge code send the un tagged packet to the right output port if it
> can find a suitable destination mac address entry in its mac_to_port table.
> Else, it simply send the untagged packet to all ports except the one where
> the packet was received on.
>
> So the untagged packet is sent to eth1.20. Then, the kernel add a 802.1Q
> header to the packet, with VLAN ID=20, then deliver the packet to eth1, to
> be sent on the wire.
>
> And you end up with the behavior you describe.
>
> If you want to bridge all ports in VLAN 10 together, all ports in VLAN 20
> together, and route between VLAN 10 and VLAN 20, you need to setup two
> different bridges :
>
> br10 : eth0.10 + eth1.10 + ... + ethN.10 and possibly some non-802.1Q
> ports.
> br20 : eth0.20 + eth1.20 + ... + ethN.20 and possibly some non-802.1Q
> ports.
>
> Then setup an IP address in the right subnet on br10 (192.168.1.1) and br20
> (172.16.1.1).
>
> Then ensure that routing is enabled :
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> Feel free to ask, if all this is not clear enough.
>
>        Nicolas.
>
>
>> Thanks in advance and sorry for my English.
>>
>> --
>> Gustavo Martín Morcuende
>>
>
>


-- 
Gustavo Martín Morcuende
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux-foundation.org/pipermail/bridge/attachments/20090904/88dbb850/attachment.htm

More information about the Bridge mailing list