[Bridge] MAC intermittently being learnt on wrong port

Ryan King ryank at staff.globaldial.com
Thu Jan 7 19:25:10 PST 2010


Hi,

I am seeing a strange issue with a fairly simple bridge I have setup (for openvpn in bridge mode).

eth0 ---  [ openvpn machine  (tap0) ] --- eth1

The bridge is between tap0 and eth1 on a debian machine running on ESX 4.  (tap0 being the openvpn tunnel interface).  Intermittently, I see openvpn client MAC addresses on port 2 (eth1).  When this happens, their vpn link stops working, since arp replies are being sent back via the wrong interface.  But after a random amount of time, it will change back to port 1 (tap0) and start working again.  Sometimes this is quick, sometimes it doesn't happen for hours.

Anyone else had these issues?  I've searched the archives, and come across several people who seem to have had similar problems - but haven't found one that has a solution yet.

I'd appreciate any suggestions on where I should start looking to find out why/how these MAC's are being learnt on the wrong interface...


brctl show br0:

bridge name      bridge id                              STP enabled       interfaces
br0                         8000.005056b804c2         no                           eth1
                                                                                                                tap0


brctl showstp br0:

br0
 bridge id                             8000.005056b804c2
 designated root              8000.005056b804c2
 root port                                0                                           path cost                                0
 max age                                20.00                                   bridge max age                   20.00
 hello time                             2.00                                     bridge hello time               2.00
 forward delay                     5.00                                     bridge forward delay        5.00
 ageing time                       300.01
 hello timer                           1.19                                     tcn timer                                0.00
 topology change timer    0.00                                     gc timer                                  2.19
 flags


eth1 (2)
 port id                 8002                                       state                           forwarding
 designated root              8000.005056b804c2         path cost                             100
 designated bridge          8000.005056b804c2         message age timer            0.00
 designated port              8002                                       forward delay timer          0.00
 designated cost                  0                                           hold timer                             0.19
 flags

tap0 (1)
 port id                 8001                                       state                           forwarding
 designated root              8000.005056b804c2         path cost                             100
 designated bridge          8000.005056b804c2         message age timer            0.00
 designated port              8001                                       forward delay timer          0.00
 designated cost                  0                                           hold timer                             0.19
 flags


eg:
brctl showmacs br0:

port no mac addr                             is local?                ageing timer
  2            00:50:56:b8:04:c2             yes                            0.00
  1            00:ff:46:97:7f:d5               yes                            0.00
  2            7a:6e:9f:28:12:79              no                              0.56

7a:6e:9f:28:12:79 -- the openvpn client
00:ff:....   -- tap0
00:50:56...   -- eth1





Thanks,

Ryan

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux-foundation.org/pipermail/bridge/attachments/20100108/555484b7/attachment-0001.htm 


More information about the Bridge mailing list