Re: Bridges on VLAN-tagged interfaces.
> Am 11.03.2019 um 11:48 schrieb Eric Bautsch: > ? > > |ifconfig bridge create ifconfig bridge1 addm re0.33| > > > > If I now put an IP on that bridge instead of re0.33, it does not ping. > > > > If I do a broadcast ping from another host on that network thus > > (Solaris system issuing the ping): > > ping -sn 192.168.33.255 > > > > I can see packets arriving if I |tcpdump -i re0.33| and if I |tcpdump > > -i bridge1| > > However, on neither interface do I see any pings coming in when I ping > > it's own address (in this case 192.168.33.20). > > IP stack processes them without passing it to the interface(s), so > that's not unusual. > > > > The Solaris system issuing the pings has learned the arp address of > > the bridge though: > > Code: > > > > |root@gaspra # arp -an | grep 192.168.33.20 net1 192.168.33.20 > > 255.255.255.255 02:a7:91:b6:3a:01| > > > > If I |tcpdump -i bridge1|, I do get some packets, but not any echo > > requests: > > Code: > > > > |root@bianca # tcpdump -i bridge1 tcpdump: verbose output suppressed, > > use -v or -vv for full protocol decode listening on bridge1, link-type > > EN10MB (Ethernet), capture size 262144 bytes 11:05:26.081185 ARP, > > Request who-has 192.168.33.20 (Broadcast) tell > > juliet-punchin.swangage.co.uk, length 46 11:05:26.081197 ARP, Reply > > 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui Unknown), length 28 > > 11:05:38.201079 IP6 fe80::7285:c2ff:fea6:583c > ff02::2: ICMP6, router > > solicitation, length 16 11:06:04.079441 ARP, Request who-has > > 192.168.33.20 (Broadcast) tell juliet-punchin.swangage.co.uk, length > > 46 11:06:04.079464 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 > > (oui Unknown), length 28 11:06:17.588644 ARP, Request who-has > > 192.168.33.20 (Broadcast) tell gaspra-punchin.swangage.co.uk, length > > 46 11:06:17.588665 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 > > (oui Unknown), length 28| > > If I read it corretcly, all you get are ethernet broadcast frames. > (Hard) Reading next: > ? > > |root@bianca # ifconfig -a re0: > > flags=8943 metric 0 > > mtu 1500 > > options=8209b > > > > ether 80> > ) status: active nd6 > > options=29 lo0: > > flags=8049 metric 0 mtu 16384 > > options=680003 inet6 > > ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet > > 127.0.0.1 netmask 0xff00 groups: lo nd6 > > options=21 bridge0: > > flags=8843 metric 0 mtu 1500 > > ether 02:a7:91:b6:3a:00 inet 192.168.140.85 netmask 0xff00 > > broadcast 192.168.140.255 id 00:00:00:00:00:00 priority 32768 > > hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 > > timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > > member: re0 flags=143 ifmaxaddr 0 > > port 1 priority 128 path cost 55 groups: bridge nd6 > > options=9 re0.33: > > flags=8943 metric 0 > > mtu 1500 options=80003 ether > > 80> > scopeid 0x4 groups: vlan vlan: 33 vlanpcp: 0 parent interface: re0 > > media: Ethernet autoselect (1000baseT ) status: > > active nd6 options=21 bridge1: > > flags=8843 metric 0 mtu 1500 > > ether 02:a7:91:b6:3a:01 inet 192.168.33.20 netmask 0xff00 > > broadcast 192.168.33.255 id 00:00:00:00:00:00 priority 32768 hellotime > > 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 > > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: > > re0.33 flags=143 ifmaxaddr 0 port > > 4 priority 128 path cost 2 groups: bridge nd6 > > options=9 root@bianca #| > > Here you have a universally administered addresses (UAA) on the parent > interface re0, which is the same for the vlan clone re0.33, and a > locally administered addresses (LAA) on if_bridge(4), which was verified > to be announced. > In order to get through the MAC filter of the ethernet interface, re0.33 > must be in PROMISC mode. > I remember having seen two different PROMISC interface status ? never > tracked it down.? But issuing 'ifconfig re0.33 promisc' might result in > a second PROMISC status report on re0.33 and a working setup... > If so, one has to discover the mystery of the 1st PROMISC status report, > and file a bug reports probably. Oh, I think you just tickled a brain cell on another problem I was seeing in another place with bhyve, bridges and taps. I need to recreate that configuration and see if infact it is a missing promisc on an interface. Thank YOU! > Best, > -harry -- Rod Grimes rgri...@freebsd.org ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Bridges on VLAN-tagged interfaces.
Am 15.03.2019 um 11:21 schrieb Harry Schmalzbauer: Am 11.03.2019 um 11:48 schrieb Eric Bautsch: … |ifconfig bridge create ifconfig bridge1 addm re0.33| If I now put an IP on that bridge instead of re0.33, it does not ping. If I do a broadcast ping from another host on that network thus (Solaris system issuing the ping): ping -sn 192.168.33.255 I can see packets arriving if I |tcpdump -i re0.33| and if I |tcpdump -i bridge1| However, on neither interface do I see any pings coming in when I ping it's own address (in this case 192.168.33.20). IP stack processes them without passing it to the interface(s), so that's not unusual. The Solaris system issuing the pings has learned the arp address of the bridge though: Code: |root@gaspra # arp -an | grep 192.168.33.20 net1 192.168.33.20 255.255.255.255 02:a7:91:b6:3a:01| If I |tcpdump -i bridge1|, I do get some packets, but not any echo requests: Code: |root@bianca # tcpdump -i bridge1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on bridge1, link-type EN10MB (Ethernet), capture size 262144 bytes 11:05:26.081185 ARP, Request who-has 192.168.33.20 (Broadcast) tell juliet-punchin.swangage.co.uk, length 46 11:05:26.081197 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui Unknown), length 28 11:05:38.201079 IP6 fe80::7285:c2ff:fea6:583c > ff02::2: ICMP6, router solicitation, length 16 11:06:04.079441 ARP, Request who-has 192.168.33.20 (Broadcast) tell juliet-punchin.swangage.co.uk, length 46 11:06:04.079464 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui Unknown), length 28 11:06:17.588644 ARP, Request who-has 192.168.33.20 (Broadcast) tell gaspra-punchin.swangage.co.uk, length 46 11:06:17.588665 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui Unknown), length 28| If I read it corretcly, all you get are ethernet broadcast frames. (Hard) Reading next: … |root@bianca # ifconfig -a re0: flags=8943 metric 0 mtu 1500 options=8209b ether 8073:63:5c:48 media: Ethernet autoselect (1000baseT ) status: active nd6 options=29 lo0: flags=8049 metric 0 mtu 16384 options=680003 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 127.0.0.1 netmask 0xff00 groups: lo nd6 options=21 bridge0: flags=8843 metric 0 mtu 1500 ether 02:a7:91:b6:3a:00 inet 192.168.140.85 netmask 0xff00 broadcast 192.168.140.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: re0 flags=143 ifmaxaddr 0 port 1 priority 128 path cost 55 groups: bridge nd6 options=9 re0.33: flags=8943 metric 0 mtu 1500 options=80003 ether 8073:63:5c:48 inet6 fe80::82ee:73ff:fe63:5c48%re0.33 prefixlen 64 scopeid 0x4 groups: vlan vlan: 33 vlanpcp: 0 parent interface: re0 media: Ethernet autoselect (1000baseT ) status: active nd6 options=21 bridge1: flags=8843 metric 0 mtu 1500 ether 02:a7:91:b6:3a:01 inet 192.168.33.20 netmask 0xff00 broadcast 192.168.33.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: re0.33 flags=143 ifmaxaddr 0 port 4 priority 128 path cost 2 groups: bridge nd6 options=9 root@bianca #| Here you have a universally administered addresses (UAA) on the parent interface re0, which is the same for the vlan clone re0.33, and a locally administered addresses (LAA) on if_bridge(4), which was verified to be announced. In order to get through the MAC filter of the ethernet interface, re0.33 must be in PROMISC mode. I remember having seen two different PROMISC interface status – never tracked it down. But issuing 'ifconfig re0.33 promisc' might result in a second PROMISC status report on re0.33 and a working setup... Should have read man page before posting, sorry. This is supposed to be done by ifconfig(8)'s "addm" command. But like mentioned, I can see PROMISC _two_ times in the interface status line of ifconfig(8), after putting the interface manually in permanent promisc mode (stable/12). Don't know how the filter of the parent interface is involved in the vlan clone and I have no idea if "addm" respects it, in case it is involved. Before code inspection, I'd try and put the parent re0 manually into permanent promisc mode and see if you can see unicast frames afterwards. -Harry ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Bridges on VLAN-tagged interfaces.
Am 11.03.2019 um 11:48 schrieb Eric Bautsch: … |ifconfig bridge create ifconfig bridge1 addm re0.33| If I now put an IP on that bridge instead of re0.33, it does not ping. If I do a broadcast ping from another host on that network thus (Solaris system issuing the ping): ping -sn 192.168.33.255 I can see packets arriving if I |tcpdump -i re0.33| and if I |tcpdump -i bridge1| However, on neither interface do I see any pings coming in when I ping it's own address (in this case 192.168.33.20). IP stack processes them without passing it to the interface(s), so that's not unusual. The Solaris system issuing the pings has learned the arp address of the bridge though: Code: |root@gaspra # arp -an | grep 192.168.33.20 net1 192.168.33.20 255.255.255.255 02:a7:91:b6:3a:01| If I |tcpdump -i bridge1|, I do get some packets, but not any echo requests: Code: |root@bianca # tcpdump -i bridge1 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on bridge1, link-type EN10MB (Ethernet), capture size 262144 bytes 11:05:26.081185 ARP, Request who-has 192.168.33.20 (Broadcast) tell juliet-punchin.swangage.co.uk, length 46 11:05:26.081197 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui Unknown), length 28 11:05:38.201079 IP6 fe80::7285:c2ff:fea6:583c > ff02::2: ICMP6, router solicitation, length 16 11:06:04.079441 ARP, Request who-has 192.168.33.20 (Broadcast) tell juliet-punchin.swangage.co.uk, length 46 11:06:04.079464 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui Unknown), length 28 11:06:17.588644 ARP, Request who-has 192.168.33.20 (Broadcast) tell gaspra-punchin.swangage.co.uk, length 46 11:06:17.588665 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui Unknown), length 28| If I read it corretcly, all you get are ethernet broadcast frames. (Hard) Reading next: … |root@bianca # ifconfig -a re0: flags=8943 metric 0 mtu 1500 options=8209b ether 8073:63:5c:48 media: Ethernet autoselect (1000baseT ) status: active nd6 options=29 lo0: flags=8049 metric 0 mtu 16384 options=680003 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 127.0.0.1 netmask 0xff00 groups: lo nd6 options=21 bridge0: flags=8843 metric 0 mtu 1500 ether 02:a7:91:b6:3a:00 inet 192.168.140.85 netmask 0xff00 broadcast 192.168.140.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: re0 flags=143 ifmaxaddr 0 port 1 priority 128 path cost 55 groups: bridge nd6 options=9 re0.33: flags=8943 metric 0 mtu 1500 options=80003 ether 8073:63:5c:48 inet6 fe80::82ee:73ff:fe63:5c48%re0.33 prefixlen 64 scopeid 0x4 groups: vlan vlan: 33 vlanpcp: 0 parent interface: re0 media: Ethernet autoselect (1000baseT ) status: active nd6 options=21 bridge1: flags=8843 metric 0 mtu 1500 ether 02:a7:91:b6:3a:01 inet 192.168.33.20 netmask 0xff00 broadcast 192.168.33.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: re0.33 flags=143 ifmaxaddr 0 port 4 priority 128 path cost 2 groups: bridge nd6 options=9 root@bianca #| Here you have a universally administered addresses (UAA) on the parent interface re0, which is the same for the vlan clone re0.33, and a locally administered addresses (LAA) on if_bridge(4), which was verified to be announced. In order to get through the MAC filter of the ethernet interface, re0.33 must be in PROMISC mode. I remember having seen two different PROMISC interface status – never tracked it down. But issuing 'ifconfig re0.33 promisc' might result in a second PROMISC status report on re0.33 and a working setup... If so, one has to discover the mystery of the 1st PROMISC status report, and file a bug reports probably. Best, -harry ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
