* [Bridge] Bridging untagged and tagged VLANs
@ 2009-07-21 21:52 Michael Tremer
2009-07-21 22:59 ` richardvoigt
2009-07-22 3:49 ` Simon Barber
0 siblings, 2 replies; 11+ messages in thread
From: Michael Tremer @ 2009-07-21 21:52 UTC (permalink / raw)
To: bridge
Hello everybody,
I got a weird problem but don't know if it is expected to work.
brctl addbr br0
vconfig add eth0 30
brctl addif br0 eth0.30
Until here, everythink works well... I can access the VLAN with id 30.
But when I run the following:
brctl addif br0 eth0
Then, I can't access the VLAN any more but the untagged LAN.
But instead of adding eth0:
vconfig add eth0 40
brctl addif br0 eth0.40
It works.
It would be nice if you can me give a short advice...
Is it not possible to bridge an untagged LAN with a tagged VLAN or
is this a bug?
Sincerely,
Michael
Kernel 2.6.29, brctl 1.4
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Bridge] Bridging untagged and tagged VLANs
2009-07-21 21:52 [Bridge] Bridging untagged and tagged VLANs Michael Tremer
@ 2009-07-21 22:59 ` richardvoigt
2009-07-22 8:51 ` Benny Amorsen
2009-07-22 8:55 ` Benny Amorsen
2009-07-22 3:49 ` Simon Barber
1 sibling, 2 replies; 11+ messages in thread
From: richardvoigt @ 2009-07-21 22:59 UTC (permalink / raw)
To: Michael Tremer; +Cc: bridge
On Tue, Jul 21, 2009 at 4:52 PM, Michael
Tremer<michael.tremer@ipfire.org> wrote:
> Hello everybody,
> I got a weird problem but don't know if it is expected to work.
>
> brctl addbr br0
> vconfig add eth0 30
> brctl addif br0 eth0.30
>
> Until here, everythink works well... I can access the VLAN with id 30.
> But when I run the following:
>
> brctl addif br0 eth0
I'm sure someone will step in and correct me if I'm wrong.
You are wanting to treat packets with no VLAN header the same as those
tagged in VLAN 30. But "eth0" does not mean "packets with no VLAN
header", it means *ALL* packets which arrive through eth0. This
packet stream is passed through VLAN processing and distribution is
done, dealing the payloads (now without the VLAN header) to the
virtual interfaces.
Imagine if the bridge module blindly did what you asked. Then every
packet in eth0.30 would have a VLAN header added and placed into eth0
for transmission. Because eth0 is part of a bridge, it is eligible
for transmission through each port of the bridge, so it is copied to
eth0.30. Now the VLAN module processes it out, adding a VLAN header
and placing it into eth0. The snowball effect would quickly swamp the
network. So bridge ignores the virtual slave interfaces if you brctl
addif the master device.
I don't think Linux VLAN support provides a way to separate packets
with _no_ VLAN header onto a virtual interface, but that surely sounds
useful. There'd be problems with nested VLANs though. In a system
with two layer nesting, is a packet that arrives with only one tag
treated as missing the inner tag or the outer one?
>
> Then, I can't access the VLAN any more but the untagged LAN.
> But instead of adding eth0:
>
> vconfig add eth0 40
> brctl addif br0 eth0.40
>
> It works.
>
> It would be nice if you can me give a short advice...
> Is it not possible to bridge an untagged LAN with a tagged VLAN or
> is this a bug?
>
> Sincerely,
>
> Michael
>
> Kernel 2.6.29, brctl 1.4
>
> _______________________________________________
> Bridge mailing list
> Bridge@lists.linux-foundation.org
> https://lists.linux-foundation.org/mailman/listinfo/bridge
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Bridge] Bridging untagged and tagged VLANs
2009-07-21 22:59 ` richardvoigt
@ 2009-07-22 8:51 ` Benny Amorsen
2009-07-22 8:55 ` Benny Amorsen
1 sibling, 0 replies; 11+ messages in thread
From: Benny Amorsen @ 2009-07-22 8:51 UTC (permalink / raw)
To: bridge
"richardvoigt@gmail.com" <richardvoigt@gmail.com> writes:
> I don't think Linux VLAN support provides a way to separate packets
> with _no_ VLAN header onto a virtual interface, but that surely sounds
> useful.
It would be handy if VLAN 0 meant "packets tagged with VLAN 0 + packets
without tags". The VLAN 0 tag is reserved for packets in the native VLAN
which need 802.1p priority.
Then you could bridge eth0.0 and eth0.30 for the desired effect.
/Benny
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Bridge] Bridging untagged and tagged VLANs
2009-07-21 22:59 ` richardvoigt
2009-07-22 8:51 ` Benny Amorsen
@ 2009-07-22 8:55 ` Benny Amorsen
1 sibling, 0 replies; 11+ messages in thread
From: Benny Amorsen @ 2009-07-22 8:55 UTC (permalink / raw)
To: richardvoigt@gmail.com; +Cc: bridge, Michael Tremer
Oh, and:
"richardvoigt@gmail.com" <richardvoigt@gmail.com> writes:
> There'd be problems with nested VLANs though. In a system
> with two layer nesting, is a packet that arrives with only one tag
> treated as missing the inner tag or the outer one?
Inner tag missing. So eth0.0.30 would not ever receive any traffic (or
be able to send it in a RFC-conformant way), whereas eth0.30.0 would be
fine.
/Benny
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Bridge] Bridging untagged and tagged VLANs
2009-07-21 21:52 [Bridge] Bridging untagged and tagged VLANs Michael Tremer
2009-07-21 22:59 ` richardvoigt
@ 2009-07-22 3:49 ` Simon Barber
2009-07-22 7:35 ` Michael Tremer
2009-07-22 20:41 ` Michael Tremer
1 sibling, 2 replies; 11+ messages in thread
From: Simon Barber @ 2009-07-22 3:49 UTC (permalink / raw)
To: Michael Tremer; +Cc: bridge
To do this seamlessly you need a VLAN aware bridge - the kernel has
separate support for VLAN and bridging, but not integrated. I posted a
patch a while back to fix this - see here:
http://www.mail-archive.com/bridge@lists.osdl.org/msg01440.html
It was for a 2.4 kernel, but shouldn't take too much work to port to 2.6.
Simon
Michael Tremer wrote:
> Hello everybody,
> I got a weird problem but don't know if it is expected to work.
>
> brctl addbr br0
> vconfig add eth0 30
> brctl addif br0 eth0.30
>
> Until here, everythink works well... I can access the VLAN with id 30.
> But when I run the following:
>
> brctl addif br0 eth0
>
> Then, I can't access the VLAN any more but the untagged LAN.
> But instead of adding eth0:
>
> vconfig add eth0 40
> brctl addif br0 eth0.40
>
> It works.
>
> It would be nice if you can me give a short advice...
> Is it not possible to bridge an untagged LAN with a tagged VLAN or
> is this a bug?
>
> Sincerely,
>
> Michael
>
> Kernel 2.6.29, brctl 1.4
>
> _______________________________________________
> Bridge mailing list
> Bridge@lists.linux-foundation.org
> https://lists.linux-foundation.org/mailman/listinfo/bridge
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Bridge] Bridging untagged and tagged VLANs
2009-07-22 3:49 ` Simon Barber
@ 2009-07-22 7:35 ` Michael Tremer
2009-07-22 20:30 ` Nicolas de Pesloüan
2009-07-22 20:41 ` Michael Tremer
1 sibling, 1 reply; 11+ messages in thread
From: Michael Tremer @ 2009-07-22 7:35 UTC (permalink / raw)
To: simon; +Cc: bridge
Thanks for your answers.
In this mail on
http://www.mail-archive.com/bridge@lists.osdl.org/msg01440.html
there is the following sentence: "- Add native support for an untagged
vlan. Currently an untagged
vlan can be implimented using ebtables or similar."
Do you know how to do this? Seems to be the easiest way for me, because
I don't
think that I would be able to port this patch to 2.6. (But may be there
is somebody who
would like to do this. I want to put all these things into a linux
firewall www.ipfire.org, though there
is an efford for the open source community.)
Have you ever submitted this patch to the kernel developers?
Michael
Simon Barber wrote:
> To do this seamlessly you need a VLAN aware bridge - the kernel has
> separate support for VLAN and bridging, but not integrated. I posted a
> patch a while back to fix this - see here:
>
> http://www.mail-archive.com/bridge@lists.osdl.org/msg01440.html
>
> It was for a 2.4 kernel, but shouldn't take too much work to port to 2.6.
>
> Simon
>
>
> Michael Tremer wrote:
>> Hello everybody,
>> I got a weird problem but don't know if it is expected to work.
>>
>> brctl addbr br0
>> vconfig add eth0 30
>> brctl addif br0 eth0.30
>>
>> Until here, everythink works well... I can access the VLAN with id 30.
>> But when I run the following:
>>
>> brctl addif br0 eth0
>>
>> Then, I can't access the VLAN any more but the untagged LAN.
>> But instead of adding eth0:
>>
>> vconfig add eth0 40
>> brctl addif br0 eth0.40
>>
>> It works.
>>
>> It would be nice if you can me give a short advice...
>> Is it not possible to bridge an untagged LAN with a tagged VLAN or
>> is this a bug?
>>
>> Sincerely,
>>
>> Michael
>>
>> Kernel 2.6.29, brctl 1.4
>>
>> _______________________________________________
>> Bridge mailing list
>> Bridge@lists.linux-foundation.org
>> https://lists.linux-foundation.org/mailman/listinfo/bridge
>>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Bridge] Bridging untagged and tagged VLANs
2009-07-22 7:35 ` Michael Tremer
@ 2009-07-22 20:30 ` Nicolas de Pesloüan
2009-07-22 20:47 ` Michael Tremer
0 siblings, 1 reply; 11+ messages in thread
From: Nicolas de Pesloüan @ 2009-07-22 20:30 UTC (permalink / raw)
To: Michael Tremer; +Cc: bridge
Michael Tremer wrote:
>
> In this mail on
> http://www.mail-archive.com/bridge@lists.osdl.org/msg01440.html
> there is the following sentence: "- Add native support for an untagged
> vlan. Currently an untagged vlan can be implimented using ebtables or
> similar."
>
> Do you know how to do this?
For as far as I remember, the right way to do it with ebtables is :
brctl addbr br0
vconfig add eth0 30
brctl addif br0 eth0.30
brctl addif br0 eth0
ebtables --table broute -A BROUTING --protocol 802_1Q --vlan-id 30
--jump DROP
Normally, a DROP target in BROUTING let the frame being ROUTED. The
exact behavior is "give it to upper layer", which is IP in most case.
But, for a 802.1q tagged frame, the upper layer is "remove the 802.1q
header and give it again to lower layer, on the right interface".
So this ebtables entry deny the bridge the opportunity to eat frames
having a 802.1q vlan id = 30, giving the opportunity to the vlan stack
to remove the vlan header and give it to eth0.30...
Not tested, because I don't have a bridge available right now, but this
should work.
Of course, if you add several eth0.X interfaces to the bridge, you
should add the corresponding ebtables entry. For very special
configuration, --in-interface eth0 might be necessary too.
Just thinking about it, the --vlan-id 30 might be useless. Juste having
--protocol 802_1Q might be enough for simple configuration. Just try and
told us.
HTH.
Nicolas.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Bridge] Bridging untagged and tagged VLANs
2009-07-22 20:30 ` Nicolas de Pesloüan
@ 2009-07-22 20:47 ` Michael Tremer
2009-07-22 21:14 ` Nicolas de Pesloüan
0 siblings, 1 reply; 11+ messages in thread
From: Michael Tremer @ 2009-07-22 20:47 UTC (permalink / raw)
To: Nicolas de Pesloüan; +Cc: bridge
Oops, just sent the email when your one scrabbled to my inbox.
https://lists.linux-foundation.org/pipermail/bridge/2009-July/006626.html
I applied that ebtables rule to the chain but no packages got to the
vlan interface (eth0.30) anymore.
Michael
Nicolas de Pesloüan wrote:
> Michael Tremer wrote:
>>
>> In this mail on
>> http://www.mail-archive.com/bridge@lists.osdl.org/msg01440.html
>> there is the following sentence: "- Add native support for an untagged
>> vlan. Currently an untagged vlan can be implimented using ebtables or
> > similar."
>>
>> Do you know how to do this?
>
> For as far as I remember, the right way to do it with ebtables is :
>
> brctl addbr br0
> vconfig add eth0 30
> brctl addif br0 eth0.30
> brctl addif br0 eth0
>
> ebtables --table broute -A BROUTING --protocol 802_1Q --vlan-id 30
> --jump DROP
>
> Normally, a DROP target in BROUTING let the frame being ROUTED. The
> exact behavior is "give it to upper layer", which is IP in most case.
> But, for a 802.1q tagged frame, the upper layer is "remove the 802.1q
> header and give it again to lower layer, on the right interface".
>
> So this ebtables entry deny the bridge the opportunity to eat frames
> having a 802.1q vlan id = 30, giving the opportunity to the vlan stack
> to remove the vlan header and give it to eth0.30...
>
> Not tested, because I don't have a bridge available right now, but
> this should work.
>
> Of course, if you add several eth0.X interfaces to the bridge, you
> should add the corresponding ebtables entry. For very special
> configuration, --in-interface eth0 might be necessary too.
>
> Just thinking about it, the --vlan-id 30 might be useless. Juste
> having --protocol 802_1Q might be enough for simple configuration.
> Just try and told us.
>
> HTH.
>
> Nicolas.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Bridge] Bridging untagged and tagged VLANs
2009-07-22 20:47 ` Michael Tremer
@ 2009-07-22 21:14 ` Nicolas de Pesloüan
2009-07-23 7:54 ` Michael Tremer
0 siblings, 1 reply; 11+ messages in thread
From: Nicolas de Pesloüan @ 2009-07-22 21:14 UTC (permalink / raw)
To: Michael Tremer; +Cc: bridge
Michael Tremer wrote:
> Oops, just sent the email when your one scrabbled to my inbox.
>
> https://lists.linux-foundation.org/pipermail/bridge/2009-July/006626.html
>
> I applied that ebtables rule to the chain but no packages got to the
> vlan interface (eth0.30) anymore.
>
> Michael
For as far as I remember, this hack works really well when eth0 and
eth0.30 are not in the same bridge (br0/br1). Anyway, I cannot think of
a good reason for it not to work in a single bridge.
Try and dig around with ebtable, using the logging feature. Im' pretty
sure it works, but does not have a bridge available here to test.
I googled around to try and find the original web page where a learned
this hack, but without any success. You can try, searching for
ebtables+BROUTING+DROP+802_1Q+vlan-id and so on...
Nicolas.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Bridge] Bridging untagged and tagged VLANs
2009-07-22 21:14 ` Nicolas de Pesloüan
@ 2009-07-23 7:54 ` Michael Tremer
0 siblings, 0 replies; 11+ messages in thread
From: Michael Tremer @ 2009-07-23 7:54 UTC (permalink / raw)
To: Nicolas de Pesloüan; +Cc: bridge
Nicolas de Pesloüan wrote:
> Michael Tremer wrote:
>> Oops, just sent the email when your one scrabbled to my inbox.
>>
>> https://lists.linux-foundation.org/pipermail/bridge/2009-July/006626.html
>>
>>
>> I applied that ebtables rule to the chain but no packages got to the
>> vlan interface (eth0.30) anymore.
>>
>> Michael
>
> For as far as I remember, this hack works really well when eth0 and
> eth0.30 are not in the same bridge (br0/br1). Anyway, I cannot think
> of a good reason for it not to work in a single bridge.
Well, it actually does not. But there is a very interesting thing: The
eth0.30 gets all packages (esp. ARP and my ICMP reply for testing) but
the ping command on the other shell returns *nothing*.
iptables has no rules got and policy is ACCEPT.
brctl addbr br0
brctl addbr br1
brctl addif br0 eth0
brctl addif br1 eth0.30
ebtables -t broute -D BROUTING -p 802_1Q -i eth0 -j DROP is the command.
Do you have got any ideas how to debug this?
>
> Try and dig around with ebtable, using the logging feature. Im' pretty
> sure it works, but does not have a bridge available here to test.
>
> I googled around to try and find the original web page where a learned
> this hack, but without any success. You can try, searching for
> ebtables+BROUTING+DROP+802_1Q+vlan-id and so on...
>
> Nicolas.
Sincerely,
Michael
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [Bridge] Bridging untagged and tagged VLANs
2009-07-22 3:49 ` Simon Barber
2009-07-22 7:35 ` Michael Tremer
@ 2009-07-22 20:41 ` Michael Tremer
1 sibling, 0 replies; 11+ messages in thread
From: Michael Tremer @ 2009-07-22 20:41 UTC (permalink / raw)
To: Simon Barber, bridge
Well, I think the kernel patch is the easier way, but ebtables is more easy.
So I tried with the following command:
ebtables -t broute -A BROUTING -p 802_1Q -i eth0 -j DROP
Then, the VLAN 30 and the untagged (V)LAN can be bridged (Well I tried
it with
arping -I br0 192.168.181.1 and got a MAC from the machine 192.168.181.1
on VLAN 30).
But I still cannot do the following:
brctl addbr br0
brctl addif br0 eth0
brctl addbr br1
brctl addif br1 eth0.30
br0 works.
br1 doesn't work. Not even ARP.
ebtables rule was set.
Any ideas?!
Thanks for the great help up to now.
Michael
Simon Barber wrote:
> To do this seamlessly you need a VLAN aware bridge - the kernel has
> separate support for VLAN and bridging, but not integrated. I posted a
> patch a while back to fix this - see here:
>
> http://www.mail-archive.com/bridge@lists.osdl.org/msg01440.html
>
> It was for a 2.4 kernel, but shouldn't take too much work to port to 2.6.
>
> Simon
>
>
> Michael Tremer wrote:
>> Hello everybody,
>> I got a weird problem but don't know if it is expected to work.
>>
>> brctl addbr br0
>> vconfig add eth0 30
>> brctl addif br0 eth0.30
>>
>> Until here, everythink works well... I can access the VLAN with id 30.
>> But when I run the following:
>>
>> brctl addif br0 eth0
>>
>> Then, I can't access the VLAN any more but the untagged LAN.
>> But instead of adding eth0:
>>
>> vconfig add eth0 40
>> brctl addif br0 eth0.40
>>
>> It works.
>>
>> It would be nice if you can me give a short advice...
>> Is it not possible to bridge an untagged LAN with a tagged VLAN or
>> is this a bug?
>>
>> Sincerely,
>>
>> Michael
>>
>> Kernel 2.6.29, brctl 1.4
>>
>> _______________________________________________
>> Bridge mailing list
>> Bridge@lists.linux-foundation.org
>> https://lists.linux-foundation.org/mailman/listinfo/bridge
>>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2009-07-23 7:54 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2009-07-21 21:52 [Bridge] Bridging untagged and tagged VLANs Michael Tremer
2009-07-21 22:59 ` richardvoigt
2009-07-22 8:51 ` Benny Amorsen
2009-07-22 8:55 ` Benny Amorsen
2009-07-22 3:49 ` Simon Barber
2009-07-22 7:35 ` Michael Tremer
2009-07-22 20:30 ` Nicolas de Pesloüan
2009-07-22 20:47 ` Michael Tremer
2009-07-22 21:14 ` Nicolas de Pesloüan
2009-07-23 7:54 ` Michael Tremer
2009-07-22 20:41 ` Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox