[ILUG] Ethernet Bridging issues

Paul Jakma paul at clubi.ie
Tue Dec 7 09:46:40 GMT 2004 

On Tue, 7 Dec 2004, Hamilton, David (TSG C&I) wrote:

> Hi Paul,
>
> The way the machine is configured, it doesn't have an IP Address, and
> the reason is that the link it is on is actually an 802.1q trunk.

Ok, just checking. I had strange things happen when i had an IP 
address on an interface that was then added to a bridge interface. 
You can assign an IP to br0 though, or to interfaces which are not 
bridged (least EWORKSFORME).

> It is
> also quite far away from me at the moment, so I can't run the brctl show
> command right now.

> The trunk was created like this:
> 	1. brctl addbr br0
> 	2. brctl addif br0 eth0
> 	3. brctl addif br0 eth1

Are they up? Also, if you're trying to use VLANs - are these tagged 
ports? Maybe you should be adding the /vlan/ interfaces to your 
bridge groups..

> I think this may be the problem.....

> I seem to remember from playing around with VLANs on linux before 
> that certain drivers needed patching to correctly interpret VLAN 
> tags,

Drivers dont interpret VLAN tags usually, NICs usually dont do more 
with ethernet header than filter on the destination MAC (which is 
before the VLAN header). The typical problem is that a driver has an 
MTU limit of 1500 (either hard coded, or an actual hardware limit), 
which breaks when you get a full-sized tagged packet of 1500 + the 4 
extra bytes of VLAN header.

The solution is to either:

- patch/upgrade the driver to remove the 1500 limit (if patch/upgrade 
exists)

or

- lower the MTU to 1496 bytes on **all** interfaces on that LAN

Note that even with a driver with this problem, stuff will still work 
to an extent, eg you should be able to ssh to other machines. Just 
connections will hang if you try transfer lots of data (eg 'less 
/not/small/file' and press space a few times).

> and since the machine I am using here is a laptop, I am guessing 
> that the Xircom Realport driver probably hasn't been patched or 
> doesn't support passing of VLAN tagged packets.

You should still see low-bandwidth connections/packets work, even 
with the MTU problem.

> Maybe I'm wrong, but when I replace the 'bridge' with a crossover cable,
> everything is fine...

I dont understand why VLANs are involved.. but..

- check the interfaces are actually up..

- try to get it to work without VLANs first (why do you need this?)

- bridge the /vlan/ interfaces, not the raw ports carrying tagged 
frames, its quite plausible that linux bridging does not like seeing 
VLAN tags.

Other options, if you're trying to get a host work via another host:

- Proxy ARP?

- Layer 3 routing. This is, imho, far nicer if you dont need layer-2 
forwarding/bridging.

> Thanks,
> 	David.

regards,
-- 
Paul Jakma	paul at clubi.ie	paul at jakma.org	Key ID: 64A2FF6A
Fortune:
This dungeon is owned and operated by Frobozz Magic Co., Ltd.

More information about the ILUG mailing list