I am using the bridge to simulate a satellite link to a number of
different machines and this is why the VLANs ae required.
'Small traffic' does get through easily enough, it's just NFS and X11
which would generally be 'large' packets that get messed up which would
certainly point to a VLAN tag problem.
I think I can get around it by reconfiguring the routers on either side
and using routing rather than bridging, and moving the machine to the
other side of the routers to get away from the VLAN trunk.
Thanks for your input,
David.
-----Original Message-----
From: Paul Jakma [mailto:paul at clubi.ie]
Sent: 07 December 2004 09:47
To: Hamilton, David (TSG C&I)
Cc: ilug at linux.ie
Subject: RE: [ILUG] Ethernet Bridging issues
On Tue, 7 Dec 2004, Hamilton, David (TSG C&I) wrote:
> Hi Paul,
>> The way the machine is configured, it doesn't have an IP Address, and
> the reason is that the link it is on is actually an 802.1q trunk.
Ok, just checking. I had strange things happen when i had an IP
address on an interface that was then added to a bridge interface.
You can assign an IP to br0 though, or to interfaces which are not
bridged (least EWORKSFORME).
> It is
> also quite far away from me at the moment, so I can't run the brctl
show
> command right now.
> The trunk was created like this:
> 1. brctl addbr br0
> 2. brctl addif br0 eth0
> 3. brctl addif br0 eth1
Are they up? Also, if you're trying to use VLANs - are these tagged
ports? Maybe you should be adding the /vlan/ interfaces to your
bridge groups..
> I think this may be the problem.....
> I seem to remember from playing around with VLANs on linux before
> that certain drivers needed patching to correctly interpret VLAN
> tags,
Drivers dont interpret VLAN tags usually, NICs usually dont do more
with ethernet header than filter on the destination MAC (which is
before the VLAN header). The typical problem is that a driver has an
MTU limit of 1500 (either hard coded, or an actual hardware limit),
which breaks when you get a full-sized tagged packet of 1500 + the 4
extra bytes of VLAN header.
The solution is to either:
- patch/upgrade the driver to remove the 1500 limit (if patch/upgrade
exists)
or
- lower the MTU to 1496 bytes on **all** interfaces on that LAN
Note that even with a driver with this problem, stuff will still work
to an extent, eg you should be able to ssh to other machines. Just
connections will hang if you try transfer lots of data (eg 'less
/not/small/file' and press space a few times).
> and since the machine I am using here is a laptop, I am guessing
> that the Xircom Realport driver probably hasn't been patched or
> doesn't support passing of VLAN tagged packets.
You should still see low-bandwidth connections/packets work, even
with the MTU problem.
> Maybe I'm wrong, but when I replace the 'bridge' with a crossover
cable,
> everything is fine...
I dont understand why VLANs are involved.. but..
- check the interfaces are actually up..
- try to get it to work without VLANs first (why do you need this?)
- bridge the /vlan/ interfaces, not the raw ports carrying tagged
frames, its quite plausible that linux bridging does not like seeing
VLAN tags.
Other options, if you're trying to get a host work via another host:
- Proxy ARP?
- Layer 3 routing. This is, imho, far nicer if you dont need layer-2
forwarding/bridging.
> Thanks,
> David.
regards,
--
Paul Jakma paul at clubi.iepaul at jakma.org Key ID: 64A2FF6A
Fortune:
This dungeon is owned and operated by Frobozz Magic Co., Ltd.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
