Page MenuHomeVyOS Platform

vlan aware bridge not working with - Kernel: T3318: update Linux Kernel to v5.4.205 #249
Closed, ResolvedPublicBUG

Description

Hi,

I am using a physical box with intel I211 networks cards. The last known good kernel I have used is - 5.4.197-amd64-vyos.

I have built the equuleus image with kernel v5.4.205.

Now the virtual bridge interfaces cannot send/receive any traffic through the physical interface they are bound to.

Sample configuration -

bridge br0 {

description Central-Bridge
enable-vlan
member {
    interface eth1 {
        allowed-vlan 101
        native-vlan 101
    }
}
vif 101 {
    address 172.31.101.1/24
    description Guest
}

}

Then a ping is run from client with static IP - 172.31.101.10 to Vyos GW - 172.31.101.1.

From a TCP dump I can see that - ARP request is reaching to the physical interface eth1. But those packets are not forwarded to the virtual bridge interface named br0.101. So, without ARP resolution ping fails. Also if dhcp clients are connected to that eth1 interface; their broadcast for Ip adress is reaching the physical interface but not forwarded to the virtual bridge interface. So, clients do not get any Ip address from VYos router acting as DHCP server.

**All traffic forwarding not working between physical and virtual bridge interface. Tcpdump for br0.101 is empty. So, with above kernel the forwarding between physical and virtual bridge interface is broken.

Now the funny part of it all. This bug concerns physical box with intel I211 networks cards.

If I run a VYOS vm with emulated e1000 network card; this bug is not observed at all. All forwarding between virtual bridge and physical interface works as it should be.

Please let me know what kind of logs are needed to provide further information.

Regards.

Details

Difficulty level
Unknown (require assessment)
Version
1.3 equuleus with kernel v5.4.205
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Behavior change
Issue type
Bug (incorrect behavior)

Event Timeline

It seems not related to kernel and definitely another bug

[email protected]# run show conf com | match bri
set interfaces bridge br0 enable-vlan
set interfaces bridge br0 member interface eth1 allowed-vlan '5-50'
set interfaces bridge br0 member interface eth1 native-vlan '5'
[edit]
[email protected]# 
[edit]
[email protected]# run show bridge vlan 
port              vlan-id  
br0               1 PVID Egress Untagged
[edit]
[email protected]#

Expected:

[email protected]# sudo bridge -c vlan show
port	vlan ids
eth1	 5 PVID Egress Untagged
	 6-50

br0	 1 PVID Egress Untagged

[edit]
[email protected]#

I have it working between VyOS 1.4-rolling-202207280217 (kernel 5.10.133) and VyOS 1.3-stable-202207280515 (kernel 5.4.205)

1.4 configuration:

set interfaces bridge br0 enable-vlan
set interfaces bridge br0 member interface eth1 allowed-vlan '5-50'
set interfaces bridge br0 member interface eth1 allowed-vlan '101'
set interfaces bridge br0 member interface eth1 native-vlan '101'
set interfaces bridge br0 vif 101 address '172.31.101.1/24'

1.3 configuration:

set interfaces bridge br0 enable-vlan
set interfaces bridge br0 member interface eth1 allowed-vlan '5-50'
set interfaces bridge br0 member interface eth1 allowed-vlan '101'
set interfaces bridge br0 member interface eth1 native-vlan '101'
set interfaces bridge br0 vif 101 address '172.31.101.10/24'

Check connectivity:

[email protected]:~$ ping 172.31.101.10
PING 172.31.101.10 (172.31.101.10) 56(84) bytes of data.
64 bytes from 172.31.101.10: icmp_seq=1 ttl=64 time=0.437 ms
64 bytes from 172.31.101.10: icmp_seq=2 ttl=64 time=0.400 ms


[email protected]:~$ show arp
Address        Interface    Link layer address    State
-------------  -----------  --------------------  ---------
192.168.122.1  eth0         52:54:00:e5:2e:80     REACHABLE
172.31.101.10  br0.101      52:54:00:38:cc:4f     STALE
[email protected]:~$

Also, I see the correct VLANs from both sites:

[email protected]:~$ sudo bridge -c vlan show
port              vlan-id  
eth1              5-50
                  101 PVID Egress Untagged
br0               1 PVID Egress Untagged
                  101
[email protected]:~$

@Viacheslav can you save your config and reboot?

It worked for me until I did a reboot (using vmxnet3)

@c-po Bug exists after reboot (tested in 1.4)

Before reboot:

[email protected]:~$ show bridge vlan 
port              vlan-id  
eth1              5-50
                  101 PVID Egress Untagged
br0               1 PVID Egress Untagged
                  101
[email protected]:~$

After reboot:

[email protected]:~$ show bridge vlan 
port              vlan-id  
br0               1 PVID Egress Untagged
                  101
[email protected]:~$

It seems this part of configuration is not applied after reboot:

set interfaces bridge br0 member interface eth1 allowed-vlan '5-50'
set interfaces bridge br0 member interface eth1 allowed-vlan '101'
set interfaces bridge br0 member interface eth1 native-vlan '101'

It's applied but masked by another part, looking into it. A brief workaround is to just change the description on br0 and commit - then the bridge vlan is re-created.

Working as expected in VyOS 1.3.1-S1

c-po moved this task from Need Triage to 1.3.2 on the VyOS 1.3 Equuleus board.
c-po edited projects, added VyOS 1.3 Equuleus (1.3.2); removed VyOS 1.3 Equuleus.
c-po moved this task from Need Triage to In Progress on the VyOS 1.3 Equuleus (1.3.2) board.
c-po moved this task from In Progress to Finished on the VyOS 1.3 Equuleus (1.3.2) board.