Page MenuHomeVyOS Platform

VLAN-aware bridge not working
Closed, ResolvedPublicBUG

Description

Vlan aware bridge not working.
Config:

set interfaces bridge br0 enable-vlan
set interfaces bridge br0 member interface eth0 allowed-vlan '10'
set interfaces bridge br0 member interface eth0 allowed-vlan '20'
set interfaces bridge br0 member interface eth1 allowed-vlan '10'
set interfaces bridge br0 member interface eth1 allowed-vlan '20'
set interfaces bridge br0 vif 10 address '10.10.1.1/24'
set interfaces bridge br0 vif 20 address '10.20.1.1/24'

Host that is connected to vlan 10 can not ping 10.10.1.1
I can see replies on br0.10 but I can not see them on eth0

[email protected]:~$ monitor traffic interface eth0
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
11:40:31.486993 ARP, Request who-has 10.10.1.1 (Broadcast) tell 10.10.1.100, length 50
11:40:32.487338 ARP, Request who-has 10.10.1.1 (Broadcast) tell 10.10.1.100, length 50
11:40:33.488523 ARP, Request who-has 10.10.1.1 (Broadcast) tell 10.10.1.100, length 50

[email protected]:~$ monitor traffic interface br0.10
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on br0.10, link-type EN10MB (Ethernet), snapshot length 262144 bytes
11:40:53.043270 ARP, Request who-has 10.10.1.1 (Broadcast) tell 10.10.1.100, length 50
11:40:53.044761 ARP, Reply 10.10.1.1 is-at 0c:4d:58:ab:00:00 (oui Unknown), length 28
11:40:54.045083 ARP, Request who-has 10.10.1.1 (Broadcast) tell 10.10.1.100, length 50
11:40:54.045279 ARP, Reply 10.10.1.1 is-at 0c:4d:58:ab:00:00 (oui Unknown), length 28
11:40:55.044398 ARP, Request who-has 10.10.1.1 (Broadcast) tell 10.10.1.100, length 50
11:40:55.044512 ARP, Reply 10.10.1.1 is-at 0c:4d:58:ab:00:00 (oui Unknown), length 28
[email protected]:~$ sudo bridge -c vlan show
port              vlan-id
eth0              10
                  20
eth1              10
                  20
br0               1 PVID Egress Untagged

it seems like the next task vlan aware bridge not working with - Kernel: T3318: update Linux Kernel to v5.4.205 #249
But it does not work on latest rolling releases

Details

Difficulty level
Easy (less than an hour)
Version
1.4-rolling-202208210217
Why the issue appeared?
Implementation mistake
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

c-po changed the task status from Open to In progress.Aug 22 2022, 3:53 PM
c-po triaged this task as High priority.
c-po changed Difficulty level from Normal (likely a few hours) to Easy (less than an hour).
c-po changed Why the issue appeared? from Will be filled on close to Implementation mistake.

Tested via:

VyOS

set interfaces bridge br0 enable-vlan
set interfaces bridge br0 member interface eth1 allowed-vlan '10'
set interfaces bridge br0 member interface eth1 allowed-vlan '20'
set interfaces bridge br0 member interface eth1 allowed-vlan '30'
set interfaces bridge br0 member interface eth1 allowed-vlan '40'
set interfaces bridge br0 member interface eth1 native-vlan '40'
set interfaces bridge br0 member interface eth2 allowed-vlan '30'
set interfaces bridge br0 member interface eth2 allowed-vlan '20'
set interfaces bridge br0 member interface eth2 allowed-vlan '10'
set interfaces bridge br0 member interface eth2 allowed-vlan '40'
set interfaces bridge br0 vif 10 address '10.0.10.1/24'
set interfaces bridge br0 vif 20 address '10.0.20.1/24'
set interfaces bridge br0 vif 30 address '10.0.30.1/24'
set interfaces bridge br0 vif 40 address '10.0.40.1/24'

Arista vEOS

vlan 10,20,30,40
interface Ethernet1
   switchport trunk allowed vlan 10,20,30,40
interface Vlan10
   ip address 10.0.10.2/24
interface Vlan20
   ip address 10.0.20.2/24
interface Vlan30
   ip address 10.0.30.2/24
interface Vlan40
   ip address 10.0.40.2/24
interface Ethernet1
   switchport trunk allowed vlan 10,20,30,40
   switchport mode trunk
   spanning-tree portfast

Cisco vIOS

interface GigabitEthernet0/0
 ip address 10.0.40.3 255.255.255.0
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 10.0.10.3 255.255.255.0
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 10.0.20.3 255.255.255.0
!
interface GigabitEthernet0/0.30
 encapsulation dot1Q 30
 ip address 10.0.30.3 255.255.255.0
!

Results

[email protected]:~$ ping 10.0.10.2 count 2
PING 10.0.10.2 (10.0.10.2) 56(84) bytes of data.
64 bytes from 10.0.10.2: icmp_seq=1 ttl=64 time=48.2 ms
64 bytes from 10.0.10.2: icmp_seq=2 ttl=64 time=8.53 ms
[email protected]:~$ ping 10.0.10.3 count 2
PING 10.0.10.3 (10.0.10.3) 56(84) bytes of data.
64 bytes from 10.0.10.3: icmp_seq=1 ttl=255 time=26.9 ms
64 bytes from 10.0.10.3: icmp_seq=2 ttl=255 time=4.12 ms
[email protected]:~$ ping 10.0.20.3 count 2
PING 10.0.20.3 (10.0.20.3) 56(84) bytes of data.
64 bytes from 10.0.20.3: icmp_seq=1 ttl=255 time=3.96 ms
64 bytes from 10.0.20.3: icmp_seq=2 ttl=255 time=4.48 ms
[email protected]:~$ ping 10.0.20.3 count 2
PING 10.0.20.3 (10.0.20.3) 56(84) bytes of data.
64 bytes from 10.0.20.3: icmp_seq=1 ttl=255 time=3.38 ms
64 bytes from 10.0.20.3: icmp_seq=2 ttl=255 time=3.71 ms
vIOS#ping 10.0.40.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.40.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 11/12/13 ms
vIOS#ping 10.0.40.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.40.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/7 ms
vEOS#ping 10.0.40.3
PING 10.0.40.3 (10.0.40.3) 72(100) bytes of data.
80 bytes from 10.0.40.3: icmp_seq=1 ttl=255 time=15.7 ms
80 bytes from 10.0.40.3: icmp_seq=2 ttl=255 time=11.7 ms
80 bytes from 10.0.40.3: icmp_seq=3 ttl=255 time=11.3 ms
80 bytes from 10.0.40.3: icmp_seq=4 ttl=255 time=13.1 ms
80 bytes from 10.0.40.3: icmp_seq=5 ttl=255 time=14.8 ms

--- 10.0.40.3 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 67ms
rtt min/avg/max/mdev = 11.397/13.348/15.724/1.698 ms, ipg/ewma 16.836/14.573 ms
dmbaturin renamed this task from Vlan aware bridge not working to VLAN-aware bridge not working.Sep 5 2022, 11:10 AM
[email protected]:~$ sudo bridge -c vlan show
port              vlan-id
eth0              10
                  20
eth1              10
                  20
br0               1 PVID Egress Untagged

Sorry I'm late. I'm glad to see this problem solved by @c-po . This seems to be the problem.
For the interface, the VLAN information is successfully registered, but neither VLAN 20 nor VLAN 10 is successfully registered to the bridge, which will cause the bridge to fail to forward the corresponding VLAN