Page MenuHomeVyOS Platform
Create Task
Maniphest T4636

VLAN-Aware bridge not handling local traffic (and not able to perform inter-vlan routing)
Closed, DuplicatePublicBUG
Actions

Description

Configuration:

set interfaces bridge br0 enable-vlan
set interfaces bridge br0 member interface eth1 native-vlan '1000'
set interfaces bridge br0 member interface eth2 native-vlan '1001'
set interfaces bridge br0 vif 1000 address '172.16.0.3/24'
set interfaces bridge br0 vif 1001 address '172.16.1.3/24'

Situation:

  • 2 hosts on the same VLAN are able to talk each other (L2 between hosts is fine, if I add another port, i.e. eth3).
  • any host is not able to reach the VyOS itself (i.e. not able to ping 172.16.x.3) (and not able to use it as a inter-vlan router).

under the hood situation:

vyos@s1:~$ sudo bridge vlan
port              vlan-id
eth1              1000 PVID Egress Untagged
eth2              1001 PVID Egress Untagged
br0               1 PVID Egress Untagged

This is solved by manually launching, to instruct the bridge to handle also the VLAN locally:

sudo bridge vlan add vid 1000 dev br0 self
sudo bridge vlan add vid 1001 dev br0 self

which results in

vyos@s1:~$ sudo bridge vlan
port              vlan-id
eth1              1000 PVID Egress Untagged
eth2              1001 PVID Egress Untagged
br0               1 PVID Egress Untagged
                  1000
                  1001

And now the hosts are able to talk to VyOS, and between each other:

vyos@s1:~$ ping 172.16.0.1
PING 172.16.0.1 (172.16.0.1) 56(84) bytes of data.
64 bytes from 172.16.0.1: icmp_seq=1 ttl=64 time=0.630 ms
64 bytes from 172.16.0.1: icmp_seq=2 ttl=64 time=0.634 ms
64 bytes from 172.16.0.1: icmp_seq=3 ttl=64 time=0.568 ms

--- 172.16.0.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2080ms
rtt min/avg/max/mdev = 0.568/0.610/0.634/0.030 ms
vyos@s1:~$ ping 172.16.1.2
PING 172.16.1.2 (172.16.1.2) 56(84) bytes of data.
64 bytes from 172.16.1.2: icmp_seq=1 ttl=64 time=0.612 ms
64 bytes from 172.16.1.2: icmp_seq=2 ttl=64 time=0.384 ms
64 bytes from 172.16.1.2: icmp_seq=3 ttl=64 time=0.436 ms

--- 172.16.1.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2081ms
rtt min/avg/max/mdev = 0.384/0.477/0.612/0.097 ms

Most probably this is missing in https://github.com/vyos/vyos-1x/blob/current/python/vyos/ifconfig/bridge.py

thanks
Stefano

Details

Difficulty level
Unknown (require assessment)
Version
VyOS 1.4-rolling-202208100217
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Unspecified (possibly destroys the router)
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

ssasso created this task.Aug 22 2022, 1:40 PM
Viacheslav added a subscriber: Viacheslav.Aug 22 2022, 2:08 PM

I guess it the task T4632

ssasso added a comment.EditedAug 22 2022, 2:21 PM

With an older version:

vagrant@s1:~$ sudo bridge vlan
port              vlan-id
eth1              1000 PVID Egress Untagged
eth2              1001 PVID Egress Untagged
br0               1 PVID Egress Untagged
                  1000
                  1001
vagrant@s1:~$ show version

Version:          VyOS 1.4-rolling-202204130521
Release train:    sagitta

So most probably the behaviour was changed on the meanwhile.

ssasso added a comment.Aug 22 2022, 2:25 PM
This comment was removed by ssasso.
ssasso added a comment.Aug 22 2022, 2:36 PM

I think I found the "problematic" commit.
https://github.com/vyos/vyos-1x/commit/41477cc85208507be55f8db4e412ad78eae764eb#diff-8e6f3b9122c8406707eb59334978290d083995acf7de0323111d4eed1656693dL311

You removed also:

cmd = f'bridge vlan add dev {ifname} vid {vlan} self'

which is what we need.

c-po claimed this task.Aug 22 2022, 4:40 PM
c-po closed this task as a duplicate of T4632: VLAN-aware bridge not working.
jack9603301 added a subscriber: jack9603301.Sep 5 2022, 5:28 PM

When the interface of the bridge registers VLANs, the bridge itself must register the same VLANs at the same time, otherwise the bridge will not forward VLANs