From owner-freebsd-questions@FreeBSD.ORG Thu Dec 6 13:37:30 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 017F116A418 for ; Thu, 6 Dec 2007 13:37:30 +0000 (UTC) (envelope-from silver.salonen@gmail.com) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.189]) by mx1.freebsd.org (Postfix) with ESMTP id 78FE013C4D3 for ; Thu, 6 Dec 2007 13:37:29 +0000 (UTC) (envelope-from silver.salonen@gmail.com) Received: by mu-out-0910.google.com with SMTP id i10so267444mue for ; Thu, 06 Dec 2007 05:37:28 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date:user-agent:cc:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; bh=h3UUs5Xi3y2mZ2b4ACzOrlWkW95iw5q00tIW7EABcko=; b=q10u9dz2TUAn3cNCM4YElzRKD46vuqqo7htLAfRzKqfSqIqEKtpoayzqF39N3BocvMmLxSVi7rGC/Yp9KY6+OVKVb8bez/fRAFNoaOs5B+agzLK8eYTlnVCs7s+BK2VUJ5HLt6a8zH/NP2ZtFnS9ABsvtRnu6BJBEIPK67PNFQM= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:cc:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=MXCzzsIqQiZ3RBGAPYbSBP2jkPzTFO0xjzhP/hb/bRe9HqvCn5CfAd4xcMxoK/+s/KqCCqR9url7Bbcf66sn2piLLqEOI638x4N5/gkM9trfufCWROJrrRx4X8gzkl1pCWH6BDMQpEn3SLFAtNpx1uwVSLDiY5qLZSNCD1eTMDI= Received: by 10.86.54.3 with SMTP id c3mr1034088fga.1196948247352; Thu, 06 Dec 2007 05:37:27 -0800 (PST) Received: from ?192.168.8.99? ( [195.50.198.178]) by mx.google.com with ESMTPS id a37sm421009fkc.2007.12.06.05.37.25 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 06 Dec 2007 05:37:26 -0800 (PST) From: Silver Salonen To: Nikos Vassiliadis Date: Thu, 6 Dec 2007 15:37:21 +0200 User-Agent: KMail/1.9.7 References: <14188023.post@talk.nabble.com> <200712061331.39016.silver.salonen@gmail.com> <200712061501.35633.nvass@teledomenet.gr> In-Reply-To: <200712061501.35633.nvass@teledomenet.gr> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200712061537.22617.silver.salonen@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: enabling if_bridge STP X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Dec 2007 13:37:30 -0000 On Thursday 06 December 2007 15:01, Nikos Vassiliadis wrote: > On Thursday 06 December 2007 13:31:38 Silver Salonen wrote: > > On Thursday 06 December 2007 13:21, Nikos Vassiliadis wrote: > > > On Thursday 06 December 2007 12:20:18 Atrox wrote: > > > > Well, as I understand, in my case, STP should be enabled mainly on > > > > TAP-interfaces as it would eliminate the scenario where, for an > > > > example, ARP-requests from 192.168.1.1 for 192.168.3.1 reach > > > > 192.168.2.1. Have I understood it correctly? > > > > > > It sounds like you want to isolate the ethernets, not bridge them. > > > Bridging is not what you need, if I have understood correctly. > > > > > > You want to keep ARP and broadcasts to the relevant boxes, right? > > > You have to use VLANs on your switch to achieve this, not bridging. > > > > Actually the final target is to connect all the 3 LANs over VPN, so that > > they can browse eachother networks etc. When I did it, I could see > > duplicate packets looping through all bridges, so I thought I'd bring in > > STP. That's what it's for, right? > > Not really, STP must be used/needed in a dynamic environment to > eliminate loops. Your environment doesn't seem dynamic to me. You > can create a loop-free topology like this: > > http://users.teledomenet.gr/nvass/topology.png > > 1) 10.0.0.0/24 is the shared network. > 2) bridge1 bridges eth0 and tap0 which is the VPN to the root-bridge. > 3) bridge2 bridges eth0 and tap0 which is the VPN to the root-bridge. > 4) root-bridge bridges eth0, tap0 and tap1. Is all the traffic pass through the root-bridge in this case, so that if bridge1 wants to talk to bridge2, it has to go through root-bridge and not straight? In my case there's a straight connection between bridge1 and bridge2 too, so that they don't have to communicate through root-bridge. -- Silver