From owner-freebsd-net@FreeBSD.ORG Thu Nov 10 13:25:14 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4798D16A426 for ; Thu, 10 Nov 2005 13:25:12 +0000 (GMT) (envelope-from jon.otterholm@ide.resurscentrum.se) Received: from mail1.cil.se (mail1.cil.se [217.197.56.125]) by mx1.FreeBSD.org (Postfix) with ESMTP id CB3F943D4C for ; Thu, 10 Nov 2005 13:25:09 +0000 (GMT) (envelope-from jon.otterholm@ide.resurscentrum.se) Received: from 192.168.2.10 ([192.168.2.10]) by edusrv05.edu.irc.local ([192.168.44.14]) with Microsoft Exchange Server HTTP-DAV ; Thu, 10 Nov 2005 13:25:08 +0000 Received: from by mail1.cil.se; 10 Nov 2005 14:25:08 +0100 From: Jon Otterholm To: Brian Candler In-Reply-To: <20051110124903.GB67086@uk.tiscali.com> References: <1131541588.996.13.camel@localhost.localdomain> <20051110124903.GB67086@uk.tiscali.com> Content-Type: text/plain Content-Transfer-Encoding: 7bit Date: Thu, 10 Nov 2005 14:25:07 +0100 Message-Id: <1131629107.878.22.camel@localhost.localdomain> Mime-Version: 1.0 X-Mailer: Evolution 2.2.3 FreeBSD GNOME Team Port Cc: freebsd-net@freebsd.org Subject: Re: arp-proxy X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Nov 2005 13:25:14 -0000 That depends... In all this - our role is similar to an ISP, but we are buying access to our customers from an external part. Every customer is delivered on a separate vlan trunked. - Our DSL customers cannot be set on the same VLAN i a single DSLAM (don't ask me why - ask Alcatel). - We cannot build a simple bridge because the Network service provider can't handle when a MAC-address shows up on 2 different VLAN's. The arp-proxy should do the following: - Forward any broadcast packets but rewrite src to its own mac. - Forward unicast packets according to FDB but rewrite src to its own mac. I hope this makes it clear. /J On Thu, 2005-11-10 at 12:49 +0000, Brian Candler wrote: > On Wed, Nov 09, 2005 at 02:06:28PM +0100, Jon Otterholm wrote: > > I want to create a bridge-interface (if_bridge) with a bunch (500+) of > > sub-interfaces (vlan) as members. All members of the bridge should be > > able to "talk" to each other but MAC-addresses must be isolated to their > > "own" vlan. > > That doesn't really make any sense to me, can you give a concrete example of > how it should behave? And/or a higher-level description of what it is you're > actually trying to achieve? > > Note that if the VLANs are *bridged* together then: > (1) they form a single broadcast domain. A broadcast packet on any one VLAN > will be forwarded to all other VLANs > (2) a unicast packet to MAC address XX:XX:XX:XX:XX:XX will be forwarded only > to the VLAN which has that node, as long as the forwarding table knows > where it is (if not, it will be forwarded to all VLANs) > > So bridging VLANs really just collapses them back into a single LAN, which > means you shouldn't have set up any VLANs in the first place :-(