From owner-freebsd-net@freebsd.org Thu May 10 16:24:56 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 82C5BFCF3DE for ; Thu, 10 May 2018 16:24:56 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 1C6FB806EF for ; Thu, 10 May 2018 16:24:56 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (124-148-108-197.dyn.iinet.net.au [124.148.108.197]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id w4AGOgJI056721 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Thu, 10 May 2018 09:24:45 -0700 (PDT) (envelope-from julian@freebsd.org) Subject: Re: NETGRAPH- bridge vlans using netgraph help To: Abdullah Tariq Cc: Freddie Cash , Eugene Grosbein , freebsd-net References: <5AE437C1.8010706@grosbein.net> <5AE44ADD.7020302@grosbein.net> <5AE468D5.9030702@grosbein.net> <5AE4D1AC.3080702@grosbein.net> <5AE75988.3020306@grosbein.net> <5AE75BAD.8030303@grosbein.net> <946595c0-8dd5-145f-6c13-c150a053a17c@freebsd.org> From: Julian Elischer Message-ID: <670e4c83-a090-94c4-271b-820d945cb78b@freebsd.org> Date: Fri, 11 May 2018 00:24:36 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 May 2018 16:24:56 -0000 On 9/5/18 11:24 pm, Abdullah Tariq wrote: > > a picture would do wonders to understand what he wants. > > >  Apologies for being AWOL >  Attaching an image link: https://ibb.co/nt1s4S Ok so, it looks like there i a problem in concepts. FreeBSD doesn't really know about tags inside the machine.. It only has the ability to make a separate interface that multiplexes (on output) and demultiplexes (on input) packets going onto a single link by assigning/creating a virtual sub-interface for each active vlan on that real interface. (well that's 100% true, but it doesn't use the tags for anything real internally.) If you add the tag for a packet coming in and then remove it as it goes out, what is the point in having it? FreeBSD does not have a vlan switch internally. That is not to say that we can not MAKE one, but the whole aim of FreeBSD's vlan support is to allow it to send packets out that are tagged for different vlans depending on which 'sub interface' the packet was routed to, not to send unmarked packets internally routed via some mythical internal vlan switch. iface0.1]--------[iface0]------wire                       / iface0.2]----/ packets sent out via iface0.1 will appear on the wire with vlan1 headers packates sent out through iface0.2 will appear on the wire with vlan2 headers Inside the system however the vlan headers have been stripped off. They DO still have some vlan information tagged on them but it is not used generally. I still don't fully understand the aim of the exercise. Julian > > On Tue, May 1, 2018 at 8:39 PM, Julian Elischer > wrote: > > On 1/5/18 11:16 pm, Freddie Cash wrote: >> On Tue, May 1, 2018 at 6:08 AM, Julian Elischer >> >wrote: >> >> On 1/5/18 2:08 am, Eugene Grosbein wrote: >> >> 01.05.2018 1:03, Freddie Cash wrote: >> >> On Mon, Apr 30, 2018 at 10:59 AM, Eugene Grosbein >> >> > >>wrote: >> >>      > What the OP is trying to do is have PC1 send >> untagged packets to igb0 on FreeBSD which is >> configured for tagged vlan 5. >>      > Then bridge the packets to igb1 which is >> also configured for tagged vlan 5.  Then send the >> packets out, untagged, to PC2. >> >>      Why would one want to "configure igb0 for >> tagged vlan 5" when igb0 supposed to receive >> untagged frames? >>      This does not make any sense. One should just >> bridge igb0 as is, without creation vlan on it and >> problem's solved. >> >> ​Yes, agree.  What the OP wants to do can't be >> done.  :)​ >> >> Perhaps, you missed a message from him when he states >> that configuration style does no matter for him really. >> So, what he wants can be done, just using different style. >> >> >> a picture would do wonders to understand what he wants >> ​. >> >> >> ​A FreeBSD system with multiple NICs, with separate vlans >> internally to separate untagged traffic between PCs.​ >> >> https://forums.freebsd.org/threads/bridge-with-vlans-not-working.65592/ >> >> >> ​​https://forums.freebsd.org/attachments/capture-png.4744/ >> >> >> ​https://forums.freebsd.org/threads/bridge-with-vlans-not-working.65592/#lg=post-385584&slide=0 >> >> >> ​The "easy" solution is to just bridge together the interfaces >> you want to be part of the same "virtual lan", thus allowing >> traffic between those stations only.  Want PC1 and PC2 to be >> part of one vlan?  Then bridge together igb0 and igb1.  Want >> PC3, connected to igb2, and PC4, connected to igb3, to be part >> of a separate "virtual lan"?  Then create a separate bridge >> between igb2 and igb3. No vlan tags required anywhere. > > ok so does he want to have those vlans terminated at his box or > just pass them through? > and if they are untagged,  why is it being called a vlan? > untagged vlan is what we call "ethernet". > > if it's untagged then only the internal state of the switches > decides which "virtual network" it is on.. > > > >> >> But, the OP (in the forum thread and here) keeps getting hung >> up on "needing" vlan tags on the NICs, trying to treat the >> FreeBSD box like a switch with hybrid ports and PVIDs set on >> the ports. >> >> -- >> Freddie Cash >> fjwcash@gmail.com > > >