Date: Fri, 19 Apr 2002 13:58:25 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: Julian Elischer <julian@elischer.org> Cc: Doug Ambrisko <ambrisko@ambrisko.com>, Archie Cobbs <archie@dellroad.org>, "Peter J. Blok" <Peter.Blok@inter.NL.net>, freebsd-hackers@FreeBSD.org, freebsd-net@FreeBSD.org Subject: Re: vlan traffic over ipsec tunnel Message-ID: <3CC084F1.1951442A@mindspring.com> References: <Pine.BSF.4.21.0204191318510.8266-100000@InterJet.elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Julian Elischer wrote: > > Would imply it should just work to bridge vlan's via netgraph bridging. > > As Archie said I have not tested this to prove how it does or does not > > work since I haven't had a need to try it. > > I don't know, but it may have problems setting promiscuous mode.. > is there such a thing in vlan mode? It might work with the Netgraph bridging. It's not going to work with the packet fast forwarding. The new netgraph version goes through ether_input, so it should not be a problem. Promiscuous mode isn't really necessary (IMO), at least on the interface to which it's trunked. It *might* be an issue for the VLAN itself, though, if it's supposed to bridge to a non-VLAN. My impression of bridging in theis context was that you would use it to create a virtual LAN at otherwise physically disjoint locations, so that bridging should be automatic, at least that way. That implied (to me) that the bridging was e.g. to allow a box to be on the local net with an ethernet interface, and act as a bridge between that net and another local net, using the VLAN as a transport, over something else (e.g. a point-to-point IPSEC link between the "bridges"). From old DEC days, I'd say it was the moral equivalent of a DELNI, where you have half a bridge, a quarter mile of optical fiber, and the other half of the bridge, and everything on either side just sees a bridge. I imagine that the primary use would be for VPN's, where there were N nodes at one site and M nodes at another, where N > 1 && M > 1. Unfortunately, I don't have a Cisco Catalyst 2900 or other toys necessary to play with VLAN interoperability at the moment, I can only play with FreeBSD<->FreeBSD VLAN stuff, and then draw conclusions based on the RFCs and Cisco and other documentation. Sorry to be so vague. 8-(. Maybe someone with a larger "toy" budget than I have could contribute something to the conversation? I know Bill Paul has done a lot of work with VLAN code (he wrote the FreeBSD FEC code), and I expect Jon Lemon would be quite knowledgable, too, being a Cisco employee (plus have access to toys we haven't even heard of, yet ;^)). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CC084F1.1951442A>