From owner-freebsd-hackers Fri Apr 19 13:59:53 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22]) by hub.freebsd.org (Postfix) with ESMTP id 6532037B405; Fri, 19 Apr 2002 13:59:28 -0700 (PDT) Received: from pool0151.cvx22-bradley.dialup.earthlink.net ([209.179.198.151] helo=mindspring.com) by hawk.mail.pas.earthlink.net with esmtp (Exim 3.33 #2) id 16yfTD-0007Qz-00; Fri, 19 Apr 2002 13:59:03 -0700 Message-ID: <3CC084F1.1951442A@mindspring.com> Date: Fri, 19 Apr 2002 13:58:25 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Julian Elischer Cc: Doug Ambrisko , Archie Cobbs , "Peter J. Blok" , freebsd-hackers@FreeBSD.org, freebsd-net@FreeBSD.org Subject: Re: vlan traffic over ipsec tunnel References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Julian Elischer wrote: > > Would imply it should just work to bridge vlan's via netgraph bridging. > > As Archie said I have not tested this to prove how it does or does not > > work since I haven't had a need to try it. > > I don't know, but it may have problems setting promiscuous mode.. > is there such a thing in vlan mode? It might work with the Netgraph bridging. It's not going to work with the packet fast forwarding. The new netgraph version goes through ether_input, so it should not be a problem. Promiscuous mode isn't really necessary (IMO), at least on the interface to which it's trunked. It *might* be an issue for the VLAN itself, though, if it's supposed to bridge to a non-VLAN. My impression of bridging in theis context was that you would use it to create a virtual LAN at otherwise physically disjoint locations, so that bridging should be automatic, at least that way. That implied (to me) that the bridging was e.g. to allow a box to be on the local net with an ethernet interface, and act as a bridge between that net and another local net, using the VLAN as a transport, over something else (e.g. a point-to-point IPSEC link between the "bridges"). From old DEC days, I'd say it was the moral equivalent of a DELNI, where you have half a bridge, a quarter mile of optical fiber, and the other half of the bridge, and everything on either side just sees a bridge. I imagine that the primary use would be for VPN's, where there were N nodes at one site and M nodes at another, where N > 1 && M > 1. Unfortunately, I don't have a Cisco Catalyst 2900 or other toys necessary to play with VLAN interoperability at the moment, I can only play with FreeBSD<->FreeBSD VLAN stuff, and then draw conclusions based on the RFCs and Cisco and other documentation. Sorry to be so vague. 8-(. Maybe someone with a larger "toy" budget than I have could contribute something to the conversation? I know Bill Paul has done a lot of work with VLAN code (he wrote the FreeBSD FEC code), and I expect Jon Lemon would be quite knowledgable, too, being a Cisco employee (plus have access to toys we haven't even heard of, yet ;^)). -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message