tech-net archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

vlans and netbsd-current



> In Sun, Jun 08, 2014 at 10:56:50PM +1000, Darren Reed wrote:
> > 
> ...
> >         inet6 fe80::203:baff:fe34:a1f5%cas0 prefixlen 64 scopeid 0x6
> > vlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> >         vlan: 200 parent: cas0
> >         address: 00:03:ba:34:a1:f5
> > ...
> > vlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
> >         vlan: 201 parent: cas0
> >         address: 00:03:ba:34:a1:f5
> 
> > I've got three interfaces with the same MAC address!
>
> This is correct.  It is an error to connect two vlan interfaces on the
> same underlying physical network to the same layer 2 network.  So the
> MAC address being the same can't cause problems.
> ...
> Note that the
> pathological case where you configure two vlan interfaces on the same
> physical interface with the _same_ vlanif, simulating dual-attach to the
> same physical LAN in the SunOS 4 case (which is where that was problematic)
> is also insane -- it's easy enough to work out why.

I think you're wrong here.

For example, what if I were to create two chroot environments on my
NetBSD box and I wanted to use a dedicated NIC and IP address for each?
And if I want each NIC to be its own vlan interface?

Or what if I want to do virtual networking inside of NetBSD and create
a vwire between two vlan interfaces?

Or connect both vlan interfaces to a virtual switch inside the kernel?

> > However there appear to be some other issues.
> > 
> > First up, vlan interfaces are created without a link local IPv6 address
> > assigned to them automatically...?

> That's either a bug (in that it's inconsistent with what happens with the
> physical interfaces and, worse, basically breaks link-local IPv6 if you
> are running a normal, tagged-only config rather than a crazy, mixed
> tagged/untagged one) or a feature if you think like I do that you should
> have to do something to cause IPv6 to come up on the link to avoid
> security issues (in which case it's the physical interface case that has
> the bug).

> On balance I'd say this is a bug and should be fixed.  It has to be
> consistent with what the physical interfaces do, right?

That's my belief, yes.

> > Next is that all of the VLAN interfaces have the same MAC address as
> > the parent. Could get interesting if you put more than one VLAN interface
> > in the same VLAN!
>
> See above.  Can't see spending any effort to fix this.

FWIW, Solaris does this by
(1) configuring the NIC to recognise more MAC addresses if
    the NIC is capable of storing them and when that table
    is full it
(2) puts the NIC in promiscuous mode and them relies on the
    switch to only send the NIC the correct traffic. Being
    in promiscuous mode on a switch where the port isn't in
    monitoring mode is a whole lot different to when the
    device you were connecting to was a hub or 10Base2.

Neither of these depend on special hardware.
(1) is in regular broadcom and intel cards, if not others.

Kind Regards,
Darren



Home | Main Index | Thread Index | Old Index