Prev: Netfilter clarification
Next: Connecting via ssh from machines on different subnets
From: David Schwartz on 24 Jun 2010 06:53

Let's try it again, from a simpler point of view.

Suppose the switch receives two broadcast packets on port 1, one
tagged VLAN 10 (call this '1,10') and one tagged VLAN 11 (call this
'1,11'). Then the switch receives two broadcast packets on port 2, one
tagged VLAN 10 (call this '2,10') and one tagged VLAN 11 (call this
'2,11').

I presume your intention would be packets 1,10 and 1,11 would come out
logical interface 1, tagged with VLANs 10 and 11 respectively. And
packets 2,10 and 2,11 would come out logical interface 2, tagged with
VLANs 10 and 11 respectively.

Is that a correct description of the effect you want?

Now, how can you get it?

Suppose you configure physical ports to ignore incoming VLAN tags.
Now, you can't tell packets 1,10 and 1,11 apart. So you have no way to
tag them correctly when you pass them to the operating system.

Suppose you configure physical ports to pass incoming VLAN tags. Now,
you can't tell packets 1,10 and 2,10 apart. So you have no way to
route them to the correct virtual interfaces when you pass them to the
operating system.

Since each of these four packets must be handled differently, you
would need to assign them four different tags in order for the driver
to tell them apart. However, there is no way to give them four
different tags -- you can only either pass the tag or set the tag.

And this is only one problem you would have trying to make this work.

DS
From: Pascal Hambourg on 24 Jun 2010 07:23
David Schwartz a �crit :
> Let's try it again, from a simpler point of view.
>
> Suppose the switch receives two broadcast packets on port 1, one
> tagged VLAN 10 (call this '1,10') and one tagged VLAN 11 (call this
> '1,11'). Then the switch receives two broadcast packets on port 2, one
> tagged VLAN 10 (call this '2,10') and one tagged VLAN 11 (call this
> '2,11').
>
> I presume your intention would be packets 1,10 and 1,11 would come out
> logical interface 1, tagged with VLANs 10 and 11 respectively. And
> packets 2,10 and 2,11 would come out logical interface 2, tagged with
> VLANs 10 and 11 respectively.
>
> Is that a correct description of the effect you want?

I didn't read any need for external VLAN tagging in Mark's posts.

> Now, how can you get it?
>
> Suppose you configure physical ports to ignore incoming VLAN tags.
> Now, you can't tell packets 1,10 and 1,11 apart. So you have no way to
> tag them correctly when you pass them to the operating system.

What do you mean by "ignore" ? Replace the incoming VLAN ID with the one
associated to the port ?
From: Pascal Hambourg on 24 Jun 2010 07:29
Mark a �crit :
>
> What I have is bcm5358u - Broadcom's SoC containing MIPS core, 5-port switch
> core connected to the CPU via internal MII.
[...]
> bcm5358's ethernet driver supports VLANs and currently it seperates these 5
> ports in two VLAN groups. Now I'm going to
> use two ports of bcm5358 to connect to external 24-port switch, thus these
> two ports will serve as WAN and LAN ports respectively and should be able to
> have IP addresses on them. I see no other reason rather then make them look
> distinct interfaces form the point of view of OS.

Doesn't that current setup meet this need ? You can assign one VLAN
group as WAN and the other one as LAN, using either port of each group
to connect to the switch. You just need is to create and use the VLAN
subinterfaces for the two VLAN IDs in Linux. Ok, they won't be named
eth0 and eth1 but eth0.<vlan_id1> and eth0.<vlan_id2>.
From: David Brown on 24 Jun 2010 09:43
On 24/06/2010 03:44, Mark wrote:
> Hello,
>
> Pascal Hambourg wrote:
>> What kind of switch chip is it ?
>
> What I have is bcm5358u - Broadcom's SoC containing MIPS core, 5-port
> switch core connected to the CPU via internal MII.
>
>> However if it is a hardware switch (the device eth0 being the internal
>> connection to the switch) just like an external switch then this is
>> not possible unless it supports VLANs : then you could create one
>> VLAN per physical port and create VLAN tagged subinterfaces on the
>> internal interface eth0. This way each physical port would be
>> associated to a VLAN subinterface.
>
> I think I should've given more details in my original message.
>
> bcm5358's ethernet driver supports VLANs and currently it seperates
> these 5 ports in two VLAN groups. Now I'm going to
> use two ports of bcm5358 to connect to external 24-port switch, thus
> these two ports will serve as WAN and LAN ports respectively and should
> be able to have IP addresses on them. I see no other reason rather then
> make them look distinct interfaces form the point of view of OS.
>
> PS. I've skimmed through
> http://tomoyo.sourceforge.jp/cgi-bin/lxr/source/net/dsa/ and it seems
> that it's possible to do what I need, although the kernel ported for my
> platform is older and doesn't have some features used by DSA.
>

Mark, could you give us a more precise picture of your setup here?

As I see it, you have an external 24-port switch. Is this a managed
switch (that can assign VLAN tags according to port)? If it is not a
managed switch, then I can't see why you want to connect both ports on
your broadcom device to the switch. If it /is/ a managed switch, then
everything you are trying to do with the broadcom device can be handled
more easily using the managed switch.

I have been under the assumption that you have one port of the broadcom
device switch connected to your WAN network (such as an ADSL modem),
while another port is connected to an unmanaged external switch for a LAN.

From: David Schwartz on 24 Jun 2010 16:04
On Jun 24, 4:23 am, Pascal Hambourg <boite-a-s...(a)plouf.fr.eu.org>
wrote:

> > Is that a correct description of the effect you want?
>
> I didn't read any need for external VLAN tagging in Mark's posts.

My point is that his driver could not support VLAN tagging. It also
could not support hardware switching.

> > Now, how can you get it?
>
> > Suppose you configure physical ports to ignore incoming VLAN tags.
> > Now, you can't tell packets 1,10 and 1,11 apart. So you have no way to
> > tag them correctly when you pass them to the operating system.
>
> What do you mean by "ignore" ? Replace the incoming VLAN ID with the one
> associated to the port ?

Replacing the tag is one way of ignoring it. Stripping it off is
another way.

DS
First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4 5
Prev: Netfilter clarification
Next: Connecting via ssh from machines on different subnets