Re:Re: brouter configuration (setup 1b) still can't work

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks a lot for Ard van Breemen. I begin to know what ivl means now.
I want to constuct a brouter and use ebtables to limit ip flow between pc's,just as setup 1b done.
If I have a lot of switch, the core switch connect to brouter must support ivl.

2007-03-05,Ard van Breemen <ard@xxxxxxxxx> wrote:
Hello,
On Mon, Mar 05, 2007 at 10:15:27AM +0800, net-wolf wrote:
> [root@ws root]#
> --------------------------------
> When bridge is up, 99% ping packet for box B to box A is lost,but box B did
> get right mac address of box A.
> I have also tried
> ifconfig eth1.2 hw ehter 00:90:27:8C:3F:E2
> ifconfig eth1.2 hw ehter 00:90:27:8C:3F:E3
> but no lucky.
This means you do not understand the real issue here :-)

> Sorry for such a long post, any hints is appreciated.
> Hello, Ard van Breemen , I think catalyst 2924 XL support IVL,do you think so?
http://www.cisco.com/en/US/products/hw/switches/ps607/products_data_sheet09186a00800922fe.html
It's end of life, and with only a 3.2Gb/s I doubt it would do
IVL. Only the latest catalyst release added 802.1Q. And seeing
your problems you definitely have SVL :-(.
So you have the following choices:
- Buy a new expensive switch (>10000 euro for an IVL if I am correct)
- Buy a wrt device (around 50 euro's), and put you router in an
  even numbered vlan, and your hosts in an odd numbered vlan.
- Do mac-address masquerading (never done it)
- Do proxy-arp and use routed networks on your router. Using
  proxy-arp, the hosts don't have to know that they don't see
  eachother.
  Proxy-arp is described in http://lartc.org/

The problem: One host does an arp. This means the bridge on the
router *must* forward that packet, and will do so exactly.
Since the switch was never build to think in seperate vlans, it
will see the mac-address move from the host-port to the router
port. Any new traffic destined for that host will go to the
router port. The router will bridge it further, and the switch
will drop it, since the mac-address is only known at the port of
the router.
SVL is the same as having a normal switch: you only have a
mac-address->port lookup, except that traffic is filtered on vlan
level.
In IVL, you have an independent vlan+mac-address->port lookup.

Regards,
Ard
_______________________________________________
Vlan mailing list
Vlan@xxxxxxxxxxxxxxx
http://www.candelatech.com/mailman/listinfo/vlan



网易邮箱精准过滤超过98%的垃圾邮件 www.126.com
_______________________________________________
Vlan mailing list
Vlan@xxxxxxxxxxxxxxx
http://www.candelatech.com/mailman/listinfo/vlan

[Index of Archives]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]     [Video 4 Linux]

  Powered by Linux