vlan problem

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

vlan problem

johnw-3
hi, I want create vlan network, I create two files

hostname.vio0
up

hostname.vlan0
inet 10.10.10.101 255.255.255.0 10.10.10.255 parent vio0 vnetid 10

then reboot

I can not ping 10.10.10.1

If I create bridge0, and add vio0 and vlan0 to bridge0, then I can ping 10.10.10.1

Or if I just use vio0 without vlan,
hostname.vio0
inet 10.10.10.101 255.255.255.0 10.10.10.255
I can also ping 10.10.10.1.

Why vlan0 not linked vio0(parent) without create bridge?

Is this normal? AM I miss understand vlan?

(eg: I also tried on real machine with hostname.em0 card, same result)

Thanks.





Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC
Reply | Threaded
Open this post in threaded view
|

Re: vlan problem

johnw-3
My system is:

OpenBSD 6.4-current (GENERIC.MP) #639: Sun Jan 27 14:27:05 MST 2019 [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP

Thanks.

On 2019年1月28日 19:57:01 [GMT+08:00], johnw <[hidden email]> wrote:

>hi, I want create vlan network, I create two files
>
>hostname.vio0
>up
>
>hostname.vlan0
>inet 10.10.10.101 255.255.255.0 10.10.10.255 parent vio0 vnetid 10
>
>then reboot
>
>I can not ping 10.10.10.1
>
>If I create bridge0, and add vio0 and vlan0 to bridge0, then I can ping
>10.10.10.1
>
>Or if I just use vio0 without vlan,
>hostname.vio0
>inet 10.10.10.101 255.255.255.0 10.10.10.255
>I can also ping 10.10.10.1.
>
>Why vlan0 not linked vio0(parent) without create bridge?
>
>Is this normal? AM I miss understand vlan?
>
>(eg: I also tried on real machine with hostname.em0 card, same result)
>
>Thanks.
>
>
>
>
>
>Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC


Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC
Reply | Threaded
Open this post in threaded view
|

Re: vlan problem

Josh Grosse-3
In reply to this post by johnw-3
On Mon, Jan 28, 2019 at 07:57:01PM +0800, johnw wrote:
> hi, I want create vlan network....

vlan(4) **REQUIRES** switching equipment that supports
802.1Q Ethernet tagging.  These are known as "managed
switches".

Reply | Threaded
Open this post in threaded view
|

Re: vlan problem

Stuart Henderson
In reply to this post by johnw-3
On 2019-01-28, johnw <[hidden email]> wrote:

> hi, I want create vlan network, I create two files
>
> hostname.vio0
> up
>
> hostname.vlan0
> inet 10.10.10.101 255.255.255.0 10.10.10.255 parent vio0 vnetid 10
>
> then reboot
>
> I can not ping 10.10.10.1
>
> If I create bridge0, and add vio0 and vlan0 to bridge0, then I can ping 10.10.10.1
>
> Or if I just use vio0 without vlan,
> hostname.vio0
> inet 10.10.10.101 255.255.255.0 10.10.10.255
> I can also ping 10.10.10.1.
>
> Why vlan0 not linked vio0(parent) without create bridge?
>
> Is this normal? AM I miss understand vlan?
>
> (eg: I also tried on real machine with hostname.em0 card, same result)
>
> Thanks.
>
>
>
>
>
> Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC
>

I think you misunderstand vlan.

Maybe describe what you're trying to do and see if somebody can suggest
how to do it, which might involve vlan interfaces, or might not.


Reply | Threaded
Open this post in threaded view
|

Re: vlan problem

Stuart Henderson
In reply to this post by Josh Grosse-3
On 2019-01-28, Josh Grosse <[hidden email]> wrote:
> On Mon, Jan 28, 2019 at 07:57:01PM +0800, johnw wrote:
>> hi, I want create vlan network....
>
> vlan(4) **REQUIRES** switching equipment that supports
> 802.1Q Ethernet tagging.  These are known as "managed
> switches".
>
>

At the risk of adding confusion, but...you can still send vlan
packets to a dumb switch and receive them on another machine - they
just see the vlan header as something inside the 'data' part of the
frame which they don't care about. You just get all the vlans on
all ports, no segregation.


Reply | Threaded
Open this post in threaded view
|

Re: vlan problem

Radek
In reply to this post by johnw-3
This works for me:
$cat /etc/hostname.vr1
up

$cat /etc/hostname.vlan2
inet 10.0.2.254 255.255.255.0 NONE vlan 2 vlandev vr1

$cat /etc/hostname.vlan100
inet 10.0.100.254 255.255.255.0 NONE vlan 100 vlandev vr1

OpenBSD 6.3 (GENERIC) #3: Thu Dec 20 09:35:15 MST 2018
    [hidden email]:/usr/src/sys/arch/i386/compile/GENERIC

As Josh mentioned, you also need 802.1Q managed switch. Then you have to configure your VLANs on your switch.
Example:
let's have any 16ports switch:
16p - configure as uplink for vlan2 and vlan100
1-10p - configure as ports of vlan2
11-15p - configure as ports of vlan100

Then connect 16p to your vlanNIC of openbsd box.

On Mon, 28 Jan 2019 20:02:19 +0800
johnw <[hidden email]> wrote:

> My system is:
>
> OpenBSD 6.4-current (GENERIC.MP) #639: Sun Jan 27 14:27:05 MST 2019 [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>
> Thanks.
>
> On 2019年1月28日 19:57:01 [GMT+08:00], johnw <[hidden email]> wrote:
> >hi, I want create vlan network, I create two files
> >
> >hostname.vio0
> >up
> >
> >hostname.vlan0
> >inet 10.10.10.101 255.255.255.0 10.10.10.255 parent vio0 vnetid 10
> >
> >then reboot
> >
> >I can not ping 10.10.10.1
> >
> >If I create bridge0, and add vio0 and vlan0 to bridge0, then I can ping
> >10.10.10.1
> >
> >Or if I just use vio0 without vlan,
> >hostname.vio0
> >inet 10.10.10.101 255.255.255.0 10.10.10.255
> >I can also ping 10.10.10.1.
> >
> >Why vlan0 not linked vio0(parent) without create bridge?
> >
> >Is this normal? AM I miss understand vlan?
> >
> >(eg: I also tried on real machine with hostname.em0 card, same result)
> >
> >Thanks.
> >
> >
> >
> >
> >
> >Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC
>
>
> Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC


--
radek

Reply | Threaded
Open this post in threaded view
|

Re: vlan problem

johnw-3
In reply to this post by johnw-3
Hi, thank you first, and I think I totally misunderstand vlan.

I want create vlan network, because minidlna / wifi.

My openbsd system have 4nics(em0-3), and em2 is connected a wifi
rounter(tplink), which already setup as bridge,
and the wifi client(sony tv/mobile) can request dhcp/ip from openbsd.

And em3 is directly(no switch/pub, just cat6 cable) connected
linux/debian system,
and this debian is kvm/lxc host, and the eth0 is already setup as
bridge, (debian/lxc/kvm also can request dhcp/ip from openbsd)
one of the lxc/guest is minidlna server.

I created bridge0 on openbsd(em2, em3 and vether0), reference of this
https://www.openbsd.org/faq/faq6.html#Bridge.
and setup 10.10.10.1/24 on vether0, so debian(lxc/kvm/minidlna) and
wifi(tv) all is the same subnet (10.10.10.0/24).
and I can see minidlna server on tv/mobile, it work.
(one thing is I need run mcastproxy on vether0 to make minidlna/tv work,
both up/down stream on vether0, before 6.4 is not needed, I don't know
why)

Now. I want try to setup vlan network like this. (I don't know is it
popper way or even impossible)
em2 --> bridge0
em3 --> 10.10.10.0/24 (debian/kvm/lvm on this)
vlan3 --> on top of em3 --> bridge0
vether0 --> bridge0
(bridge0,vether0,em2,vlan3) --> 10.10.20.0/24  (wifi/tv/mobile on this)

And I can split (is it good idea?)two subnet, but also can set minidlna
server to use 10.10.20.0/24 (wifi network).

I think, I need to setup debian/bridge to support vlan tagged to achieve
it, right?

I am wondering, how people setup home network, to serve dlna (all
Iot/computer on one subnet)?

Thank you, thanks all.

Zé Loff 於 2019-01-28 16:29 寫到:

> On Mon, Jan 28, 2019 at 07:57:01PM +0800, johnw wrote:
>> hi, I want create vlan network, I create two files
>>
>> hostname.vio0
>> up
>>
>> hostname.vlan0
>> inet 10.10.10.101 255.255.255.0 10.10.10.255 parent vio0 vnetid 10
>>
>> then reboot
>>
>> I can not ping 10.10.10.1
>>
>> If I create bridge0, and add vio0 and vlan0 to bridge0, then I can
>> ping 10.10.10.1
>>
>> Or if I just use vio0 without vlan,
>> hostname.vio0
>> inet 10.10.10.101 255.255.255.0 10.10.10.255
>> I can also ping 10.10.10.1.
>>
>> Why vlan0 not linked vio0(parent) without create bridge?
>>
>> Is this normal? AM I miss understand vlan?
>>
>> (eg: I also tried on real machine with hostname.em0 card, same result)
>>
>> Thanks.
>>
>>
>>
>>
>>
>> Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC
>
> You don't give any details regarding the physical network (are both
> machines virtual? are they connected directly? is there a switch
> between
> them?) so we are left guessing.  Given the lack of information, I'll
> just state some general stuff about VLANs and try to guess what's
> happening.
>
> Usually, packets run around without a VLAN tag (something that added to
> their header), so everything that leaves vio0 or em0 will go out
> untagged and usually when the get to an ordinary switch they go out on
> all ports and get picked up by whichever machines are connected to it.
> These machines, unless configured otherwise, will only pick up untagged
> packets.
>
> When you configure a vlan device, you are appending a VLAN tag to some
> of the packages that leave a physical interface.  Crucially, the
> packets
> have to be received by a host that has an interface that is "listening"
> on the same VLAN, i.e., that's expecting tagged packets with the same
> vnetid.  So unless the receiving end also has a vlan interface, it
> won't
> be expecting tagged packets and will thus ignore them.
>
> My guess is that in your case the other host has 10.10.10.1 on a
> "normal" interface, instead of a tagged one.  And since it is not
> expecting tagged packets for that subnet (or at all), it ignores the
> ping.
>
> To fix this you have two options: either create a vlan device on the
> other host and configure it with 10.10.10.1 or have a managed switch
> between both hosts that has a port configured to VLAN 10 and that
> untags the packets that leave that port.
>
> When you bridge vio0 and vlan0 -- note: for clarity this should be
> vlan10 and not vlan0, to match the vnetid. this is not mandatory but
> makes the configuration easier to understand -- I am guessing that the
> packet leaves the vio0 interface untagged, and that's why it gets
> picked
> up on the other end.
>
> Also, note that there is no requirement for a managed switch, unmanaged
> switches will gladly pass tagged packets around.  However, unlike
> managed switches, they won't forward them to specific ports and/or
> untag them.

--
Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC

Reply | Threaded
Open this post in threaded view
|

Re: vlan problem

johnw-3
Hi, finally, I following to https://wiki.debian.org/NetworkConfiguration,
make both openbsd and debian support vlan, then I can ping/connect both side now.
Thanks.

On 2019年1月29日 09:53:07 [GMT+08:00], johnw <[hidden email]> wrote:

>Hi, thank you first, and I think I totally misunderstand vlan.
>
>I want create vlan network, because minidlna / wifi.
>
>My openbsd system have 4nics(em0-3), and em2 is connected a wifi
>rounter(tplink), which already setup as bridge,
>and the wifi client(sony tv/mobile) can request dhcp/ip from openbsd.
>
>And em3 is directly(no switch/pub, just cat6 cable) connected
>linux/debian system,
>and this debian is kvm/lxc host, and the eth0 is already setup as
>bridge, (debian/lxc/kvm also can request dhcp/ip from openbsd)
>one of the lxc/guest is minidlna server.
>
>I created bridge0 on openbsd(em2, em3 and vether0), reference of this
>https://www.openbsd.org/faq/faq6.html#Bridge.
>and setup 10.10.10.1/24 on vether0, so debian(lxc/kvm/minidlna) and
>wifi(tv) all is the same subnet (10.10.10.0/24).
>and I can see minidlna server on tv/mobile, it work.
>(one thing is I need run mcastproxy on vether0 to make minidlna/tv
>work,
>both up/down stream on vether0, before 6.4 is not needed, I don't know
>why)
>
>Now. I want try to setup vlan network like this. (I don't know is it
>popper way or even impossible)
>em2 --> bridge0
>em3 --> 10.10.10.0/24 (debian/kvm/lvm on this)
>vlan3 --> on top of em3 --> bridge0
>vether0 --> bridge0
>(bridge0,vether0,em2,vlan3) --> 10.10.20.0/24  (wifi/tv/mobile on this)
>
>And I can split (is it good idea?)two subnet, but also can set minidlna
>
>server to use 10.10.20.0/24 (wifi network).
>
>I think, I need to setup debian/bridge to support vlan tagged to
>achieve
>it, right?
>
>I am wondering, how people setup home network, to serve dlna (all
>Iot/computer on one subnet)?
>
>Thank you, thanks all.
>
>Zé Loff 於 2019-01-28 16:29 寫到:
>> On Mon, Jan 28, 2019 at 07:57:01PM +0800, johnw wrote:
>>> hi, I want create vlan network, I create two files
>>>
>>> hostname.vio0
>>> up
>>>
>>> hostname.vlan0
>>> inet 10.10.10.101 255.255.255.0 10.10.10.255 parent vio0 vnetid 10
>>>
>>> then reboot
>>>
>>> I can not ping 10.10.10.1
>>>
>>> If I create bridge0, and add vio0 and vlan0 to bridge0, then I can
>>> ping 10.10.10.1
>>>
>>> Or if I just use vio0 without vlan,
>>> hostname.vio0
>>> inet 10.10.10.101 255.255.255.0 10.10.10.255
>>> I can also ping 10.10.10.1.
>>>
>>> Why vlan0 not linked vio0(parent) without create bridge?
>>>
>>> Is this normal? AM I miss understand vlan?
>>>
>>> (eg: I also tried on real machine with hostname.em0 card, same
>result)
>>>
>>> Thanks.
>>>
>>>
>>>
>>>
>>>
>>> Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC
>>
>> You don't give any details regarding the physical network (are both
>> machines virtual? are they connected directly? is there a switch
>> between
>> them?) so we are left guessing.  Given the lack of information, I'll
>> just state some general stuff about VLANs and try to guess what's
>> happening.
>>
>> Usually, packets run around without a VLAN tag (something that added
>to
>> their header), so everything that leaves vio0 or em0 will go out
>> untagged and usually when the get to an ordinary switch they go out
>on
>> all ports and get picked up by whichever machines are connected to
>it.
>> These machines, unless configured otherwise, will only pick up
>untagged
>> packets.
>>
>> When you configure a vlan device, you are appending a VLAN tag to
>some
>> of the packages that leave a physical interface.  Crucially, the
>> packets
>> have to be received by a host that has an interface that is
>"listening"
>> on the same VLAN, i.e., that's expecting tagged packets with the same
>> vnetid.  So unless the receiving end also has a vlan interface, it
>> won't
>> be expecting tagged packets and will thus ignore them.
>>
>> My guess is that in your case the other host has 10.10.10.1 on a
>> "normal" interface, instead of a tagged one.  And since it is not
>> expecting tagged packets for that subnet (or at all), it ignores the
>> ping.
>>
>> To fix this you have two options: either create a vlan device on the
>> other host and configure it with 10.10.10.1 or have a managed switch
>> between both hosts that has a port configured to VLAN 10 and that
>> untags the packets that leave that port.
>>
>> When you bridge vio0 and vlan0 -- note: for clarity this should be
>> vlan10 and not vlan0, to match the vnetid. this is not mandatory but
>> makes the configuration easier to understand -- I am guessing that
>the
>> packet leaves the vio0 interface untagged, and that's why it gets
>> picked
>> up on the other end.
>>
>> Also, note that there is no requirement for a managed switch,
>unmanaged
>> switches will gladly pass tagged packets around.  However, unlike
>> managed switches, they won't forward them to specific ports and/or
>> untag them.
>
>--
>Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC


Key fingerprint: CDB3 6C62 254B C088 1E5D DD32 182C 97DB CF2C 80AC