hello, currently we allow users to create a vlan and a bridge on the same interface, like this:
% ifconfig ix0.100 create
% ifconfig bridge0 create addm ix0
i am aware that some people are using this in production, but because it
doesn't work properly[0], i would like to forbid this configuration in
16.0, i.e. it would not be possible to add an interface to a bridge if
vlans are present on that interface, and vice versa.
i am looking for feedback from people who are currently using this:
- can you switch your untagged traffic to tagged instead and use a
vlan(4) in a bridge? e.g.,
% ifconfig ix0.100 create
% ifconfig ix0.101 create
% ifconfig bridge0 create addm ix0.101
- can you switch to a vlan filtering bridge instead? e.g.,
% ifconfig bridge0 create addm ix0 vlanfilter tagged ix0 100,101
% ifconfig bridge0.100 create
% ifconfig bridge0.101 create
if the answer to both these questions is no, it would be helpful if you
could explain why.
[0] specifically, because both bridge(4) and vlan(4) expect to handle
tagged traffic, it is not clear how the tagged packets on the
interface should be handled. currently, they are processed by
bridge(4) unless they are destined for a local Ethernet address,
in which case they processed by vlan(4), but this behaviour is
somewhat non-obvious and breaks things that require promiscuous
mode on the vlan interface (e.g., tcpdump).
signature.asc
Description: PGP signature
