Re: enabling if_bridge STP
On Thursday 06 December 2007 17:00, Nikos Vassiliadis wrote: On Thursday 06 December 2007 15:37:21 Silver Salonen wrote: In my case there's a straight connection between bridge1 and bridge2 too, so that they don't have to communicate through root-bridge. Yes, but that also can create a loop and according to STP must be eliminated. Perhaps you can use some inventive IP addressing scheme, to force direct communication... some ifconfig option(the edge option?) to force forwarding... a tunnel... or some other weirdness(TM) ;) Well, I just discovered STP, so I might expect too much from it. I thought that in my scenario (circular VPNs), STP would just discover what's the shortest way (ie. whitch VPN-connection to go) from 192.168.1/24 to 192.168.2/24, from 192.168.1/24 to 192.168.3/24, from 192.168.2/24 to 192.168.3/24 etc, and then just lets all the packets (including layer 2 ones) pass the right bridge, and block them on other bridges, eliminating possibility for loops. If it's not what STP does, then I'm a little confused, what does STP do. -- Silver ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: enabling if_bridge STP
On Thursday 06 December 2007 13:21, Nikos Vassiliadis wrote: On Thursday 06 December 2007 12:20:18 Atrox wrote: Well, as I understand, in my case, STP should be enabled mainly on TAP-interfaces as it would eliminate the scenario where, for an example, ARP-requests from 192.168.1.1 for 192.168.3.1 reach 192.168.2.1. Have I understood it correctly? It sounds like you want to isolate the ethernets, not bridge them. Bridging is not what you need, if I have understood correctly. You want to keep ARP and broadcasts to the relevant boxes, right? You have to use VLANs on your switch to achieve this, not bridging. Actually the final target is to connect all the 3 LANs over VPN, so that they can browse eachother networks etc. When I did it, I could see duplicate packets looping through all bridges, so I thought I'd bring in STP. That's what it's for, right? -- Silver ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: enabling if_bridge STP
On Thursday 06 December 2007 15:01, Nikos Vassiliadis wrote: On Thursday 06 December 2007 13:31:38 Silver Salonen wrote: On Thursday 06 December 2007 13:21, Nikos Vassiliadis wrote: On Thursday 06 December 2007 12:20:18 Atrox wrote: Well, as I understand, in my case, STP should be enabled mainly on TAP-interfaces as it would eliminate the scenario where, for an example, ARP-requests from 192.168.1.1 for 192.168.3.1 reach 192.168.2.1. Have I understood it correctly? It sounds like you want to isolate the ethernets, not bridge them. Bridging is not what you need, if I have understood correctly. You want to keep ARP and broadcasts to the relevant boxes, right? You have to use VLANs on your switch to achieve this, not bridging. Actually the final target is to connect all the 3 LANs over VPN, so that they can browse eachother networks etc. When I did it, I could see duplicate packets looping through all bridges, so I thought I'd bring in STP. That's what it's for, right? Not really, STP must be used/needed in a dynamic environment to eliminate loops. Your environment doesn't seem dynamic to me. You can create a loop-free topology like this: http://users.teledomenet.gr/nvass/topology.png 1) 10.0.0.0/24 is the shared network. 2) bridge1 bridges eth0 and tap0 which is the VPN to the root-bridge. 3) bridge2 bridges eth0 and tap0 which is the VPN to the root-bridge. 4) root-bridge bridges eth0, tap0 and tap1. Is all the traffic pass through the root-bridge in this case, so that if bridge1 wants to talk to bridge2, it has to go through root-bridge and not straight? In my case there's a straight connection between bridge1 and bridge2 too, so that they don't have to communicate through root-bridge. -- Silver ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
