Re: enabling if_bridge STP
On Thursday 06 December 2007 17:00, Nikos Vassiliadis wrote: > On Thursday 06 December 2007 15:37:21 Silver Salonen wrote: > > In my case there's a straight connection between bridge1 > > and bridge2 too, so that they don't have to communicate through > > root-bridge. > > Yes, but that also can create a loop and according to STP must be > eliminated. > > Perhaps you can use some inventive IP addressing scheme, to force > direct communication... some ifconfig option(the edge option?) to > force forwarding... a tunnel... or some other weirdness(TM) ;) Well, I just discovered STP, so I might expect too much from it. I thought that in my scenario (circular VPNs), STP would just discover what's the shortest way (ie. whitch VPN-connection to go) from 192.168.1/24 to 192.168.2/24, from 192.168.1/24 to 192.168.3/24, from 192.168.2/24 to 192.168.3/24 etc, and then just lets all the packets (including layer 2 ones) pass the right bridge, and block them on other bridges, eliminating possibility for loops. If it's not what STP does, then I'm a little confused, what does STP do. -- Silver ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: enabling if_bridge STP
On Thu, 6 Dec 2007 15:37:21 +0200 Silver Salonen <[EMAIL PROTECTED]> wrote: > Is all the traffic pass through the root-bridge in this case, so that > if bridge1 wants to talk to bridge2, it has to go through root-bridge > and not straight? In my case there's a straight connection between > bridge1 and bridge2 too, so that they don't have to communicate > through root-bridge. The problem is that, even with switched ethernet, some packets have to be broadcast, which can lead to packets going round in loops or multiplying into a broadcast storm. STP prevents this by disabling connections to remove loops in the network. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: enabling if_bridge STP
On Thursday 06 December 2007 15:37:21 Silver Salonen wrote: > Is all the traffic pass through the root-bridge in this case, so that if > bridge1 wants to talk to bridge2, it has to go through root-bridge and > not straight? Yes, they'll have to go through the root-bridge. STP will create a tree by shutting down ports causing loops. That's how STP works. It's all about avoiding loops... Not following the shortest path is not very important for a layer two device. Creating a loop in the topology and bringing the network down because of it, is. > In my case there's a straight connection between bridge1 > and bridge2 too, so that they don't have to communicate through > root-bridge. Yes, but that also can create a loop and according to STP must be eliminated. Perhaps you can use some inventive IP addressing scheme, to force direct communication... some ifconfig option(the edge option?) to force forwarding... a tunnel... or some other weirdness(TM) ;) Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: enabling if_bridge STP
On Thursday 06 December 2007 15:01, Nikos Vassiliadis wrote: > On Thursday 06 December 2007 13:31:38 Silver Salonen wrote: > > On Thursday 06 December 2007 13:21, Nikos Vassiliadis wrote: > > > On Thursday 06 December 2007 12:20:18 Atrox wrote: > > > > Well, as I understand, in my case, STP should be enabled mainly on > > > > TAP-interfaces as it would eliminate the scenario where, for an > > > > example, ARP-requests from 192.168.1.1 for 192.168.3.1 reach > > > > 192.168.2.1. Have I understood it correctly? > > > > > > It sounds like you want to isolate the ethernets, not bridge them. > > > Bridging is not what you need, if I have understood correctly. > > > > > > You want to keep ARP and broadcasts to the relevant boxes, right? > > > You have to use VLANs on your switch to achieve this, not bridging. > > > > Actually the final target is to connect all the 3 LANs over VPN, so that > > they can browse eachother networks etc. When I did it, I could see > > duplicate packets looping through all bridges, so I thought I'd bring in > > STP. That's what it's for, right? > > Not really, STP must be used/needed in a dynamic environment to > eliminate loops. Your environment doesn't seem dynamic to me. You > can create a loop-free topology like this: > > http://users.teledomenet.gr/nvass/topology.png > > 1) 10.0.0.0/24 is the shared network. > 2) bridge1 bridges eth0 and tap0 which is the VPN to the root-bridge. > 3) bridge2 bridges eth0 and tap0 which is the VPN to the root-bridge. > 4) root-bridge bridges eth0, tap0 and tap1. Is all the traffic pass through the root-bridge in this case, so that if bridge1 wants to talk to bridge2, it has to go through root-bridge and not straight? In my case there's a straight connection between bridge1 and bridge2 too, so that they don't have to communicate through root-bridge. -- Silver ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: enabling if_bridge STP
On Thursday 06 December 2007 13:31:38 Silver Salonen wrote: > On Thursday 06 December 2007 13:21, Nikos Vassiliadis wrote: > > On Thursday 06 December 2007 12:20:18 Atrox wrote: > > > Well, as I understand, in my case, STP should be enabled mainly on > > > TAP-interfaces as it would eliminate the scenario where, for an > > > example, ARP-requests from 192.168.1.1 for 192.168.3.1 reach > > > 192.168.2.1. Have I understood it correctly? > > > > It sounds like you want to isolate the ethernets, not bridge them. > > Bridging is not what you need, if I have understood correctly. > > > > You want to keep ARP and broadcasts to the relevant boxes, right? > > You have to use VLANs on your switch to achieve this, not bridging. > > Actually the final target is to connect all the 3 LANs over VPN, so that > they can browse eachother networks etc. When I did it, I could see > duplicate packets looping through all bridges, so I thought I'd bring in > STP. That's what it's for, right? Not really, STP must be used/needed in a dynamic environment to eliminate loops. Your environment doesn't seem dynamic to me. You can create a loop-free topology like this: http://users.teledomenet.gr/nvass/topology.png 1) 10.0.0.0/24 is the shared network. 2) bridge1 bridges eth0 and tap0 which is the VPN to the root-bridge. 3) bridge2 bridges eth0 and tap0 which is the VPN to the root-bridge. 4) root-bridge bridges eth0, tap0 and tap1. If you want STP, which you shouldn't normally using this topology, increase root-bridge's priority manually, in order to win the elections and be the root bridge. Note that the external interfaces are not participating in the bridge. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: enabling if_bridge STP
On Thursday 06 December 2007 13:21, Nikos Vassiliadis wrote: > On Thursday 06 December 2007 12:20:18 Atrox wrote: > > Well, as I understand, in my case, STP should be enabled mainly on > > TAP-interfaces as it would eliminate the scenario where, for an example, > > ARP-requests from 192.168.1.1 for 192.168.3.1 reach 192.168.2.1. Have I > > understood it correctly? > > It sounds like you want to isolate the ethernets, not bridge them. > Bridging is not what you need, if I have understood correctly. > > You want to keep ARP and broadcasts to the relevant boxes, right? > You have to use VLANs on your switch to achieve this, not bridging. Actually the final target is to connect all the 3 LANs over VPN, so that they can browse eachother networks etc. When I did it, I could see duplicate packets looping through all bridges, so I thought I'd bring in STP. That's what it's for, right? -- Silver ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: enabling if_bridge STP
On Thursday 06 December 2007 12:20:18 Atrox wrote: > Well, as I understand, in my case, STP should be enabled mainly on > TAP-interfaces as it would eliminate the scenario where, for an example, > ARP-requests from 192.168.1.1 for 192.168.3.1 reach 192.168.2.1. Have I > understood it correctly? It sounds like you want to isolate the ethernets, not bridge them. Bridging is not what you need, if I have understood correctly. You want to keep ARP and broadcasts to the relevant boxes, right? You have to use VLANs on your switch to achieve this, not bridging. HTH, Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: enabling if_bridge STP
Nikos Vassiliadis-2 wrote: > > On Thursday 06 December 2007 10:17:36 Atrox wrote: >> Am I doing smth wrong? > > Hm, are these FreeBSD boxes you are trying to bridge, > on the same ethernet? > Yes, all these boxes are connected to our LAN with their ext_ifs. Also, one of them has a switch and a PC connected to its int_if, other int_ifs are "status: no carrier". > STP will create a tree by disabling some ports > to eliminate loops in the topology. If you have > a loop-free topology, all ports should be active. > Well, as I understand, in my case, STP should be enabled mainly on TAP-interfaces as it would eliminate the scenario where, for an example, ARP-requests from 192.168.1.1 for 192.168.3.1 reach 192.168.2.1. Have I understood it correctly? > ASCII art time! What's your topology? > Well, let's try ;) The machines stand like this: 192.168.8.15/24 - GW/NAT - 192.168.1/24 || 192.168.8.16/24 == 192.168.8/24 == == - GW/NAT - ||192.168.2/24 192.168.8.17/24 - GW/NAT - 192.168.3/24 -- View this message in context: http://www.nabble.com/enabling-if_bridge-STP-tf4954594.html#a14189511 Sent from the freebsd-questions mailing list archive at Nabble.com. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: enabling if_bridge STP
On Thursday 06 December 2007 10:17:36 Atrox wrote: > Am I doing smth wrong? Hm, are these FreeBSD boxes you are trying to bridge, on the same ethernet? STP will create a tree by disabling some ports to eliminate loops in the topology. If you have a loop-free topology, all ports should be active. ASCII art time! What's your topology? Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
