Date: Thu, 10 Nov 2005 14:25:07 +0100 From: Jon Otterholm <jon.otterholm@ide.resurscentrum.se> To: Brian Candler <B.Candler@pobox.com> Cc: freebsd-net@freebsd.org Subject: Re: arp-proxy Message-ID: <1131629107.878.22.camel@localhost.localdomain> In-Reply-To: <20051110124903.GB67086@uk.tiscali.com> References: <1131541588.996.13.camel@localhost.localdomain> <20051110124903.GB67086@uk.tiscali.com>
next in thread | previous in thread | raw e-mail | index | archive | help
That depends... In all this - our role is similar to an ISP, but we are buying access to our customers from an external part. Every customer is delivered on a separate vlan trunked. - Our DSL customers cannot be set on the same VLAN i a single DSLAM (don't ask me why - ask Alcatel). - We cannot build a simple bridge because the Network service provider can't handle when a MAC-address shows up on 2 different VLAN's. The arp-proxy should do the following: - Forward any broadcast packets but rewrite src to its own mac. - Forward unicast packets according to FDB but rewrite src to its own mac. I hope this makes it clear. /J On Thu, 2005-11-10 at 12:49 +0000, Brian Candler wrote: > On Wed, Nov 09, 2005 at 02:06:28PM +0100, Jon Otterholm wrote: > > I want to create a bridge-interface (if_bridge) with a bunch (500+) of > > sub-interfaces (vlan) as members. All members of the bridge should be > > able to "talk" to each other but MAC-addresses must be isolated to their > > "own" vlan. > > That doesn't really make any sense to me, can you give a concrete example of > how it should behave? And/or a higher-level description of what it is you're > actually trying to achieve? > > Note that if the VLANs are *bridged* together then: > (1) they form a single broadcast domain. A broadcast packet on any one VLAN > will be forwarded to all other VLANs > (2) a unicast packet to MAC address XX:XX:XX:XX:XX:XX will be forwarded only > to the VLAN which has that node, as long as the forwarding table knows > where it is (if not, it will be forwarded to all VLANs) > > So bridging VLANs really just collapses them back into a single LAN, which > means you shouldn't have set up any VLANs in the first place :-(
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1131629107.878.22.camel>