NETGRAPH- bridge vlans using netgraph help

Freddie Cash fjwcash at gmail.com
Mon Apr 30 16:46:15 UTC 2018 

On Sat, Apr 28, 2018 at 12:55 PM, Eugene Grosbein <eugen at grosbein.net>
wrote:

> 28.04.2018 21:57, Freddie Cash wrote:
>
> > If you want to think of it in switch terms, FreeBSD supports access
> ports (untagged vlan) and trunk ports (tagged vlans).
> > But there's no support for hybrid ports (tagged vlans with a PVID on the
> port that adds tags to untagged traffic).
>
> Not entirely correct. As FreeBSD is not a switch, it by default does not
> have nor need PVID notion at.
> However, FreeBSD still can bridge incoming untagged frames with arbitrary
> interface vlan.
>

​What you wrote doesn't conflict with anything I said.

You can have two interfaces, one configured directly (igb0), the other
configured for a tagged vlan (vlan5 using igb1), and bridge them together
to pass traffic between interfaces, yes.  Nothing I wrote says you can't.
Nor is this what the OP wants.

You can't configure an interface in FreeBSD with vlan X, and accept
untagged packets on that interface, and have those incoming packets tagged
with vlan X after being received.  (aka a hybrid port with a PVID set)
Note:  a single interface.

What the OP is trying to do is have PC1 send untagged packets to igb0 on
FreeBSD which is configured for tagged vlan 5.  Then bridge the packets to
igb1 which is also configured for tagged vlan 5.  Then send the packets
out, untagged, to PC2.

With a switch, this is easy to do.  You just mark the two ports as being
part of untagged vlan 5 and you are done.  FreeBSD doesn't have a concept
of "untagged vlan 5" as there's no concept of a PVID on an interface.

Maybe there's a way to do this via a virtual switch like openvswitch or
VALE or similar (or maybe by mangling the packets via netgraph?), but that
gets overly complicated and brittle, and is something better suited to a
proper managed switch.  Or to configuring PC1 and PC2 to send tagged
packets.  Or any other number of ways of properly configuring the network
instead of trying to twist FreeBSD's network stack into shapes it was never
meant to support.

​Note:  this is knowledge gained from trying to configure interfaces to
work with tagged and untagged vlans and things going wonky and then some
(on FreeBSD and Linux, but the Linux side of things is horrible as you can
actually mix tagged and untagged vlans on an interface but it just breaks
things in weird and wonderful ways due to the way they pass tags around the
stack).  I haven't actually looked at the network stack code, so maybe
there's a way to make this work, but in-the-field experience says it can't.​

-- 
Freddie Cash
fjwcash at gmail.com

More information about the freebsd-net mailing list