arp-proxy
Jon Otterholm
jon.otterholm at ide.resurscentrum.se
Thu Nov 10 05:25:14 PST 2005
That depends...
In all this - our role is similar to an ISP, but we are buying access to
our customers from an external part. Every customer is delivered on a
separate vlan trunked.
- Our DSL customers cannot be set on the same VLAN i a single DSLAM
(don't ask me why - ask Alcatel).
- We cannot build a simple bridge because the Network service provider
can't handle when a MAC-address shows up on 2 different VLAN's.
The arp-proxy should do the following:
- Forward any broadcast packets but rewrite src to its own mac.
- Forward unicast packets according to FDB but rewrite src to its own
mac.
I hope this makes it clear.
/J
On Thu, 2005-11-10 at 12:49 +0000, Brian Candler wrote:
> On Wed, Nov 09, 2005 at 02:06:28PM +0100, Jon Otterholm wrote:
> > I want to create a bridge-interface (if_bridge) with a bunch (500+) of
> > sub-interfaces (vlan) as members. All members of the bridge should be
> > able to "talk" to each other but MAC-addresses must be isolated to their
> > "own" vlan.
>
> That doesn't really make any sense to me, can you give a concrete example of
> how it should behave? And/or a higher-level description of what it is you're
> actually trying to achieve?
>
> Note that if the VLANs are *bridged* together then:
> (1) they form a single broadcast domain. A broadcast packet on any one VLAN
> will be forwarded to all other VLANs
> (2) a unicast packet to MAC address XX:XX:XX:XX:XX:XX will be forwarded only
> to the VLAN which has that node, as long as the forwarding table knows
> where it is (if not, it will be forwarded to all VLANs)
>
> So bridging VLANs really just collapses them back into a single LAN, which
> means you shouldn't have set up any VLANs in the first place :-(
More information about the freebsd-net
mailing list