enabling if_bridge STP
Nikos Vassiliadis
nvass at teledomenet.gr
Thu Dec 6 05:20:59 PST 2007
On Thursday 06 December 2007 13:31:38 Silver Salonen wrote:
> On Thursday 06 December 2007 13:21, Nikos Vassiliadis wrote:
> > On Thursday 06 December 2007 12:20:18 Atrox wrote:
> > > Well, as I understand, in my case, STP should be enabled mainly on
> > > TAP-interfaces as it would eliminate the scenario where, for an
> > > example, ARP-requests from 192.168.1.1 for 192.168.3.1 reach
> > > 192.168.2.1. Have I understood it correctly?
> >
> > It sounds like you want to isolate the ethernets, not bridge them.
> > Bridging is not what you need, if I have understood correctly.
> >
> > You want to keep ARP and broadcasts to the relevant boxes, right?
> > You have to use VLANs on your switch to achieve this, not bridging.
>
> Actually the final target is to connect all the 3 LANs over VPN, so that
> they can browse eachother networks etc. When I did it, I could see
> duplicate packets looping through all bridges, so I thought I'd bring in
> STP. That's what it's for, right?
Not really, STP must be used/needed in a dynamic environment to
eliminate loops. Your environment doesn't seem dynamic to me. You
can create a loop-free topology like this:
http://users.teledomenet.gr/nvass/topology.png
1) 10.0.0.0/24 is the shared network.
2) bridge1 bridges eth0 and tap0 which is the VPN to the root-bridge.
3) bridge2 bridges eth0 and tap0 which is the VPN to the root-bridge.
4) root-bridge bridges eth0, tap0 and tap1.
If you want STP, which you shouldn't normally using this topology,
increase root-bridge's priority manually, in order to win the elections
and be the root bridge.
Note that the external interfaces are not participating in the bridge.
HTH, Nikos
More information about the freebsd-questions
mailing list