Bug#1054642: Failing ARP relay from external -> Linux bridge -> veth port --> NS veth port

To: Daniel Gröber <dxld@darkboxed.org>
Cc: "1054642@bugs.debian.org" <1054642@bugs.debian.org>
Subject: Bug#1054642: Failing ARP relay from external -> Linux bridge -> veth port --> NS veth port
From: peter.gasparovic@orange.com
Date: Mon, 30 Oct 2023 19:25:38 +0000
Message-id: <[🔎] DBBPR02MB104631FECC13D25BFCB1CABB1F8A1A@DBBPR02MB10463.eurprd02.prod.outlook.com>
Reply-to: peter.gasparovic@orange.com, 1054642@bugs.debian.org
In-reply-to: <[🔎] 20231030120356.smokk33zd2r5feli@House.clients.dxld.at>
References: <DBBPR02MB1046348F8268D662710176873F8DDA@DBBPR02MB10463.eurprd02.prod.outlook.com> <[🔎] DBBPR02MB10463E41F1FBB24DC724E7D9CF8DCA@DBBPR02MB10463.eurprd02.prod.outlook.com> <[🔎] CAMw=ZnRkU34c4TjhtnkgpRukO-2ppnOCmSAMMha0TuCKPgopag@mail.gmail.com> <[🔎] DBBPR02MB10463E41F1FBB24DC724E7D9CF8DCA@DBBPR02MB10463.eurprd02.prod.outlook.com> <[🔎] DBBPR02MB104635EE117EAC46B83EA99AEF8DCA@DBBPR02MB10463.eurprd02.prod.outlook.com> <[🔎] 20231029104653.e5h4jeaka2cz7mb7@House.clients.dxld.at> <[🔎] DBBPR02MB10463AB9D212DCA62288CF79FF8A1A@DBBPR02MB10463.eurprd02.prod.outlook.com> <[🔎] 20231030120356.smokk33zd2r5feli@House.clients.dxld.at> <[🔎] DBBPR02MB10463E41F1FBB24DC724E7D9CF8DCA@DBBPR02MB10463.eurprd02.prod.outlook.com>

Hi Daniel, 
Definitely I can't do any script at the moment, so manual steps could be enough I hope so.

1) As was reported, foreign external world MAC@ does not pass into network namespace, just external border point "vlan199"
2) now collecting data for you, honestly I don’t see external mac address on "inet-br" object, so my previous statement was incorrect.. {ossibly I might mixed this up with another "labinet-br" (working in its limited scope) which is IP-defined, while "inet-br" in question is not.
3) so question is, if the MACs learnt via vlan199 are supposed to be paired (displayed) with "inet-br" object and all way up into NS....
4) I collected all into text file. If this is problem, then I paste it here.

Thanks, BR
Peter

-----Original Message-----
From: Daniel Gröber <dxld@darkboxed.org> 
Sent: pondelok 30. októbra 2023 13:04
To: GASPAROVIC Peter OBS/MKT <peter.gasparovic@orange.com>
Cc: 1054642@bugs.debian.org
Subject: Re: Bug#1054642: Failing ARP relay from external -> Linux bridge -> veth port --> NS veth port

Hi Peter,

On Mon, Oct 30, 2023 at 10:43:39AM +0000, peter.gasparovic@orange.com wrote:
> Would it be possible to join a Webex session setup by me to check this 
> out quickly? It's all lab environment.

I don't think that would help with reproducing your environment in this case, besides I only offer synchronous debugging sessions for paid consulting engagements.

> If not I will proceed per your instructions

Please do.

--Daniel
____________________________________________________________________________________________________________
Ce message et ses pieces jointes peuvent contenir des informations confidentielles ou privilegiees et ne doivent donc
pas etre diffuses, exploites ou copies sans autorisation. Si vous avez recu ce message par erreur, veuillez le signaler
a l'expediteur et le detruire ainsi que les pieces jointes. Les messages electroniques etant susceptibles d'alteration,
Orange decline toute responsabilite si ce message a ete altere, deforme ou falsifie. Merci.

This message and its attachments may contain confidential or privileged information that may be protected by law;
they should not be distributed, used or copied without authorisation.
If you have received this email in error, please notify the sender and delete this message and its attachments.
As emails may be altered, Orange is not liable for messages that have been modified, changed or falsified.
Thank you.

peterg@debian:~$
peterg@debian:~$
peterg@debian:~$
peterg@debian:~$ ip -d addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 promiscuity 0 minmtu 0 maxmtu 0 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max
_segs 65535
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: ens161: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9000 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:01:01:04 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 60 maxmtu 9000 numtxqueues 2 numrxqueues 2 gso_max_size 65536 gso_ma
x_segs 65535
    inet6 fe80::250:56ff:fe01:104/64 scope link
       valid_lft forever preferred_lft forever
3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:01:01:01 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 60 maxmtu 9000 numtxqueues 2 numrxqueues 2 gso_max_size 65536 gso_ma
x_segs 65535
    inet 172.31.254.50/28 scope global ens192
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fe01:101/64 scope link
       valid_lft forever preferred_lft forever
4: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:01:01:02 brd ff:ff:ff:ff:ff:ff promiscuity 2 minmtu 60 maxmtu 9000 numtxqueues 2 numrxqueues 2 gso_max_size 65536 gso_ma
x_segs 65535
    inet6 fe80::250:56ff:fe01:102/64 scope link
       valid_lft forever preferred_lft forever
5: ens256: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:01:01:03 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 60 maxmtu 9000 numtxqueues 2 numrxqueues 2 gso_max_size 65536 gso_ma
x_segs 65535
    inet6 fe80::250:56ff:fe01:103/64 scope link
       valid_lft forever preferred_lft forever
6: vlan11@ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:50:56:01:01:02 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 0 maxmtu 65535
    vlan protocol 802.1Q id 11 <REORDER_HDR> numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
    inet 192.168.255.254/24 brd 192.168.255.255 scope global vlan11
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fe01:102/64 scope link
       valid_lft forever preferred_lft forever
20: vlan77@ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master labinet-br state UP group default qlen 1000
    link/ether 00:50:56:01:01:02 brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 0 maxmtu 65535
    vlan protocol 802.1Q id 77 <REORDER_HDR>
    bridge_slave state forwarding priority 32 cost 2 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8001 port
_no 0x1 designated_port 32769 designated_cost 0 designated_bridge 8000.0:50:56:1:1:2 designated_root 8000.0:50:56:1:1:2 hold_timer    0.00 messa
ge_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fa
st_leave off mcast_flood on neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off numtxqueues 1 numrxqueues 1
gso_max_size 65536 gso_max_segs 65535
    inet6 fe80::250:56ff:fe01:102/64 scope link
       valid_lft forever preferred_lft forever
21: labinet-br: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:50:56:01:01:02 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 65535
    bridge forward_delay 1500 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32768 vlan_filtering 0 vlan_protocol 802.1Q bri
dge_id 8000.0:50:56:1:1:2 designated_root 8000.0:50:56:1:1:2 root_port 0 root_path_cost 0 topology_change 0 topology_change_detected 0 hello_tim
er    0.00 tcn_timer    0.00 topology_change_timer    0.00 gc_timer  196.64 vlan_default_pvid 1 vlan_stats_enabled 0 group_fwd_mask 0 group_addr
ess 01:80:c2:00:00:00 mcast_snooping 1 mcast_router 1 mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 4 mcast_hash_max 512 mcast_
last_member_count 2 mcast_startup_query_count 2 mcast_last_member_interval 100 mcast_membership_interval 26000 mcast_querier_interval 25500 mcas
t_query_interval 12500 mcast_query_response_interval 1000 mcast_startup_query_interval 3124 mcast_stats_enabled 0 mcast_igmp_version 2 mcast_mld
_version 1 nf_call_iptables 0 nf_call_ip6tables 0 nf_call_arptables 0 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
    inet 172.16.255.7/24 brd 172.16.255.255 scope global labinet-br
       valid_lft forever preferred_lft forever
    inet6 fe80::1049:31ff:fea6:ceb4/64 scope link
       valid_lft forever preferred_lft forever
22: inet-br: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:50:56:01:01:02 brd ff:ff:ff:ff:ff:ff promiscuity 0 minmtu 68 maxmtu 65535
    bridge forward_delay 1500 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32768 vlan_filtering 0 vlan_protocol 802.1Q bri
dge_id 8000.0:50:56:1:1:2 designated_root 8000.0:50:56:1:1:2 root_port 0 root_path_cost 0 topology_change 0 topology_change_detected 0 hello_tim
er    0.00 tcn_timer    0.00 topology_change_timer    0.00 gc_timer  172.03 vlan_default_pvid 1 vlan_stats_enabled 0 group_fwd_mask 0 group_addr
ess 01:80:c2:00:00:00 mcast_snooping 1 mcast_router 1 mcast_query_use_ifaddr 0 mcast_querier 0 mcast_hash_elasticity 4 mcast_hash_max 512 mcast_
last_member_count 2 mcast_startup_query_count 2 mcast_last_member_interval 100 mcast_membership_interval 26000 mcast_querier_interval 25500 mcas
t_query_interval 12500 mcast_query_response_interval 1000 mcast_startup_query_interval 3124 mcast_stats_enabled 0 mcast_igmp_version 2 mcast_mld
_version 1 nf_call_iptables 0 nf_call_ip6tables 0 nf_call_arptables 0 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
    inet6 fe80::38de:53ff:fe89:a5a6/64 scope link
       valid_lft forever preferred_lft forever
23: vlan199@ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master inet-br state UP group default qlen 1000
    link/ether 00:50:56:01:01:02 brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 0 maxmtu 65535
    vlan protocol 802.1Q id 199 <REORDER_HDR>
    bridge_slave state forwarding priority 32 cost 2 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8001 port
_no 0x1 designated_port 32769 designated_cost 0 designated_bridge 8000.0:50:56:1:1:2 designated_root 8000.0:50:56:1:1:2 hold_timer    0.00 messa
ge_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fa
st_leave off mcast_flood on neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off numtxqueues 1 numrxqueues 1
gso_max_size 65536 gso_max_segs 65535
    inet6 fe80::250:56ff:fe01:102/64 scope link
       valid_lft forever preferred_lft forever
25: vinet-br@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master inet-br state UP group default qlen 1000
    link/ether b2:cf:e5:36:d8:b0 brd ff:ff:ff:ff:ff:ff link-netns inet promiscuity 1 minmtu 68 maxmtu 65535
    veth
    bridge_slave state forwarding priority 32 cost 2 hairpin off guard off root_block off fastleave off learning on flood on port_id 0x8002 port
_no 0x2 designated_port 32770 designated_cost 0 designated_bridge 8000.0:50:56:1:1:2 designated_root 8000.0:50:56:1:1:2 hold_timer    0.00 messa
ge_age_timer    0.00 forward_delay_timer    0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fa
st_leave off mcast_flood on neigh_suppress off group_fwd_mask 0 group_fwd_mask_str 0x0 vlan_tunnel off isolated off numtxqueues 1 numrxqueues 1
gso_max_size 65536 gso_max_segs 65535
    inet6 fe80::b0cf:e5ff:fe36:d8b0/64 scope link
       valid_lft forever preferred_lft forever
peterg@debian:~$
peterg@debian:~$
peterg@debian:~$
peterg@debian:~$ ip -n inet -d addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 promiscuity 0 minmtu 0 maxmtu 0 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max
_segs 65535
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
24: vinet@if25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 12:71:5e:82:63:5e brd ff:ff:ff:ff:ff:ff link-netnsid 0 promiscuity 0 minmtu 68 maxmtu 65535
    veth numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
    inet 70.0.0.254/24 brd 70.0.0.255 scope global vinet
       valid_lft forever preferred_lft forever
    inet6 fe80::1071:5eff:fe82:635e/64 scope link
       valid_lft forever preferred_lft forever
peterg@debian:~$
peterg@debian:~$
peterg@debian:~$
peterg@debian:~$ bridge -d link
20: vlan77@ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master labinet-br state forwarding priority 32 cost 2
    hairpin off guard off root_block off fastleave off learning on flood on mcast_flood on neigh_suppress off vlan_tunnel off isolated off vlan7
7
21: labinet-br: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master labinet-br labinet-br
22: inet-br: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master inet-br inet-br
23: vlan199@ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master inet-br state forwarding priority 32 cost 2
    hairpin off guard off root_block off fastleave off learning on flood on mcast_flood on neigh_suppress off vlan_tunnel off isolated off vlan1
99
25: vinet-br@if24: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master inet-br state forwarding priority 32 cost 2
    hairpin off guard off root_block off fastleave off learning on flood on mcast_flood on neigh_suppress off vlan_tunnel off isolated off vinet
-br

peterg@debian:~$
peterg@debian:~$
peterg@debian:~$ bridge fdb
33:33:00:00:00:01 dev ens161 self permanent
01:00:5e:00:00:01 dev ens161 self permanent
33:33:ff:01:01:04 dev ens161 self permanent
33:33:00:00:00:fb dev ens161 self permanent
33:33:00:00:00:01 dev ens192 self permanent
01:00:5e:00:00:01 dev ens192 self permanent
33:33:ff:01:01:01 dev ens192 self permanent
01:00:5e:00:00:fb dev ens192 self permanent
33:33:00:00:00:fb dev ens192 self permanent
33:33:00:00:00:01 dev ens224 self permanent
01:00:5e:00:00:01 dev ens224 self permanent
33:33:ff:01:01:02 dev ens224 self permanent
01:80:c2:00:00:21 dev ens224 self permanent
01:00:5e:00:00:fb dev ens224 self permanent
33:33:00:00:00:fb dev ens224 self permanent
33:33:00:00:00:01 dev ens256 self permanent
01:00:5e:00:00:01 dev ens256 self permanent
33:33:ff:01:01:03 dev ens256 self permanent
01:80:c2:00:00:21 dev ens256 self permanent
33:33:00:00:00:fb dev ens256 self permanent
33:33:00:00:00:01 dev vlan11 self permanent
01:00:5e:00:00:01 dev vlan11 self permanent
33:33:ff:01:01:02 dev vlan11 self permanent
01:00:5e:00:00:fb dev vlan11 self permanent
33:33:00:00:00:fb dev vlan11 self permanent
00:50:56:01:01:03 dev vlan77 master labinet-br
00:50:56:01:02:01 dev vlan77 master labinet-br
00:50:56:99:dd:41 dev vlan77 master labinet-br
00:0c:29:7f:dc:3e dev vlan77 master labinet-br
00:0c:29:bf:0f:37 dev vlan77 master labinet-br
00:0c:29:f9:ba:12 dev vlan77 master labinet-br
4c:77:6d:db:1c:c4 dev vlan77 master labinet-br
00:50:56:01:01:02 dev vlan77 vlan 1 master labinet-br permanent
00:50:56:01:01:02 dev vlan77 master labinet-br permanent
33:33:00:00:00:01 dev vlan77 self permanent
01:00:5e:00:00:01 dev vlan77 self permanent
33:33:ff:01:01:02 dev vlan77 self permanent
33:33:00:00:00:fb dev vlan77 self permanent
33:33:00:00:00:01 dev labinet-br self permanent
01:00:5e:00:00:01 dev labinet-br self permanent
33:33:ff:a6:ce:b4 dev labinet-br self permanent
01:00:5e:00:00:fb dev labinet-br self permanent
33:33:00:00:00:fb dev labinet-br self permanent
33:33:00:00:00:01 dev inet-br self permanent
01:00:5e:00:00:01 dev inet-br self permanent
33:33:ff:89:a5:a6 dev inet-br self permanent
33:33:00:00:00:fb dev inet-br self permanent
00:50:56:01:00:53 dev vlan199 master inet-br
12:71:5e:82:63:5e dev vlan199 master inet-br
00:50:56:01:00:43 dev vlan199 master inet-br
00:50:56:01:01:02 dev vlan199 vlan 1 master inet-br permanent
00:50:56:01:01:02 dev vlan199 master inet-br permanent
33:33:00:00:00:01 dev vlan199 self permanent
01:00:5e:00:00:01 dev vlan199 self permanent
33:33:ff:01:01:02 dev vlan199 self permanent
33:33:00:00:00:fb dev vlan199 self permanent
b2:cf:e5:36:d8:b0 dev vinet-br vlan 1 master inet-br permanent
b2:cf:e5:36:d8:b0 dev vinet-br master inet-br permanent
33:33:00:00:00:01 dev vinet-br self permanent
01:00:5e:00:00:01 dev vinet-br self permanent
33:33:ff:36:d8:b0 dev vinet-br self permanent
33:33:00:00:00:fb dev vinet-br self permanent
peterg@debian:~$
peterg@debian:~$

	// path is 
external net --> vlan199 --> inet-br --> vinet-br --> vinet ("inet" NS)

	// external MACs
00:50:56:01:00:53 dev vlan199 master inet-br
12:71:5e:82:63:5e dev vlan199 master inet-br
00:50:56:01:00:43 dev vlan199 master inet-br

	// config:
	
ip netns add inet

ip link add name inet-br type bridge
ip link set dev inet-br up

ip link add link ens224 name vlan199 type vlan id 199
ip link set dev vlan199 up
ip link set dev vlan199 master inet-br

ip link add vinet type veth peer name vinet-br
ip link set dev vinet netns inet
ip -n inet link set dev lo up
ip -n inet link set dev vinet up
ip -n inet addr add 70.0.0.254/24 brd + dev vinet
ip -n inet route add default via 70.0.0.253
ip -n inet route add 172.17.0.0/24 via 70.0.0.1

ip link set vinet-br master inet-br
ip link set vinet-br up

Reply to:

References:
- Bug#1054642: Failing ARP relay from external -> Linux bridge -> veth port --> NS veth port
  - From: peter.gasparovic@orange.com
- Bug#1054642: Failing ARP relay from external -> Linux bridge -> veth port --> NS veth port
  - From: Luca Boccassi <bluca@debian.org>
- Bug#1054642: Failing ARP relay from external -> Linux bridge -> veth port --> NS veth port
  - From: peter.gasparovic@orange.com
- Bug#1054642: Failing ARP relay from external -> Linux bridge -> veth port --> NS veth port
  - From: Daniel Gröber <dxld@darkboxed.org>
- Bug#1054642: Failing ARP relay from external -> Linux bridge -> veth port --> NS veth port
  - From: peter.gasparovic@orange.com
- Bug#1054642: Failing ARP relay from external -> Linux bridge -> veth port --> NS veth port
  - From: Daniel Gröber <dxld@darkboxed.org>

Prev by Date: Bug#1055069: please enable SC8280XP sound modules
Next by Date: Bug#1055069: please enable SC8280XP sound modules
Previous by thread: Bug#1054642: Failing ARP relay from external -> Linux bridge -> veth port --> NS veth port
Next by thread: Processed: Re: Bug#1054642: Failing ARP relay from external -> Linux bridge -> veth port --> NS veth port
Index(es):
- Date
- Thread