[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1054642: Failing ARP relay from external -> Linux bridge -> veth port --> NS veth port

Hi Peter,

On Mon, Nov 13, 2023 at 09:40:46AM +0000, peter.gasparovic@orange.com wrote:
> In the meantime, I was stubborn to find a solution to what I need in
> order to progress and MACVLAN tech actually delivered it (private mode
> enough),

I used to love macvlan too but now I do L3 instead ;P

> something newer than VETH tech what I could read about, and it's
> just perfect avoiding bridge itself. So no problem to cooperate on this
> fix, I will be glad, just it can get lower priority on your side if you
> even attributed it some 😊

I'd be happy to still track this bug down but I need you to investigate the
behaviour in your environment. If you've torn down the lab already we can
also just call it quits.

If you do want to continue some questions are still pending, see quoted below.

> On Mon, Oct 30, 2023 at 07:25:38PM +0000, peter.gasparovic@orange.com wrote:
> > 1) As was reported, foreign external world MAC@ does not pass into 
> > network namespace, just external border point "vlan199"
> 
> How did you check this?
>
> > 2) now collecting data for you, honestly I don’t see external mac 
> > address on "inet-br" object, so my previous statement was incorrect.. 
> > {ossibly I might mixed this up with another "labinet-br" (working in 
> > its limited
> > scope) which is IP-defined, while "inet-br" in question is not.
> >
> > 3) so question is, if the MACs learnt via vlan199 are supposed to be 
> > paired (displayed) with "inet-br" object and all way up into NS....
> 
> I want to make sure we're on the same page, how do you check if the MAC is reaching into the NS? I assume using `ip neigh`? I'd have a look at tcpdump this will tell you whether ARP is even reaching the NS or not.
> 
> Something simple like
> 
>     $ tcpdump -enli $IFACE 'arp or icmp'
> 
> optionally you can filter by MAC (`ether host` in pcap-filter speak):
> 
>     $ tcpdump -enli $IFACE ('arp or icmp) and ether host aa:00:00:00:00:01
> 
> Oh and one last thing: please double and tripple check that a firewall isn't interfering.

--Daniel

Attachment: signature.asc
Description: PGP signature

Reply to: