Cant make untagged VLAN to work with bridge (br0) and vrf

Apachez · October 31, 2023, 1:31am

The more I look at this the more Im getting convinced that something is broken with the bridge.py, but it would be handy if there is somebody else in this forum that could verify this?

It seems like its this code who will actually create the bridge in the Linux kernel:

github.com

vyos/vyos-1x/blob/current/python/vyos/ifconfig/bridge.py

# Copyright 2019-2021 VyOS maintainers and contributors <maintainers@vyos.io>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library.  If not, see <http://www.gnu.org/licenses/>.

from netifaces import interfaces
import json

from vyos.ifconfig.interface import Interface
from vyos.utils.assertion import assert_boolean

This file has been truncated. show original

Examining this file the following commands shows up (searching for “cmd”):

add_port:
ip link set dev {value} master {ifname}

del_port:
ip link set dev {value} nomaster

add_vlan:
bridge vlan add dev {self.ifname} vid {vlan} self

del_vlan:
bridge vlan del dev {self.ifname} vid {vlan} self

add_vlan_1:
bridge vlan add dev {self.ifname} vid 1 pvid untagged self

add_vlan?:
bridge vlan add dev {interface} vid {vlan} master

add_native-vlan?:
bridge vlan add dev {interface} vid {native_vlan_id} pvid untagged master

del_vlan?:
bridge vlan del dev {interface} vid {vlan} master

And thats it?

Not a word about vrf?

Why is the add_vlan_1 stuff going on in the “def set_vlan_filter(self, state):” function?

Looking at posts such as:

Linux: Why is ARP not answered via VLAN Bridge - Server Fault and
(Vlan-aware) Bridges on Linux – SDN Clinic
linux - What are "self" and "master" options for in "bridge vlan add"? - Unix & Linux Stack Exchange
bridge(8) — iproute2 — Debian bookworm — Debian Manpages

among others the syntax is slightly different.

As it seems that this would be the proper(?) way to do it?

# Create bridge with "enable_vlan"
ip link add br0 type bridge vlan_filtering 1
ip link set br0 up

# Add vlan
bridge vlan add dev br0 vid 100 self
bridge vlan add dev br0 vid 110 self
bridge vlan add dev br0 vid 120 self
bridge vlan add dev br0 vid 200 self
bridge vlan add dev br0 vid 210 self
bridge vlan add dev br0 vid 220 self

# Add member interface
ip link set eth1 master br0
ip link set eth2 master br0

# Delete default vlan from member interface
bridge vlan del dev eth1 vid 1
bridge vlan del dev eth2 vid 1

# Add vlan to member interface
bridge vlan add dev eth1 vid 100 pvid untagged master
bridge vlan add dev eth1 vid 110 master
bridge vlan add dev eth1 vid 120 master
bridge vlan add dev eth2 vid 200 pvid untagged master
bridge vlan add dev eth2 vid 210 master
bridge vlan add dev eth2 vid 220 master

# Show result
bridge vlan show