My setup is:
Vyos on PC with 3 ethernet cards. Eth1 and Eth2 are bridged to “br100” and to them are attached Linux hosts in same subnet 192.168.10.x/24.
Router interface Eth0 is configured with IP address in same subnet as Linux hosts (192.168.10.10).
I can ping from Linux host to another Linux host but I can’t ping from router interface Eth0 to Linux hosts and vice versa.
If I add IP address to bridge "br100’’ in same subnet segmet 192.168.10.x than I’m able to ping from router interface Eth0 to that bridge and also I’m able to ping from Linux hosts to that bridge. I tried also to change IP address of router Eth0 interface and use it from another subnet segment (192.168.20.x) but that doesn’t help.
Still can’t ping from router Eth0 to Linux hosts and vice versa.
You need to configure the router to have an IP address on the same subnet, on the same “physical” layer. This means assign 192.168.10.10 to the bridged interface br100. If you want eth0 to have an IP address in the same subnet as the others, then you will need to add eth0 to the bridge so they are in the same vlan/layer2 domain. The other way is to give the bridged interface it’s own IP address 192.168.10.10 and the eth0 interface a different IP address in a different subnet like 192.168.11.10, then set the default gateway of the linux hosts to 192.168.10.10.
What’s the ultimate goal you are trying to achieve? What you are seeing and what you have described is expected network behavior.
Thank you for your help. I added default gw on linux hosts pointing to bridge br100 which has IP address inside same subnet. Router interface eth0 is in another subnet 192.168.100.x. Now I’m able to ping from linux hosts to router eth0 and vice versa.
Linux hosts have also vxlan interface in third segment 192.168.20.x/24. Their eth0 interfaces are in subnet 192.168.10.x/24. I’m able to ping from linux host vxlan interface to another linux vxlan interface. They are inside same bridge/L2 domain.
On Router I added vxlan interface with same subnet/vni as linux hosts vxlan. That router vxlan interface I’ve linked to router interface eth0 using command “set interface vxlan vxlan0 link eth0”.
Ping from router vxlan interface to linux hosts vxlan interfaces doesn’t work and vice versa.
The very same problem I have when every linux host is in different subnet and hosts are added to different bridges. For example:
eth1 on vyos router is added to bridge “br90” and eth2 to bridge “br80”. Eth1 is for Linux host1, eth2 is for linux host2. Below are IPs:
br80 192.168.80.1, linux host eth 192.168.80.3, linux vxlan eth 192.168.20.23, default gw 192.168.80.1 (br80)
br90 192.168.90.1, linux host eth 192.168.90.4, linux vxlan eth 192.168.20.24, default gw 192.168.90.1 (br90)
I’m able to ping between linux hosts interfaces 192.168.80.3 and 192.168.90.4 but not between linux host vxlan interfaces 192.168.20.23 and 192.168.20.24.
Ultimate goal is to enable Windows host that doesn’t support vxlan to connect with Linux hosts that supports vxlan. Windows host is connected to router eth0. One option is to enable communication between them if they are all on same subnet (L2) and put all interfaces to the same existing bridge br100 and same L2 domain. Another option should be to enable L2 communication between Windows host and Linux hosts through L3 using vxlan. VyOS port eth0 with Windows host connected should be vxlan termination point.
But first I have to solve vxlan connectivity between linux hosts in different L2 domains before to continue with Windows host or it’s the same problem?
I’m still trying to resolve this issue. As I already wrote:
I’m able to ping between linux hosts interfaces 192.168.80.3 and 192.168.90.4 but not between linux host vxlan interfaces 192.168.20.23 and 192.168.20.24.
Tcpdump shows that ARP PING requests are only on first VyOS interface and not forwarded.
It is strange situation since same setup is working on common router and not on VyOS that basically only should forward PING packets on UDP port. It looks like firewall problem but I have never enable it.