分类: BSD
2008-11-29 15:43:55
hello,please give me a detail description about your system...
like your system type and version、your purpose、your network topology and so on.
now,i don't konw where your problem is.(I suppose that you use vmware and actual NIC to do some trial)
Hello Zhang Meng,
My JUNOS is 8.5R.14.
I have 2 external inerface interfaces, one is Marvell Yukon 88E8036 PCI-E and the other is ASIX AX88772 USB2.0 to Fast Ethernet Adaprter.
Well, in the same router i create 2 Logical-Routers using EM1 and EM2, see config below.
[edit interfaces]
root# show
em0 { unit 0 { family inet {address 10.39.203.2/24;
}
}
}
em1 {vlan-tagging;
}
em2 {vlan-tagging;
}
root# show logical-routers
Router01_01 { interfaces { em1 { unit 111 {vlan-id 111;
family inet {address 10.70.70.1/24;
}
}
}
}
}
Router01_02 { interfaces { em2 { unit 112 {vlan-id 111;
family inet {address 10.70.70.2/24;
}
}
}
}
}
The EM1 use USB external interface and EM2 use the Marvell interface.
Put all interfaces in a hub and i captured the packets.
This capture i can see with Wireshark dosn't have any VLAN Header, but when i capture the interface Marvell for example, in the same machine that running VMware i can see the TAG.
In the Sample below, i capture the packet using the Monitor from JUNIPER, and you can see the VLAN-Id, see:
root> monitor traffic interface em1 extensive
Address resolution is ON. Useto avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on em1, capture size 1514 bytes
13:15:58.211380 Out
Juniper PCAP Flags [Ext], PCAP Extension(s) total length 22
Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
Device Interface Index Extension TLV #1, length 2, value: 9
Logical Interface Index Extension TLV #4, length 4, value: 71Logical Unit Number Extension TLV #5, length 4, value: 111
-----original packet-----
Reverse lookup for 10.70.70.2 failed (check DNS reachability).
Other reverse lookup failures will not be reported.
Useto avoid reverse lookups on IP addresses.
0:c:29:ea:15:b7 > Broadcast, ethertype 802.1Q (0x8100), length 46: vlan 111, p 0, ethertype ARP, arp who-has 10.70.70.2 tell 10.70.70.1
13:15:58.211455 In
The packet bellow, i captured the other interface, with receive the ICMP, see the form of this packet arrive.
root> monitor traffic interface em2 extensive
Address resolution is ON. Useto avoid any reverse lookup delay.
Address resolution timeout is 4s.
Listening on em2, capture size 1514 bytes
13:18:59.244839 In
Juniper PCAP Flags [Ext, In], PCAP Extension(s) total length 22
Device Media Type Extension TLV #3, length 1, value: Ethernet (1)
Logical Interface Encapsulation Extension TLV #6, length 1, value: Ethernet (14)
Device Interface Index Extension TLV #1, length 2, value: 129Logical Interface Index Extension TLV #4, length 4, value: 73 Logical Unit Number Extension TLV #5, length 4, value: 112
-----original packet-----
Reverse lookup for 10.70.70.2 failed (check DNS reachability).
Other reverse lookup failures will not be reported.
Useto avoid reverse lookups on IP addresses.
0:c:29:ea:15:b7 > Broadcast, ethertype ARP (0x0806), length 60: arp who-has 10.70.70.2 tell 10.70.70.1
You can see this ARP packet don't have any TAG.
My VMWare is 6.0.1 Build-55017.
Best Regards,
Hello Netto
You don't understand VLAN very well.
You should know that only layer 2 or upper devices support VLAN(like a switch or a router).
A network adapter is actually a device working on physical layer ,so it doesn't support VLAN.
Of course ,there're some types of network adapters spport VLAN,list as followes:
Realtek 8139
Intel PRO/100
Intel PRO1000 server adapter
National Semiconductor DP83816 based cards (RouterBOARD200 onboard Ethernet, RouterBOARD 24 card)
National Semiconductor DP83815 (Soekris onboard Ethernet)
VIA VT6105M based cards (RouterBOARD 44 card)
VIA VT6105
VIA VT6102 (VIA EPIA onboard Ethernet)
Even some network adapters support Trunk mode of VLAN,but it's unusual.
Now,your problem is clear.It's probbaly that your network adapters don't support VLAN.
Why the interfaces in the vmware machine support VLAN?
The reason is you have configured the logical router 01_01 with em1 and the logical router 02_02 with em2,
so ,actually the virtual interfaces are belong to a router(a layer 3 device),so they support VLAN.
When the arp query packet start from em1.111 ,it has vlan-tag(tagged by the logical router 01_01),
and then it received by a virtual switch which is generated by vmware machine.
The virtual switch received the packet and thinked that:it belongs to VLAN 111 but the other terminal is
a network adapter which doesn't support VLAN,so,the virtual switch removed the tagging from the arp query
packet and sended it to your USB external interface.
then,the arp query packet keep on going to the hub,your Marvell interface,and last arrived at em2 and be captured.
it didn't has vlan-tag!
Now,do you understand?
Hello Zhang Meng,
I understand what do you talking about, and i understand about this interface problem.
The interesting is i use Checkpoint R.65 SPLAT 2 with VLANs in my VMWare using the same interface and working fine, i saw all TAGs in my packets.
I have others interfaces cards here and i will make a test. The result of this test i will post very soon.
Best Regards,
计算机一般不支持VLAN,不过有些网卡也能够支持。也就是说,计算机发送出
去的数据包的以太网祯头不包含这vlan标记,同时也无法识别这个标记。在交换机
中的报文转发过程中802.1Q报文标识了报文所属的VLAN。在跨越交换机的报文中
带有VLAN标签信息的报文尤其显得重要。例如:定义交换机中的2端口属于VLAN
10, 且该端口为Acess类型,即没有设置成Trunk口。当这个2 端口接收到一个
数据报文后,交换机会查看该报文中没有802.1Q标签,我们假定它刚从一台计算
机上发出来,所以现在没有标签,那么交换机根据2端口属于VLAN 10, 自动给
该数据包添加一个VLAN10的标签头,然后再将数据包交给数据库查询模块,数据
库查询模块会根据数据包的目的地址和所属的VLAN进行查找,之后交给转发模块,
转发模块看到这是一个包含标签头的数据包,根据报文的出端口的性质来决定是否
保留还是去掉标签头。如果端口是Trunk端口则保留标签,否则,则删除标签头。
一般情况下两个交换机或交换机与路由器的连接端口都是Trunk端口,所以在它们
之间交换数据包时是没有必要去掉标签的。
