关于linux:Linux-Bridge-vlan-filtering

linux网桥反对vlan filtering过滤性能后，咱们不仔再须要通过子接口的模式进行vlan划分，简化了vlan配置。

1. bridge vlan阐明

man bridge能够理解到，linux通过如下命令进行vlan filtering的配置：

bridge vlan { add | del } dev DEV vid VID [ pvid ] [ untagged ] [ self ] [ master ]

选项阐明：

pvid：端口的默认vlan，所有从该端口输出的没有携带vlan的报文，会被打上该vlan标签，该选项只对输出报文无效。

untagged：端口的untag vlan，输入报文携带该vlan时，会被剥离。

个别状况下pvid和untagged是同时应用的，对应于cisco的switchport trunk native vlan

self

master

这两个选项在帮忙手册上是这么解释的：

self   the vlan is configured on the specified physical device. Required if the device is the bridge device.master the vlan is configured on the software bridge (default).

我的了解是：self示意该vlan是增加再bridge设施上的，而且给桥增加vlan时必须且只能携带该选项，否则会报错：

ubuntu@VM-126-137-ubuntu:~$ sudo ip link add Bridge up type bridge vlan_filtering 1ubuntu@VM-126-137-ubuntu:~/bgp-lab$ sudo bridge vlan add vid 100 dev Bridge selfubuntu@VM-126-137-ubuntu:~/bgp-lab$ ubuntu@VM-126-137-ubuntu:~/$ sudo bridge vlan add vid 100 dev Bridge masterRTNETLINK answers: Operation not supportedubuntu@VM-126-137-ubuntu:~/$ sudo bridge vlan add vid 100 dev Bridge RTNETLINK answers: Operation not supportedubuntu@VM-126-137-ubuntu:~/$ 

master示意该vlan是增加再bridge的端口设施上的，该选项是默认的，给桥上的端口增加vlan时能够不指定该参数。

ubuntu@ubuntu:~/$ sudo ip link del Bridgeubuntu@ubuntu:~/$ sudo ip link add Bridge up type bridge vlan_filtering 1ubuntu@ubuntu:~/$ sudo ip link set eth1 master Bridgeubuntu@ubuntu:~/$ sudo bridge vlan add vid 100 dev Bridge selfubuntu@ubuntu:~/$ sudo bridge vlan add vid 100 dev eth1 ubuntu@ubuntu:~/$ sudo bridge vlan add vid 100 dev eth1 masterubuntu@ubuntu:~/$ ubuntu@ubuntu:~/$ sudo bridge vlan add vid 100 dev eth1 selfRTNETLINK answers: Operation not supportedubuntu@ubuntu:~/$ ubuntu@ubuntu:~/$ sudo bridge vlan showport    vlan idseth1         1 PVID Egress Untagged         100Bridge   1 PVID Egress Untagged         100ubuntu@ubuntu:~/$ 

增加桥时，默认会以 pvid untagged模式增加的默认vlan 1中，很多厂商会把vlan 1作为保留vlan，不容许用户配置。

ubuntu@ubuntu:~/$ sudo ip link del Bridgeubuntu@ubuntu:~/$ sudo bridge vlan showport    vlan idsubuntu@ubuntu:~/$ sudo ip link add Bridge up type bridge vlan_filtering 1ubuntu@ubuntu:~/$ sudo bridge vlan showport    vlan idsBridge   1 PVID Egress Untaggedubuntu@ubuntu:~/$ 

端口退出桥时，也会默认以 pvid untagged模式增加的默认vlan 1中，

ubuntu@ubuntu:~/$ sudo ip link del Bridgeubuntu@ubuntu:~/$ sudo ip link add Bridge up type bridge vlan_filtering 1ubuntu@ubuntu:~/$ sudo ip link set eth1 master Bridgeubuntu@ubuntu:~/$ sudo bridge vlan showport    vlan idseth1         1 PVID Egress UntaggedBridge   1 PVID Egress Untaggedubuntu@ubuntu:~/$ 

也能够删除默认vlan 1

ubuntu@ubuntu:~/$ sudo bridge vlan del vid 1 dev enp4s0f0 masterubuntu@ubuntu:~/$ sudo bridge vlan showport    vlan idsenp129s0f0np0enp129s0f1np1enp4s0f0         100Bridge   1 PVID Egress Untagged         100ubuntu@ubuntu:~/$ sudo bridge vlan del vid 1 dev Bridge selfubuntu@ubuntu:~/$ sudo bridge vlan showport    vlan idsenp4s0f0         100Bridge   100ubuntu@ubuntu:~/$ 

2.试验

2.1 ubuntu配置

ubuntu@ubuntu:~/$ sudo ip link add Bridge up type bridge vlan_filtering 1ubuntu@ubuntu:~/$ sudo ip link set eth1 master Bridgeubuntu@ubuntu:~/$ sudo bridge vlan add vid 100 dev Bridge selfubuntu@ubuntu:~/$ sudo bridge vlan add vid 100 dev eth1 masterubuntu@ubuntu:~/$ sudo ip link add link Bridge name Vlan100 up type vlan id 100 ubuntu@ubuntu:~/$ sudo ip addr add 10.0.2.1/24 dev Vlan100ubuntu@ubuntu:~/$ sudo bridge vlan showport    vlan idseth1         1 PVID Egress Untagged         100Bridge   1 PVID Egress Untagged         100ubuntu@ubuntu:~/$ 

2.2 交换机配置

SWITCH# exitSWITCH> enable SWITCH# show vlan+-----------+--------------+---------+----------------+-----------------------+| VLAN ID   | IP Address   | Ports   | Port Tagging   | DHCP Helper Address   |+===========+==============+=========+================+=======================++-----------+--------------+---------+----------------+-----------------------+SWITCH# configure terminal SWITCH(config)# vlan 100SWITCH(config)# interface eth25GE 47SWITCH(config-if)# switchport mode access  trunk   SWITCH(config-if)# switchport mode trunk SWITCH(config-if)# switchport trunk allowd vlan add 100SWITCH(config-if)# exitSWITCH(config)# interface vlan 100SWITCH(config-if)# ip address 10.0.2.2/24Add Vlan100 into default VRFSWITCH(config-if)# 

2.3 互ping

SWITCH(config-if)# do ping 10.0.2.1PING 10.0.2.1 (10.0.2.1) 56(84) bytes of data.64 bytes from 10.0.2.1: icmp_seq=1 ttl=64 time=0.196 ms64 bytes from 10.0.2.1: icmp_seq=2 ttl=64 time=0.219 ms64 bytes from 10.0.2.1: icmp_seq=3 ttl=64 time=0.150 ms^CSWITCH(config-if)# --- 10.0.2.1 ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 2032msrtt min/avg/max/mdev = 0.150/0.188/0.219/0.030 msSWITCH(config-if)# ubuntu@ubuntu:~/$ ping 10.0.2.2PING 10.0.2.2 (10.0.2.2) 56(84) bytes of data.64 bytes from 10.0.2.2: icmp_seq=1 ttl=64 time=0.308 ms64 bytes from 10.0.2.2: icmp_seq=2 ttl=64 time=0.245 ms64 bytes from 10.0.2.2: icmp_seq=3 ttl=64 time=0.262 ms^C--- 10.0.2.2 ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 2031msrtt min/avg/max/mdev = 0.245/0.271/0.308/0.032 msubuntu@ubuntu:~/$