Web lists-archives.com

Re: Debian bridge with one VLAN iface - after upgrade from Deb 8 to 9 tc filters are bypassed for VLAN traffic?


thank you.

kaskada@xxxxxxxx wrote:

> This setup worked smoothly for years until I upgraded Debian 8 do Debian 9
> (which I didn`t like to do but I had to, lets say). And now, in Debian 9
> only customer traffic which is not TAGged can reach tc filters and than is
> properly send to appropriate tc class and shaped. BUT traffic with TAG 500
> bypasses tc filters which means it goes just to tc default class (which is
> not good) - yes TAGget traffic is not terminated, just is not passing tc
> filters

Very confusing statement - is tagged traffic terminated or not? If you
configure VLAN on the interface you terminate. 

I`m sorry, I used wrong words. Yes, VLAN is terminated on that eth1.500 interface. I meant that traffic in VLAN is not "DROPped" when passing the bridge/whole Debian server. It is just unTAGged and not going to tc filters. 

None of interfaces including eth1.500 VLAN iface have IP/mask settings on them. All interfaces are just bridged together. The ony IP settings is set on the bridge just for management purposes, not for routing/terminating  customers traffic. It is just pure bridge with traffic shaper. In fact it is very simple configuration.

> I guess I have to turn on some 0/1"switch" somewhere in the Debian 9...
> But please, do you know which switch?

In stretch the naming of the interfaces changed and systemd also. I would
firstly eliminate both for the sake of simplicity.

I`ve upgraded Debian using:

apt-get update

apt-get upgrade

apt-get dist-upgrade

and so on... procedure. So names of interfaces remained the same, all other parts of the "shaping system" which need to know interface names works fine.

Could systemd really be connected to this issue?


Then go through


Yes, I`ll check it. There must by some change in some part of the system between Debian 8 and 9. 


Unfortunately I do not have the honor to use vlans on bridged interfaces
with debian and TC - means you have some firewall/router.


Best regards Pep.