On Thu, Jan 7, 2010 at 8:25 PM, Ryan King <span dir="ltr"><<a href="mailto:ryank@staff.globaldial.com">ryank@staff.globaldial.com</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div link="blue" vlink="purple" lang="EN-AU">
<div>
<p class="MsoNormal"><span lang="EN-US">Hi,</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">I am seeing a strange issue with a fairly
simple bridge I have setup (for openvpn in bridge mode).</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">eth0 --- [ openvpn machine (tap0) ] ---
eth1</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">The bridge is between tap0 and eth1 on a
debian machine running on ESX 4. (tap0 being the openvpn tunnel interface). Intermittently,
I see openvpn client MAC addresses on port 2 (eth1). When this happens, their
vpn link stops working, since arp replies are being sent back via the wrong
interface. But after a random amount of time, it will change back to port 1
(tap0) and start working again. Sometimes this is quick, sometimes it doesn't
happen for hours.</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">Anyone else had these issues? I've
searched the archives, and come across several people who seem to have had
similar problems - but haven't found one that has a solution yet.</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">I'd appreciate any suggestions on where I
should start looking to find out why/how these MAC's are being learnt on the
wrong interface...</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">brctl show br0:</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">bridge name bridge id STP
enabled interfaces</span></p>
<p class="MsoNormal"><span lang="EN-US">br0 8000.005056b804c2 no eth1</span></p>
<p class="MsoNormal"><span lang="EN-US"> tap0</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">brctl showstp br0:</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">br0</span></p>
<p class="MsoNormal"><span lang="EN-US"> bridge id 8000.005056b804c2</span></p>
<p class="MsoNormal"><span lang="EN-US"> designated root 8000.005056b804c2</span></p>
<p class="MsoNormal"><span lang="EN-US"> root port 0 path
cost 0</span></p>
<p class="MsoNormal"><span lang="EN-US"> max age
20.00 bridge max age 20.00</span></p>
<p class="MsoNormal"><span lang="EN-US"> hello time
2.00 bridge hello time 2.00</span></p>
<p class="MsoNormal"><span lang="EN-US"> forward delay 5.00 bridge
forward delay 5.00</span></p>
<p class="MsoNormal"><span lang="EN-US"> ageing time 300.01</span></p>
<p class="MsoNormal"><span lang="EN-US"> hello timer 1.19 tcn
timer 0.00</span></p>
<p class="MsoNormal"><span lang="EN-US"> topology change timer 0.00 gc
timer 2.19</span></p>
<p class="MsoNormal"><span lang="EN-US"> flags </span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">eth1 (2)</span></p>
<p class="MsoNormal"><span lang="EN-US"> port id 8002 state
forwarding</span></p>
<p class="MsoNormal"><span lang="EN-US"> designated root 8000.005056b804c2 path
cost 100</span></p>
<p class="MsoNormal"><span lang="EN-US"> designated bridge 8000.005056b804c2 message
age timer 0.00</span></p>
<p class="MsoNormal"><span lang="EN-US"> designated port 8002 forward
delay timer 0.00</span></p>
<p class="MsoNormal"><span lang="EN-US"> designated cost 0 hold
timer 0.19</span></p>
<p class="MsoNormal"><span lang="EN-US"> flags </span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">tap0 (1)</span></p>
<p class="MsoNormal"><span lang="EN-US"> port id 8001 state
forwarding</span></p>
<p class="MsoNormal"><span lang="EN-US"> designated root 8000.005056b804c2 path
cost 100</span></p>
<p class="MsoNormal"><span lang="EN-US"> designated bridge 8000.005056b804c2 message
age timer 0.00</span></p>
<p class="MsoNormal"><span lang="EN-US"> designated port 8001 forward
delay timer 0.00</span></p>
<p class="MsoNormal"><span lang="EN-US"> designated cost 0 hold
timer 0.19</span></p>
<p class="MsoNormal"><span lang="EN-US"> flags</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">eg:</span></p>
<p class="MsoNormal"><span lang="EN-US">brctl showmacs br0:</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">port no mac addr is
local? ageing timer</span></p>
<p class="MsoNormal"><span lang="EN-US"> 2 00:50:56:b8:04:c2 yes
0.00</span></p>
<p class="MsoNormal"><span lang="EN-US"> 1 00:ff:46:97:7f:d5 yes
0.00</span></p>
<p class="MsoNormal"><span lang="EN-US"> 2 7a:6e:9f:28:12:79 no
0.56</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">7a:6e:9f:28:12:79 -- the openvpn client</span></p>
<p class="MsoNormal"><span lang="EN-US">00:ff:.... -- tap0</span></p>
<p class="MsoNormal"><span lang="EN-US">00:50:56... -- eth1</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">Thanks,</span></p>
<p class="MsoNormal"><span lang="EN-US"> </span></p>
<p class="MsoNormal"><span lang="EN-US">Ryan</span></p></div></div></blockquote><div>I too am seeing this problem, I've tested with Lenny and Squeeze on ESX 4 and still see the same problem. I am anxiously awaiting some help on how to troubleshoot the problem. This is a big hang up for me. I don't know if the virtual switch is sending out multiple replies or what, I'm going to set this up on some physical hardware and compare. I don't know what else to do.<br>
<br>Thanks,<br clear="all"><br>Robert LeBlanc<br>Life Sciences & Undergraduate Education Computer Support<br>Brigham Young University<br>
<br> </div></div><br>