I have two workstations running Ubuntu 22.04 Server using netplan for network device management.
The first workstation has 5 NICs. The only two that I think matter for this are enp0s25 and `ens1. Here is my netplan config from that workstation:
network:
renderer: networkd
version: 2
ethernets:
enp0s25:
dhcp4: false
dhcp6: false
link-local: []
ignore-carrier: true
enp10s0f0:
dhcp4: false
dhcp6: false
link-local: []
ignore-carrier: true
enp10s0f1:
dhcp4: false
dhcp6: false
link-local: []
ignore-carrier: true
ens1:
dhcp4: false
dhcp6: false
link-local: []
ignore-carrier: true
vlans:
vlan10:
accept-ra: no
id: 10
link: enp0s25
bridges:
br0:
dhcp4: true
link-local: []
interfaces:
- enp0s25
br1:
dhcp4: false
dhcp6: false
link-local: []
addresses: [10.233.20.90/23]
interfaces:
- vlan10
- ens1
parameters:
forward-delay: 0
stp: true
br2:
dhcp4: false
dhcp6: false
link-local: []
interfaces: [enp10s0f0]
br3:
dhcp4: false
dhcp6: false
link-local: []
interfaces: [enp10s0f1]
I have created vlan10 attached to the physical interface enp0s25 which is a VLAN with ID 10. I have attached both ens1 and vlan10 to br1. I have a whole bunch of devices plugged into the physical network connected to by ens1. I have a bunch of VMs attached to br1 using libvirt. The physical devices and VMs communicate just fine.
My theory was that untagged layer 2 traffic coming in ens1 would wind up tagged with vlan 10 on enp0s25. However I might have this all wrong.
I tried to confirm this using tcpdump running on the host
$ sudo tcpdump -i enp0s25 -n 'vlan 10'
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp0s25, link-type EN10MB (Ethernet), snapshot length 262144 bytes
23:45:01.873478 90:9a:4a:31:6d:58 > ff:ff:ff:ff:ff:ff, RRCP-0x25 query
23:45:02.416923 ARP, Request who-has 10.233.20.199 tell 10.233.20.205, length 46
23:45:02.871227 90:9a:4a:31:6d:58 > ff:ff:ff:ff:ff:ff, RRCP-0x25 query
23:45:03.417030 ARP, Request who-has 10.233.20.199 tell 10.233.20.205, length 46
23:45:03.745380 ARP, Request who-has 10.233.21.24 tell 10.233.20.90, length 28
23:45:03.872080 90:9a:4a:31:6d:58 > ff:ff:ff:ff:ff:ff, RRCP-0x25 query
It seems like this works?
My second workstation (similar hardware) has a netplan like this
network:
renderer: networkd
version: 2
ethernets:
enp0s25:
dhcp4: false
dhcp6: false
link-local: []
ignore-carrier: true
vlans:
vlan10:
accept-ra: no
id: 10
link: enp0s25
vlan100:
accept-ra: no
id: 100
link: enp0s25
bridges:
br0:
dhcp4: true
dhcp6: false
link-local: []
interfaces:
- enp0s25
br10:
dhcp4: true
dhcp6: false
link-local: []
interfaces:
- vlan10
br100:
dhcp4: false
dhcp6: false
link-local: []
interfaces:
- vlan100
My assumption was that I could see the vlan 10 traffic on the second workstation. Running sudo tcpdump -n -i enp0s25 'vlan 10' does not show what I would expect
$ sudo tcpdump -n -i enp0s25 'vlan 10'
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp0s25, link-type EN10MB (Ethernet), snapshot length 262144 bytes
23:50:54.153304 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 92:e7:5b:f0:b0:7a, length 292
The DHCP traffic is just the local machine trying to get an IP since I asked netplan to run DHCP on the brdige. I'm not seeing the VLAN tagged frames show up on this machine at all.
Is there an issue with my setup here? Is there something more I need to do in order to get this to work?
Update: I plugged my laptop's ethernet port directly into the 1st workstation. I see the same traffic using tcpdump on vlan 10 that I see running it on the host. So is it possibly my network switches somehow do not pass 802.1Q traffic? All my switches are 'dumb switches' which I would assume do not care about the 802.1Q field.
