| Author |
Message |
Guest
|
 Posted:
Fri Dec 17, 2004 1:23 am Post subject:
Why multiple filtering databases in 802.1q? |
|
|
I'm looking at Q-BRIDGE-MIB (the MIB for 802.1q bridges, as defined in
RFC 2674) and I'm trying to understand why multiple filtering databases
are useful. I think I see how this would be useful in a firewall
(having one db for external traffic, one for internal, and a router to
copy between them) but not in a bridge/switch. Can anyone give me or
point me at a clue? TIA.
Chris |
|
| Back to top |
|
 |
Walter Roberson
Guest
|
| Posted:
Fri Dec 17, 2004 4:37 am Post subject:
Re: Why multiple filtering databases in 802.1q? |
|
|
In article <1103228617.727069.306820@z14g2000cwz.googlegroups.com>,
<cnelson@nycap.rr.com> wrote:
:I'm looking at Q-BRIDGE-MIB (the MIB for 802.1q bridges, as defined in
:RFC 2674) and I'm trying to understand why multiple filtering databases
:are useful.
Looking briefly at the RFC, it looks to me that one might have different
filtering databases for different VLANs. Also, it appears one might have
different virtual filtering databases, such as having one for multicast
filtering that might distinct from one for unicast filtering, which
might in turn be distinct from one for other purpose I haven't
heard of before.
When creating a standard, it is often better to allow for the
possibility of multiple instances of something and later find out
that people only ever use one of them, then to allow for only
one instance and later find that people are chaffing because they
really need more than one.
--
"There are three kinds of lies: lies, damn lies, and statistics."
-- not Twain, perhaps Disraeli, first quoted by Leonard Courtney |
|
| Back to top |
|
|
M.C. van den Bovenkamp
Guest
|
| Posted:
Fri Dec 17, 2004 4:46 am Post subject:
Re: Why multiple filtering databases in 802.1q? |
|
|
Walter Roberson wrote:
| Quote: | Looking briefly at the RFC, it looks to me that one might have different
filtering databases for different VLANs.
|
Yes, that's the idea. Can be useful sometimes; I've been bitten by SVL
switches (single database for all VLANs) and Suns with multiple
interfaces in different VLANs.
Suns use the 'MAC address per device'-paradigm by default and use the
same hardware address for all interfaces (I know you can change it to
use the interface MAC addresses, but it isn't the default).
Switches that use separate databases for each VLAN are not bothered by this.
Regards,
Marco. |
|
| Back to top |
|
|
anoop
Guest
|
| Posted:
Fri Dec 17, 2004 7:50 am Post subject:
Re: Why multiple filtering databases in 802.1q? |
|
|
cnelson@nycap.rr.com wrote:
| Quote: | I'm looking at Q-BRIDGE-MIB (the MIB for 802.1q bridges, as defined
in
RFC 2674) and I'm trying to understand why multiple filtering
databases
are useful. I think I see how this would be useful in a firewall
(having one db for external traffic, one for internal, and a router
to
copy between them) but not in a bridge/switch. Can anyone give me or
point me at a clue? TIA.
|
There's an annex in the 802.1Q spec that describes scenarios
where shared (single filtering database) and independent
(multiple filtering databases) VLAN learning are needed.
Both have their merits depending on what one is trying
to accomplish.
As another poster pointed out, multiple filtering databases
are needed if the same MAC address appears in two VLANs
on different ports of the same switch. I think (but not
sure) that DECnet Phase IV routers used the same MAC address
on every interface, which would fit the above scenario if
it was attached to a switched network.
Without multiple filtering databases, the MAC address
would be learned only in the VLAN in which it most recently
appeared as a source address. The address would keep flip-flopping
between the ports and traffic from one of the VLANs
would be either be directed to the wrong destination, or
discarded because it didn't have that port in its membership.
Anoop |
|
| Back to top |
|
|
anoop
Guest
|
| Posted:
Fri Dec 17, 2004 8:20 am Post subject:
Re: Why multiple filtering databases in 802.1q? |
|
|
cnelson@nycap.rr.com wrote:
| Quote: | I'm looking at Q-BRIDGE-MIB (the MIB for 802.1q bridges, as defined
in
RFC 2674) and I'm trying to understand why multiple filtering
databases
are useful. I think I see how this would be useful in a firewall
(having one db for external traffic, one for internal, and a router
to
copy between them) but not in a bridge/switch. Can anyone give me or
point me at a clue? TIA.
|
There's an annex in the 802.1Q spec that describes scenarios
where shared (single filtering database) and independent
(multiple filtering databases) VLAN learning are needed.
Both have their merits depending on what one is trying
to accomplish.
As another poster pointed out, multiple filtering databases
are needed if the same MAC address appears in two VLANs
on different ports of the same switch. I think (but not
sure) that DECnet Phase IV routers used the same MAC address
on every interface, which would fit the above scenario if
it was attached to a switched network.
Without multiple filtering databases, the MAC address
would be learned only in the VLAN in which it most recently
appeared as a source address. The address would keep flip-flopping
between the ports and traffic from one of the VLANs
would be either be directed to the wrong destination, or
discarded because it didn't have that port in its membership.
Anoop |
|
| Back to top |
|
|
Manfred Kwiatkowski
Guest
|
| Posted:
Fri Dec 17, 2004 9:03 pm Post subject:
Re: Why multiple filtering databases in 802.1q? |
|
|
In article <1103228617.727069.306820@z14g2000cwz.googlegroups.com>,
cnelson@nycap.rr.com writes:
| Quote: | I'm looking at Q-BRIDGE-MIB (the MIB for 802.1q bridges, as defined in
RFC 2674) and I'm trying to understand why multiple filtering databases
are useful. I think I see how this would be useful in a firewall
(having one db for external traffic, one for internal, and a router to
copy between them) but not in a bridge/switch. Can anyone give me or
point me at a clue? TIA.
|
If you ever had a SUN workstation acting as a router or a
XP notebook happily bridging between its wireless and wired interfaces
you will know. :-)
There is some motivation in the Annex of the IEEE standards.
(Keywords: Independent vs. Shared VLAN Learning).
--
Manfred Kwiatkowski kwiatkowski@zrz.tu-berlin.de |
|
| Back to top |
|
|
Erik Freitag
Guest
|
| Posted:
Fri Dec 17, 2004 9:55 pm Post subject:
Re: Why multiple filtering databases in 802.1q? |
|
|
On Fri, 17 Dec 2004 16:03:56 +0000, Manfred Kwiatkowski wrote:
| Quote: | If you ever had a SUN workstation acting as a router or a
XP notebook happily bridging between its wireless and wired interfaces
you will know. :-)
|
I've seen XP route between wireless and wired. How do you get it to bridge? |
|
| Back to top |
|
|
stephen
Guest
|
| Posted:
Sat Dec 18, 2004 12:38 am Post subject:
Re: Why multiple filtering databases in 802.1q? |
|
|
"Manfred Kwiatkowski" <kwia4000@bronto.zrz.TU-Berlin.DE> wrote in message
news:cpv01c$c00$1@mamenchi.zrz.TU-Berlin.DE...
| Quote: | In article <1103228617.727069.306820@z14g2000cwz.googlegroups.com>,
cnelson@nycap.rr.com writes:
I'm looking at Q-BRIDGE-MIB (the MIB for 802.1q bridges, as defined in
RFC 2674) and I'm trying to understand why multiple filtering databases
are useful. I think I see how this would be useful in a firewall
(having one db for external traffic, one for internal, and a router to
copy between them) but not in a bridge/switch. Can anyone give me or
point me at a clue? TIA.
|
the same MAC address may appear in different VLANs, where the bridge entry
needs to point to a different physical port.
if you get this, then either the bridge ignores some bridge entries, or
continually overwrites the entry, (or crashes...)
common examples used to be DECnet or OSI devices (still common in telco
telemetry systems). In IP, standardised MAC address such as used in VRRP can
be on multiple subnets.
| Quote: |
If you ever had a SUN workstation acting as a router or a
XP notebook happily bridging between its wireless and wired interfaces
you will know. :-)
|
A sun with multiple LAN ports normally gives them all the same MAC address -
but it isnt very useful to send all traffic to just 1 port.
| Quote: |
There is some motivation in the Annex of the IEEE standards.
(Keywords: Independent vs. Shared VLAN Learning).
--
Manfred Kwiatkowski kwiatkowski@zrz.tu-berlin.de
-- |
Regards
Stephen Hope - return address needs fewer xxs |
|
| Back to top |
|
|
Manfred Kwiatkowski
Guest
|
| Posted:
Sat Dec 18, 2004 1:28 am Post subject:
Re: Why multiple filtering databases in 802.1q? |
|
|
In article <pan.2004.12.17.16.55.57.474023@pobox.com>,
Erik Freitag <erik.freitag@pobox.com> writes:
| Quote: | On Fri, 17 Dec 2004 16:03:56 +0000, Manfred Kwiatkowski wrote:
If you ever had a SUN workstation acting as a router or a
XP notebook happily bridging between its wireless and wired interfaces
you will know. :-)
I've seen XP route between wireless and wired. How do you get it to bridge?
|
Just have the network connection wizard install multiple interfaces.
It will propose to install a bridge connection, which may be a good
idea with the local network at home.
It is definitly not if an AP on a WLAN VLAN and the wired port happen to
connect to the same HP 4000 (which is a SVL device).
--
Manfred Kwiatkowski kwiatkowski@zrz.tu-berlin.de |
|
| Back to top |
|
|
Guest
|
| Posted:
Tue Dec 21, 2004 2:18 am Post subject:
Re: Why multiple filtering databases in 802.1q? |
|
|
anoop wrote:
| Quote: | ...
There's an annex in the 802.1Q spec that describes scenarios
where shared (single filtering database) and independent
(multiple filtering databases) VLAN learning are needed.
...
|
I thought 802.1Q was incorporated into 802.1D-2004 but I just got
802.1D-2004 and it has no such annex. I guess that was 802.1p that was
incorporated into 802.1D. Oh, well. |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in