802.1q VLANs, Linux and Me

802.1q VLANs let you pass multiple Ethernet networks across a single physical Ethernet cable. By adding a 4-byte tag to the Ethernet header, 802.1q-enabled equipment can distinguish between the various networks on the wire and treat each of them separately. These tags are the reason why 802.1q VLANs are sometimes called “tagged VLANs”.

VLANs are an aggregation technology. I can take 10 Ethernet segments sitting out on the edge of my network and aggregate them across a single Gigabit Ethernet link to my core to be routed/filtered/whatever.

I use VLANs in my office to keep noisy equipment, such as servers, high-end switches, routers, etc. out of my work area. Due to the way the building is laid out, our fiber, SDSL and wireless connections all terminate in the same room as I work. If I had to keep my servers in here as well, I would quickly go deaf. Noisy stuff lives in a data closet on the first floor, keeping my office nice and quiet.

I recently removed an Extreme Network Summit 48 from the data closet. I had been using it to break out a bunch of 802.1q VLANs to devices that didn’t have VLAN support. Summit switches are fantastic (especially when you get them for next to nothing on ebay), but they are also fairly loud and run hot. I wasn’t really using any of the Layer 3 features that the switch offered, so I wanted to get rid of it. Since its primary use was breaking out my tagged VLANs to my Zebra-based BGP router, I figured I would try out RedHat 9 on the router, which ships with VLAN support and see if I couldn’t get rid of the Summit entirely.

Everything seemed OK, at first. The VLAN stuff worked out of the box. The 8021q kernel module is included in the standard RedHat kernel build and the vconfig tool is available as an RPM.

Unfortunately, when the Zebra BGP daemon tried to suck down routes from my peers, it would get one or two routes, then stop. After a tip from RS, it became clear that Ethernet packets larger than 1468 bytes were getting dropped on the floor. With a default MTU of 1500, you should be able to get a 1472 (1500-28 bytes of IP header==1472) byte ping through. Interestingly, 1472-1768==4 — the size of an 802.1q tag.

As it turns out, RedHat included 802.1q kernel drivers and 802.1q user space tools, but did not modify the Ethernet drivers in the kernel to support VLAN-sized Ethernet frames. Tsk tsk, RedHat. After digging around a bit, I found a patch for my 3c59x-based Ethernet card. But now I’m stuck patching the 3c59x driver everytime RedHat releases a new kernel. Someone has already opened up a ticket with RedHat on this issue, so hopefully they’ll resolve it themselves some day.

As far as I can tell, none of the major Linux distributions have patched their Ethernet drivers to support VLANs. So if you’re trying the same thing, dig around on google a bit and see if you can find a patch.

For the (even more?) technically inclined:

Configuring VLANs under RedHat 9 will be very familiar with anyone who has configured standard Ethernet interfaces under earlier RedHats. Just create a file called ifcfg-ethx.vlany, where x is the physical Ethernet interface that the VLAN terminates on and y is the VLAN ID. If you want to use tagged and untagged VLANs at the same time, just create a standard ifcfg-ethx file, with the IP address, netmask and other details for your untagged VLAN. If you are going to use tagged VLANs only, you’ll want to create a ifcfg-ethx that contains:

DEVICE=ethx
ONBOOT=yes

to make sure the interface that your tagged VLANs are hanging off is brought up at boot-time.

Posted by pmk at April 16, 2003 12:30 PM | TrackBack