Traffic on a bridge which should not be there



  • Hi there,

    I have made myself the following setup:

    vr0 - bridge - vr1 (untagged traffic)
    vr0_vlan6 - vr1_vl3 (tagged traffic)

    vr0 and vr1 do not have an ip configuration but the network which goes over that bridge should be 10.0.0.0/16
    vr0_vlan6 is 10.6.0.1/16 and is the gateway for 10.6.0.0/16
    vr1_vlan3 is 192.168.3.6/24 and has a gateway 192.168.3.1/24 which is an interface on a router on the other end of a p2p connection.
    traffic

    10.0.0.0/16 is our management network in which devices like switches and APs have their management interface
    10.6.0.0/16 is a location LAN
    192.168.3.0/24 is a distribution network to make a distribution and access layer

    on vr0 and vr1 I have made rules to only allow traffic from and to 10.0.0.0/16

    But when we monitored the traffic we notices much more traffic on the interfaces than we expected. To our surprise a tcpdump of the interfaces bridge0, vr0 or vr1 shows ARP traffic which should be kept within vlan6. Like:

    
    13:31:59.118855 ARP, Request who-has 10.6.0.12 tell 10.6.4.13, length 46
    13:31:59.126889 ARP, Request who-has 10.6.0.12 tell 10.6.4.151, length 46
    13:31:59.157631 ARP, Request who-has 10.6.0.12 tell 10.6.4.82, length 46
    13:31:59.189747 ARP, Request who-has 10.6.0.12 tell 10.6.4.16, length 46
    13:31:59.190796 ARP, Request who-has 10.6.0.12 tell 10.6.4.15, length 46
    13:31:59.197579 ARP, Request who-has 10.6.0.12 tell 10.6.4.61, length 46
    
    

    I do not understand that traffic… most likely a lack of knowledge... could anyone of you explain this?

    Peter

    PS
    In reality the setup is a bit more complex... In reality I have 3 bridges and 4 distributed networks. Left them out for sake of simplicity.


Log in to reply