Traffic on a bridge which should not be there
Peter Kaagman last edited by
I have made myself the following setup:
vr0 - bridge - vr1 (untagged traffic)
vr0_vlan6 - vr1_vl3 (tagged traffic)
vr0 and vr1 do not have an ip configuration but the network which goes over that bridge should be 10.0.0.0/16
vr0_vlan6 is 10.6.0.1/16 and is the gateway for 10.6.0.0/16
vr1_vlan3 is 192.168.3.6/24 and has a gateway 192.168.3.1/24 which is an interface on a router on the other end of a p2p connection.
10.0.0.0/16 is our management network in which devices like switches and APs have their management interface
10.6.0.0/16 is a location LAN
192.168.3.0/24 is a distribution network to make a distribution and access layer
on vr0 and vr1 I have made rules to only allow traffic from and to 10.0.0.0/16
But when we monitored the traffic we notices much more traffic on the interfaces than we expected. To our surprise a tcpdump of the interfaces bridge0, vr0 or vr1 shows ARP traffic which should be kept within vlan6. Like:
13:31:59.118855 ARP, Request who-has 10.6.0.12 tell 10.6.4.13, length 46 13:31:59.126889 ARP, Request who-has 10.6.0.12 tell 10.6.4.151, length 46 13:31:59.157631 ARP, Request who-has 10.6.0.12 tell 10.6.4.82, length 46 13:31:59.189747 ARP, Request who-has 10.6.0.12 tell 10.6.4.16, length 46 13:31:59.190796 ARP, Request who-has 10.6.0.12 tell 10.6.4.15, length 46 13:31:59.197579 ARP, Request who-has 10.6.0.12 tell 10.6.4.61, length 46
I do not understand that traffic… most likely a lack of knowledge... could anyone of you explain this?
In reality the setup is a bit more complex... In reality I have 3 bridges and 4 distributed networks. Left them out for sake of simplicity.