[CentOS] VLAN tagging problems [SOLVED]

Robin Mordasiewicz robin at bullseye.tv
Sat Oct 29 00:19:22 UTC 2005

On Fri, 28 Oct 2005, Robin Mordasiewicz wrote:
> On Fri, 28 Oct 2005, Les Mikesell wrote:
>> On Fri, 2005-10-28 at 11:14, Robin Mordasiewicz wrote:
>>>>> We are using Centos behind an F5 Bigip load balancer.
>>>>> The linux box is using bonding and tagged VLAN's
>>>>> Everything works fine except that when traffic is forwarded from the 
>>>>> BigIP
>>>>> to the linux box on the VLAN where the web server is running the 
>>>>> linux box
>>>>> returns the traffic on the wrong VLAN, It returns traffic on the 
>>>>> lowest
>>>>> ordered VLAN.
>>>>> ie. here is a tcpdump on my load balancer showing traffic being sent 
>>>>> on
>>>>> VLAN 911 to the linux box, but the linux box returns traffic on VLAN 
>>>>> 902.
>>>>> The linux box is returning traffic on the same VLAN as its 
>>>>> configured
>>>>> default gateway. If I change the default gateway to be on the VLAN 
>>>>> 911
>>>>> then everytyhing works.
>>>> It seems reasonable to require a route to the destination on the
>>>> VLAN used.  Why should it ever do otherwise?  What are you trying
>>>> to accomplish by using a VLAN interface with no route back?
>>> Is there any way to say that if traffic is recieved on VLAN#911 to be 
>>> sure
>>> that the return traffic is tagged with the same vlan id. Currently 
>>> traffic
>>> is tagged based on the routing table, and even if traffic comes in on
>>> VLAN#911, when it returns the traffc it uses the VLAN tag from the 
>>> network
>>> that the default gateway is on(VLAN#902).
>> The BigIP will do this sort of magic itself to save the time looking
>> up the return route, but it really is black magic in terms of
>> standard networking where asymmetrical routes are permitted and
>> expected.  The reply packet doesn't have much to connect it to the
>> one that came in and it's path is determined by the route to the
>> destination address.   That said, there may be some black magic
>> you can do with iptables and the ip_conntrack info or some sort
>> of policy based routing.
> I will research policy based routing.

This is now working properly.
After googling "policy based routing linux" I came across a very helpful 
article, which explained how to use the ip command to create multiple 
routing tables. I have ended up creating a routing table for each tagged 


My setup is slightly different than the article, as I am bonding nic's 
together and then bringing up 802.1q tagged interfaces on the bond.

I have a multi homed, as in multiple tagged vlan 
interfaces. For example I have an interface bond0.101(, 
bond0.102(, bond0.103( For each interface I have 
issued commands...

ip ro add via table 101 
ip ru add from table 101
ip ro add via table 102
ip ru add from table 102
ip ro add via table 103
ip ru add from table 103

Now each interface has its own routing table. I may have left out some 
information in my explanation, as I am still teaching myself how to use 
the ip command, and to configure the /etc/iproute2/* config files.

Any further hints are appreciated.

More information about the CentOS mailing list