[FS#1224] Duplicate ICMP and ARP responses via several VLANs

LEDE Bugs lede-bugs at lists.infradead.org
Wed Dec 13 09:25:57 PST 2017


A new Flyspray task has been opened.  Details are below. 

User who did this - Simon Szustkowski (simonszu) 

Attached to Project - LEDE Project
Summary - Duplicate ICMP and ARP responses via several VLANs
Task Type - Bug Report
Category - Base system
Status - Unconfirmed
Assigned To - 
Operating System - All
Severity - Low
Priority - Very Low
Reported Version - lede-17.01
Due in Version - Undecided
Due Date - Undecided
Details - My setup:
I have a TP Link WRT3600 with LEDE 17.01.4 (bug appeared in earlier versions as well, at least in 17.01.3 and 17.01.2). The router is connected to a manageable switch via VLAN trunk. The trunk consists of 4 VLANs with the IDs 1, 10, 11 and 12. LEDE's IP and the switch's management IP are located in VLAN 1. There are other switches connected to the first switch, also via VLAN trunk. Each VLAN has their own /24 IPv4 subnet in the format 192.168..0/24.

The phenomenon:
A device in VLAN 10 or 12 pings the switch. tcpdump confirms that the switch is sending exactly one reply per request. However, the device receives duplicate pings (for now, 2 duplicates and a valid response). A check with tcpdump running on the LEDE router sniffing on eth0.1 receives the valid reply as well. A check with tcpdump on the router sniffing on eth0 in general shows the duplicates as well. The duplicates go away when i ping from the LEDE explicitly on eth0.1, but re-appear when i ping without an explicit ethernet device to use. tcpdump shows me even more: The valid response is marked VLAN 10 with the pinging device as target address. One duplicate is marked VLAN 10 with the same target address as well, but the second duplicate is marked VLAN 12 but with the pinging device as target address, which is an IP located in VLAN 1's subnet. The pinging client receives all three answers. 

This is also happening for ARP requests. The LEDE router makes an ARP request for the switch's management MAC address and replicates the answer to VLANs 10 and 12, so that these VLANs/subnets receive ARP answers they didn't request. 

This only happens for this particular switch. The other trunked switches have no replicated answers when they get pinged. This only happens for VLANs 10 and 12, VLAN 11 is not affected, there is no duplicate addressing it. I tried to create more VLANs, but the number of duplicates doesn't increase. I tried to move all the stuff from VLAN 12 to VLAN 14, and the duplicate change their destination to VLAN 14 as well. When i start a ping and observe it in my terminal window, and deactivate one of the interfaces for either VLAN 10 or 12, the number of replicates decreases. 

And last but not least: I started a ping and observed it in the terminal. Remember, it goes from VLAN 10 to VLAN 1. I created a firewall rule which should block all incoming ICMP responses from VLAN 1 back to VLAN 10. Nevertheless, with the rule activated, i still got three responses for each request, as if the firewall rule wasn't in place at all. 
   
The switch i was pinging the whole time was an Allied Telesis GS950/24. This phenomenon happens with other routers running OpenWRT Chaos Calmer 15.01 as well (namely a TP Link WR841n)
 

More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=1224



More information about the lede-bugs mailing list