How can I ping successfully from an vlan interface on Linux?
There are a few potential issues
Oddly named VLAN interface
5: eth1.100@eth0
You named the interface eth1.100 (convention for VLAN 100 on physical interface eth1), but it is actually on eth0
Physical network configuration
You don't mention anything about the network outside your (virtual) machine. The switch/router on the other side of the link needs to expect VLAN tagged frames and then do something with them. If it is a Linux bridge device to a real network outside, it will pass the frames directly, so the external physical switch and/or router needs to handle this.
Routing table
Viewable by running
route -n
this table dictates how IP packets get out of the system. The IP address of google, not being on the same subnet as any entry of your routing table (probably) will follow the rules for default gateway. By using -I on your ping command, you are restricting the interface from which the packet can leave. If there is no default gateway associated with that interface (and no explicit route for google's IP address), the packet cannot leave your system.
Note that you are likely to run into issues on both your end and the router's end if you try to span one subnet across multiple VLANs, mostly in which interface the router sends responses.
Summary
Check that the network outside your computer supports having VLAN tagged frames, check that you set the VLAN interface on the correct physical interface, and check your routing table. You'll probably need to add an appropriate route entry. You should probably also pick a different subnet for VLAN100.
Related videos on Youtube
Kintarō
Updated on September 18, 2022Comments
-
Kintarō over 1 year
I created a VLAN interface on my Ubuntu VM:
root@vagrant-ubuntu-trusty-64:~# ifconfig eth0 Link encap:Ethernet HWaddr 08:00:27:2e:8d:5d inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fe2e:8d5d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:11689 errors:0 dropped:0 overruns:0 frame:0 TX packets:6208 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:6404810 (6.4 MB) TX bytes:503856 (503.8 KB) eth1 Link encap:Ethernet HWaddr 08:00:27:5b:5e:65 inet addr:192.168.1.12 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fe5b:5e65/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2099 errors:0 dropped:0 overruns:0 frame:0 TX packets:255 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:226325 (226.3 KB) TX bytes:17918 (17.9 KB) eth1.100 Link encap:Ethernet HWaddr 08:00:27:2e:8d:5d inet addr:10.0.2.20 Bcast:10.0.2.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fe2e:8d5d/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:47 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 B) TX bytes:2286 (2.2 KB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:235 errors:0 dropped:0 overruns:0 frame:0 TX packets:235 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:26320 (26.3 KB) TX bytes:26320 (26.3 KB) root@vagrant-ubuntu-trusty-64:~# ip -d link show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 promiscuity 0 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:2e:8d:5d brd ff:ff:ff:ff:ff:ff promiscuity 0 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 08:00:27:5b:5e:65 brd ff:ff:ff:ff:ff:ff promiscuity 0 5: eth1.100@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default link/ether 08:00:27:2e:8d:5d brd ff:ff:ff:ff:ff:ff promiscuity 0 vlan protocol 802.1Q id 100 <REORDER_HDR>
However, whenever I try to ping something with is outside the box, the vlan interface can't ARP successfully.
root@vagrant-ubuntu-trusty-64:~# ping -I eth1.100 www.google.com PING www.google.com (216.58.216.4) from 10.0.2.20 eth1.100: 56(84) bytes of data. From vagrant-ubuntu-trusty-64 (10.0.2.20) icmp_seq=1 Destination Host Unreachable From vagrant-ubuntu-trusty-64 (10.0.2.20) icmp_seq=2 Destination Host Unreachable
The tcpdump shows below:
vagrant@vagrant-ubuntu-trusty-64:~$ sudo tcpdump -i eth1.100 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth1.100, link-type EN10MB (Ethernet), capture size 65535 bytes 08:15:00.244512 ARP, Request who-has lax02s21-in-f4.1e100.net tell vagrant-ubuntu-trusty-64, length 28 08:15:01.241409 ARP, Request who-has lax02s21-in-f4.1e100.net tell vagrant-ubuntu-trusty-64, length 28 08:15:02.242227 ARP, Request who-has lax02s21-in-f4.1e100.net tell vagrant-ubuntu-trusty-64, length 28 08:15:03.262607 ARP, Request who-has lax02s21-in-f4.1e100.net tell vagrant-ubuntu-trusty-64, length 28
Did I setup everything correctly?