Why multiple filtering databases in 802.1q?

Archived from groups: comp.dcom.lans.ethernet (More info?)

In article <1103228617.727069.306820@z14g2000cwz.googlegroups.com>,
<cnelson@nycap.rr.com> wrote:
:I'm looking at Q-BRIDGE-MIB (the MIB for 802.1q bridges, as defined in
:RFC 2674) and I'm trying to understand why multiple filtering databases
:are useful.

Looking briefly at the RFC, it looks to me that one might have different
filtering databases for different VLANs. Also, it appears one might have
different virtual filtering databases, such as having one for multicast
filtering that might distinct from one for unicast filtering, which
might in turn be distinct from one for other purpose I haven't
heard of before.

When creating a standard, it is often better to allow for the
possibility of multiple instances of something and later find out
that people only ever use one of them, then to allow for only
one instance and later find that people are chaffing because they
really need more than one.
--
"There are three kinds of lies: lies, damn lies, and statistics."
-- not Twain, perhaps Disraeli, first quoted by Leonard Courtney

Archived from groups: comp.dcom.lans.ethernet (More info?)

cnelson@nycap.rr.com wrote:
> I'm looking at Q-BRIDGE-MIB (the MIB for 802.1q bridges, as defined
in
> RFC 2674) and I'm trying to understand why multiple filtering
databases
> are useful. I think I see how this would be useful in a firewall
> (having one db for external traffic, one for internal, and a router
to
> copy between them) but not in a bridge/switch. Can anyone give me or
> point me at a clue? TIA.

There's an annex in the 802.1Q spec that describes scenarios
where shared (single filtering database) and independent
(multiple filtering databases) VLAN learning are needed.
Both have their merits depending on what one is trying
to accomplish.

As another poster pointed out, multiple filtering databases
are needed if the same MAC address appears in two VLANs
on different ports of the same switch. I think (but not
sure) that DECnet Phase IV routers used the same MAC address
on every interface, which would fit the above scenario if
it was attached to a switched network.

Without multiple filtering databases, the MAC address
would be learned only in the VLAN in which it most recently
appeared as a source address. The address would keep flip-flopping
between the ports and traffic from one of the VLANs
would be either be directed to the wrong destination, or
discarded because it didn't have that port in its membership.

Anoop

Archived from groups: comp.dcom.lans.ethernet (More info?)

In article <1103228617.727069.306820@z14g2000cwz.googlegroups.com>,
cnelson@nycap.rr.com writes:
>I'm looking at Q-BRIDGE-MIB (the MIB for 802.1q bridges, as defined in
>RFC 2674) and I'm trying to understand why multiple filtering databases
>are useful. I think I see how this would be useful in a firewall
>(having one db for external traffic, one for internal, and a router to
>copy between them) but not in a bridge/switch. Can anyone give me or
>point me at a clue? TIA.

If you ever had a SUN workstation acting as a router or a
XP notebook happily bridging between its wireless and wired interfaces
you will know. :-)

There is some motivation in the Annex of the IEEE standards.
(Keywords: Independent vs. Shared VLAN Learning).

--
Manfred Kwiatkowski kwiatkowski@zrz.tu-berlin.de

Archived from groups: comp.dcom.lans.ethernet (More info?)

"Manfred Kwiatkowski" <kwia4000@bronto.zrz.TU-Berlin.DE> wrote in message
news:cpv01c$c00$1@mamenchi.zrz.TU-Berlin.DE...
> In article <1103228617.727069.306820@z14g2000cwz.googlegroups.com>,
> cnelson@nycap.rr.com writes:
> >I'm looking at Q-BRIDGE-MIB (the MIB for 802.1q bridges, as defined in
> >RFC 2674) and I'm trying to understand why multiple filtering databases
> >are useful. I think I see how this would be useful in a firewall
> >(having one db for external traffic, one for internal, and a router to
> >copy between them) but not in a bridge/switch. Can anyone give me or
> >point me at a clue? TIA.

the same MAC address may appear in different VLANs, where the bridge entry
needs to point to a different physical port.

if you get this, then either the bridge ignores some bridge entries, or
continually overwrites the entry, (or crashes...)

common examples used to be DECnet or OSI devices (still common in telco
telemetry systems). In IP, standardised MAC address such as used in VRRP can
be on multiple subnets.
>
> If you ever had a SUN workstation acting as a router or a
> XP notebook happily bridging between its wireless and wired interfaces
> you will know. :-)

A sun with multiple LAN ports normally gives them all the same MAC address -
but it isnt very useful to send all traffic to just 1 port.
>
> There is some motivation in the Annex of the IEEE standards.
> (Keywords: Independent vs. Shared VLAN Learning).
>
> --
> Manfred Kwiatkowski kwiatkowski@zrz.tu-berlin.de
--
Regards

Stephen Hope - return address needs fewer xxs

Archived from groups: comp.dcom.lans.ethernet (More info?)

anoop wrote:
> ...
> There's an annex in the 802.1Q spec that describes scenarios
> where shared (single filtering database) and independent
> (multiple filtering databases) VLAN learning are needed.
> ...

I thought 802.1Q was incorporated into 802.1D-2004 but I just got
802.1D-2004 and it has no such annex. I guess that was 802.1p that was
incorporated into 802.1D. Oh, well.