0

Suppose I've created Linux bridge br1 and added three interfaces to it (eth0, eth1, eth2). Then suppose I've assigned IP1 and MAC1 to br1, so there is also the interface br1 in the system with MAC1 and IP1.

As far as I understand the virtual switch device implemented by the system treats the interface br1 as an additional port to the switch.

So, my question is what will happen if the virtual switch gets an incoming packet with the same source MAC as br1 MAC (on another port eth0, eth1 or eth2)? Will it silently learn it and not drop the traffic? There is no check that the packet is invalid because it has the same sMAC as the "internal" interface br1? Why is that?

Improve this question
4
  • You're supposing something that must never happen. All MAC addresses should be unique in the same Ethernet broadcast domain. If you see the same MAC address from multiple systems, then they are breaking the rule. See this Q/A about why this could happen with multiple (probably virtual and recent) Linux systems: unix.stackexchange.com/questions/719379/… Commented Mar 1, 2023 at 19:12
  • And by the way, br1 is not just an other port: it's the only part that participates in routing. Commented Mar 1, 2023 at 19:18
  • I know why it's happening in my system, I've got L2 loop between eth interfaces (eth1 and eth2), and I'm just wondering why not to make the Linux bridge more secure by adding an additional rule to filter incoming traffic by source MAC of its internal port. Well, maybe it violates some of the applications or is against the concept of a virtual switch (which shouldn't have MAC address) Commented Mar 2, 2023 at 5:15
  • 1
    If you activate STP on the bridge, it will automatically disable traffic on one of the two bridge ports creating a loop (note: AFAIK, STP doesn't work correctly in network namespaces, this has to be on a real host or a VM). Commented Mar 9, 2023 at 13:56

1 Answer 1

Reset to default
1

Then you have a duplicate MAC address on your network.

Solve that just like you'd solve any other duplicate MAC address - find the culprit and fix it.

Your comment:

against the concept of a virtual switch (which shouldn't have MAC address)

is incorrect. The Linux bridge is a software implementation of a Layer 2 switch. It should behave exactly as a Layer 2 switch does, including having a unique MAC address for its own Switched Virtual Interface (SVI), so that the switch can communicate with the rest of the network (or in this case, the Linux system on which the switch runs).

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.