BPI-R2 Pro use lan ports in same subnet

Hello I have a BPI R2 PRO and I use ( [BPI-R2 Pro] Debian Bullseye / Ubuntu 22.04 I want to give static IPs to lan ports in the same subnet when I did it I could not get ping request . Is there any way for this problem? Best Regards

In order to have all (some) lan ports in a single subnet, You have to create a bridge and add all required lan-ports to it.

In general R2 Pro approach should be the same as for R2, since both of them uses the same dsa-driver.

So you may starrt with this thread.

Hello thanks for your reply but i want to assign lan ports different ips in same subnet Best Regards

That’s not possible because routing requires to have 1 interface per subnet

Hello, Are arp_announce=1 and arp_ignore=2 commands helpful for this purpose? Or there is no hope

Best regards

The task is not really clear, at least for me. Are you going to assign a multiple ip addresses from a same subnet for different LAN ports?

In general it might be possible when you use policy based routing. As i got it’s not a R2 PRO related, but a general Linux related task. But no useful advice beyond “policy based routing” and probably “ip unnumbered” keywords unless the task is clear. :wink:

Thank you . Now I want to assign different ip in same subnet for example lan ports lan0->192.10.48.25,lan1->192.10.48.24, I will research on this problem, when I found solution i will post here

The question is why do you need different ips from same subnet on same device?

You can work over a bidge with 1 ip and still monitor traffic on port. It will be more performant using bridge than do all with (policy) routing.

I have not used policy routing this way, as this looks like a horrible setup where it can be better ways.

i used it for routing packets from specific interface,my voip pppoe, to specific device, my voip box. And some time ago i did some kind of loadbalancing over 2 uplinks which needed policy routing too (and marking in firewall).

Hello, I have 4 TCP-based devices and their IPs are static, end they send HL7 information through TCP. They were on the same network and their destination IP was static I can’t change it because I don’t know their password. Now I have destination IPs and devices’ IPs, I want to assign their destination IPs to plan ports. But When I set the same Ip in the same subnet it not working. I tried ar_filter and I thought it worked. But I am wrong It is not working.

if you have a birdge with ip from same subnet you can access all 4 devices…but you cannot use one of the ip’s these external devices using. you don’t need to set ip on each lan-port

grafik

Thank you for your reply but all of 4 devices first connect to BPI R2 pro , after connecttion they send data to lan ports I can not need send data to devices . They send data in one-direction. I listening TCP/IP data which come from devices. I could not acces the IP configuration of devices . Because their configuration password lost long time ago.

nearly all devices have a factory-reset function to reset them to the vendors defaults

I read some articles about this problem which callad ARP Flux avoiding . I am not sure but there is a interesting thing happened. my lan2 ->>185.36.22.12 my lan3->>185.36.22.11 external devices on 185.36.22.29 When I plug my etehernet cable on lan2 I used and I saw I can send ping from lan2 with IP of LAN3 ping -I 185.36.22.11 185.36.22.29

I am not sure but I think in restarting of networking process something going wrong and lan3 interfaces could start properly. Could you share resaon of this problem ? Best regards

it is the routing problem i mentioned…if you have multiple interfaces with same ip subnet, routing process does not know to which interface it should send the data when only using the target-ip…you can define also device for ping, but you cannot do normal traffic without very complex setup…

maybe using a bridge and assigning all ips you currently want on the lan-interfaces??

a single interface can handle multiple IPs from same subnet…

Could you give more details please? Best Regards.

if i understand you correctly your devices in same subnet sending data to a specific IP which you try to assign to your lan-ports.

so you can create a bridge and then add all the local target-ips to the bridge (do not know if this can be done via interfaces-file)

ip a a 192.10.48.25/24 dev br0
ip a a 192.10.48.24/24 dev br0
...

this results in clear routing where the subnet is only on the bridge configured and all devices can send data to the specific ip which is always on the bridge

edit: this way you can do it in interfaces-file (if openwrt supports this override-syntax):

https://askubuntu.com/a/667243

Hi

the question is not WHY one should want to change this behaviour. There are good reasons for wanting ports to act like they were on separate devices, including some security issues.

The keyword here is “Weak Host Model vs Strong Host Model”.

https://unix.stackexchange.com/questions/258810/linux-source-routing-strong-end-system-model-strong-host-model

I ran into the same issue, my approach so far:

Part I, ARP, /etc/sysctl.d/arp.conf:

net.ipv4.conf.all.arp_ignore=1
net.ipv4.conf.all.arp_filter=1
net.ipv4.conf.all.arp_announce=2

Part II, Policy Routing (must be enabled in Kernel!), Example: /etc/network/if-up.d/routes.conf

ip route flush dev lan0
ip route add 192.10.48.0/24 dev lan0 proto static src 192.10.48.25 table 100
#ip route add default via 192.10.48.1 dev lan0 proto static src 192.10.48.25 table 100
ip rule add from 192.10.48.25 lookup 100

ip route flush dev lan1
ip route add 192.10.48.0/24 dev lan1 proto static src 192.10.48.24 table 101
#ip route add default via 192.10.48.1 dev lan0 proto static src 192.10.48.24 table 101
ip rule add from 192.10.48.24 lookup 101

So far means, that is not perfect yet. Sometimes traffic stops for a few seconds if more than one port is active. I’m on it.

Stephan

Yes because device does not know where to route packets when same net is connected to multiple interfaces…this cannot be solved with policy routing. From ip routing PoV the target ip is available through multiple interfaces and so either the first or second interface sends packet out…and if one interface assignes the subnet for routing it invalidates the other…this is why you get some gaps between.

So either bridge the ports or give them different subnets. Multiple ports with same subnet directly connected is wrong network topology. Non-directly-connected subnets are different case…here you can do policy routing to prefer one uplink against the other.

You may also want to try use proxy_arp for lan0-lan3

The scheme we did use in production a couple of years ago:

  • The gateway ip is on the loopback interface. Uness you have plans for dynamic routing you can use /32 prefix for it e.g. 192.168.0.1/32 on the lo

  • enable proxy_arp for each lan port in use e.g. (not sure about all and default, but you can test it)

    net.ipv4.conf.lan0.proxy_arp = 1
    net.ipv4.conf.lan2.proxy_arp = 1
  • route ip directly to the interface e.g
    ip route add 192.168.0.10/32 dev lan0
    ip route add 192.168.0.11/32 dev lan1

I might miss something (sysctl or pbr part) - i didn’t use this approach for a while, but after you get som result we can figure out if we miss something.

The client still may have /24 prefix on their side e.g. 192.168.0.10/24 on lan0 and 192.168.0.11/24 on lan1

After implementin you’ll have a “L3 bridge emulation” with all its advantages like full traffic control (ipatbles etc.) and diasdvantages like CPU load on local traffic processing that would’be processed by HW brisde in standard scheme.

P.S. and of cource you need to enable forwarding on all of the interfaces in use

P.P.S never tried anyling like this with ipv6

Now I got a configuration, that works FOR ME. It’s derived from an old script for the BPI-R1 and uses one bridge and one vlan per interface.

Since I didn’t get it translated to systemd/networkd config files after several hours of reading and trying, I now take the old approach as an if-up.d script (no config in /etc/network/interfaces).

Shortened and using the addresses above it would look like:

#!/bin/bash
#
# BPI-R1 DSA VLAN configuration
# Distributed Switch Architecture interface
# See also: https://forum.armbian.com/index.php?/topic/3476-bpi-r1-with-new-b53-switch-driver-dsa/#comment-24952

[ "$IFACE" == "--all" ] || exit 0

# Prerequisites in /etc/sysctl.d/arp.conf:
#net.ipv4.conf.all.arp_ignore=1
#net.ipv4.conf.all.arp_announce=2

#
############################################
#
# eth0
#
ip link set eth0 down
ip route flush default
ip address flush eth0
ip link set eth0 up

#
############################################
#
# LAN0
#

ip link add link eth0 name eth0.100 type vlan id 100
ip link add name br0 type bridge
ip link set lan0 master br0
ip link set eth0.100 master br0
bridge vlan add vid 100 dev lan0 pvid untagged
bridge vlan del dev lan0 vid 1 self
bridge vlan del dev lan0 vid 1 master
ip link set lan0 address 80:00:00:00:00:00
ip link set br0 address 80:00:00:00:00:00
ip link set eth0.100 address 80:00:00:00:00:00

ip address add 192.10.48.25/24 broadcast 192.10.48.255 dev br0
ip address add 2001:db8:16::1234:5678/64 dev br0

ip link set up br0
ip link set up lan0
ip link set up eth0.100

#
############################################
#
# LAN1
#

ip link add link eth0 name eth0.101 type vlan id 101
ip link add name br1 type bridge
ip link set lan1 master br1
ip link set eth0.101 master br1
bridge vlan add vid 101 dev lan1 pvid untagged
bridge vlan del dev lan1 vid 1 self
bridge vlan del dev lan1 vid 1 master
ip link set lan1 address 80:00:00:00:00:01
ip link set br1 address 80:00:00:00:00:01
ip link set eth0.101 address 80:00:00:00:00:01

ip address add 192.10.48.24/24 broadcast 192.10.48.255 dev br1
ip address add 2001:db8:16::1234:5679/64 dev br1

ip link set up br1
ip link set up lan1
ip link set up eth0.101

Now I can ping both ports in parallel without drops and in my own server applications distinguish the receiving port of packets in order to send answers on the same port.