How would packet flow in this example work?

RouterOS Beginner Basics
1

I’ve read the packet flow here but they don’t really don’t go over logical VLAN interfaces, the only real reference I found to it was “see bridging section for more details” under the logical interface section.

The example is this:

You have a 4 port switch with VLAN filtering enabled. Ether 1 (PVID 10, untagged) and the bridge (VLAN 10, tagged). The switch has a logical VLAN interface setup for VLAN 10.

Ether 1 is sending MAC-Telnet, DST-IP 255.255.255.255 and the DST-MAC of the switch.

How I would expect it to work is this, A → Bridging Decision (Adds VLAN 10 tag, due to the destination being a tagged “port”) → B → I → (Routing Decision, it’s for the router to handle also due to broadcast) → J → decapsulate (It has a L3 logical interface which from my understanding strips the VLAN)

Now here is where I get confused because if it’s arriving back at A without a tag after the decapsulation, I’d assume the above would just loop again, forever which obviously doesn’t happen. So I am obviously misunderstanding something.

2

Yes, you are misunderstanding things, but not in any sort of boneheaded way :slight_smile:

The packet flow is actually much more complex than shown. This is true for all such diagrams - they illustrate certain things, and leave others out. Left as an exercise to the reader, if you will.

Let’s go over it:

  1. You understand correctly, that the packet is tagged upon entering the bridging section.
  2. You go a bit wrong here. The packet is not mpls, not ipv4 or ipv6 (actually ipv4 includes a check for arp as well) so it goes straight to
  3. VLAN decapsulation. This happens.
  4. Now the interface is vlan10, not a bridge port, so straight to “is it MPLS” - no. (Here you are also wrong: vlan interfaces are not l3 interfaces.)
  5. It is now ipv4, but…
  6. Here the packet is plucked out by mac-telnet, straight to user space. This is done by a so-called raw socket. So the packet doesn’t go through the usual routing, firewalling, etc. steps.

This sort of raw socket plucking thing happens near the “ipv4 or ipv6” decision, but it’s not shown.