How can I ping successfully from an vlan interface on Linux?



I created a VLAN interface on my Ubuntu VM:

root@vagrant-ubuntu-trusty-64:~# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:2e:8d:5d  
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::a00:27ff:fe2e:8d5d/64 Scope:Link
          RX packets:11689 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6208 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:6404810 (6.4 MB)  TX bytes:503856 (503.8 KB)

eth1      Link encap:Ethernet  HWaddr 08:00:27:5b:5e:65  
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::a00:27ff:fe5b:5e65/64 Scope:Link
          RX packets:2099 errors:0 dropped:0 overruns:0 frame:0
          TX packets:255 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:226325 (226.3 KB)  TX bytes:17918 (17.9 KB)

eth1.100  Link encap:Ethernet  HWaddr 08:00:27:2e:8d:5d  
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::a00:27ff:fe2e:8d5d/64 Scope:Link
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:47 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:2286 (2.2 KB)

lo        Link encap:Local Loopback  
          inet addr:  Mask:
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:235 errors:0 dropped:0 overruns:0 frame:0
          TX packets:235 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:26320 (26.3 KB)  TX bytes:26320 (26.3 KB)

root@vagrant-ubuntu-trusty-64:~# ip -d link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 promiscuity 0 
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:2e:8d:5d brd ff:ff:ff:ff:ff:ff promiscuity 0 
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 08:00:27:5b:5e:65 brd ff:ff:ff:ff:ff:ff promiscuity 0 
5: eth1.100@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 08:00:27:2e:8d:5d brd ff:ff:ff:ff:ff:ff promiscuity 0 
    vlan protocol 802.1Q id 100 <REORDER_HDR> 

However, whenever I try to ping something with is outside the box, the vlan interface can't ARP successfully.

root@vagrant-ubuntu-trusty-64:~# ping -I eth1.100
PING ( from eth1.100: 56(84) bytes of data.
From vagrant-ubuntu-trusty-64 ( icmp_seq=1 Destination Host Unreachable
From vagrant-ubuntu-trusty-64 ( icmp_seq=2 Destination Host Unreachable

The tcpdump shows below:

vagrant@vagrant-ubuntu-trusty-64:~$ sudo tcpdump -i eth1.100
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1.100, link-type EN10MB (Ethernet), capture size 65535 bytes
08:15:00.244512 ARP, Request who-has tell vagrant-ubuntu-trusty-64, length 28
08:15:01.241409 ARP, Request who-has tell vagrant-ubuntu-trusty-64, length 28
08:15:02.242227 ARP, Request who-has tell vagrant-ubuntu-trusty-64, length 28
08:15:03.262607 ARP, Request who-has tell vagrant-ubuntu-trusty-64, length 28

Did I setup everything correctly?


There are a few potential issues

Oddly named VLAN interface

5: eth1.100@eth0

You named the interface eth1.100 (convention for VLAN 100 on physical interface eth1), but it is actually on eth0

Physical network configuration

You don't mention anything about the network outside your (virtual) machine. The switch/router on the other side of the link needs to expect VLAN tagged frames and then do something with them. If it is a Linux bridge device to a real network outside, it will pass the frames directly, so the external physical switch and/or router needs to handle this.

Routing table

Viewable by running

route -n

this table dictates how IP packets get out of the system. The IP address of google, not being on the same subnet as any entry of your routing table (probably) will follow the rules for default gateway. By using -I on your ping command, you are restricting the interface from which the packet can leave. If there is no default gateway associated with that interface (and no explicit route for google's IP address), the packet cannot leave your system.

Note that you are likely to run into issues on both your end and the router's end if you try to span one subnet across multiple VLANs, mostly in which interface the router sends responses.


Check that the network outside your computer supports having VLAN tagged frames, check that you set the VLAN interface on the correct physical interface, and check your routing table. You'll probably need to add an appropriate route entry. You should probably also pick a different subnet for VLAN100.

