Linux Ethernet Bridge

Mark Zipp | 1 Dec 2005 03:26

Picon

Multiple "br" interfaces for a single bridge ?

Hi,

We've been recently trying to use VRRP
(https://sourceforge.net/projects/vrrpd/) to provide redundancy for a
couple of servers. What we wanted to do was to have both servers be
VRRP backups for the other. For example :

Server A - eth0
VRRP Master IP - 10.0.0.1
VRRP Backup IP - 10.0.0.2

Server B - eth0
VRRP Master IP - 10.0.0.2
VRRP Bcakup IP - 10.0.0.1

We'd then put two A records in DNS for the single hostname, and then
rely DNS round robin to perform basic load balancing between the
servers. If one of the servers fails, then the other would then take
over both of the VRRP Master IP addresses. This wouldn't be a perfect
fail over as any existing TCP sessions would die, however it is enough
availability for our requirements.

One problem we have is that, due to the way VRRP has to interact with
kernel ARP, the vrrpd software changes the assigned MAC addresses on
the interfaces it has been configured to use. Since the above scenario
would have two VRRP groups, resulting in two different MAC addresses,
we can't run two instances of VRRP as above using the same ethernet
interface.

One idea we had was to create a bridge on each server, add eth0 and

(Continue reading)

Mark Zipp | 1 Dec 2005 03:08

Picon

Bridge ports needlessly going through learning stage when STP disabled ?

Hi,

I've recently noticed that on my ubunto box, running 2.6.10-5-386,
that even when I have STP disabled on a bridge (which I think is the
default), when you add a new interface to the bridge, it still goes
through at least some of the port states, as well as listing messages
in the brctl STP state display such as "flags                 
TOPOLOGY_CHANGE TOPOLOGY_CHANGE_DETECTED".

Is this the right behaviour ? The 15 to 30 second delay before the
port moves to Forwarding state can be frustrating, as you don't expect
it, and for that period of time, start to think there is something
else wrong in the network's configuration.

Thanks,
Mark.

P.S., please CC me on any replies as I'm not subscribed to the list.

Ben Greear | 1 Dec 2005 18:11

Re: Multiple "br" interfaces for a single bridge ?

Mark Zipp wrote:
> Hi,
> 
> We've been recently trying to use VRRP
> (https://sourceforge.net/projects/vrrpd/) to provide redundancy for a
> couple of servers. What we wanted to do was to have both servers be
> VRRP backups for the other. For example :
> 
> Server A - eth0
> VRRP Master IP - 10.0.0.1
> VRRP Backup IP - 10.0.0.2
> 
> Server B - eth0
> VRRP Master IP - 10.0.0.2
> VRRP Bcakup IP - 10.0.0.1
> 
> We'd then put two A records in DNS for the single hostname, and then
> rely DNS round robin to perform basic load balancing between the
> servers. If one of the servers fails, then the other would then take
> over both of the VRRP Master IP addresses. This wouldn't be a perfect
> fail over as any existing TCP sessions would die, however it is enough
> availability for our requirements.
> 
> One problem we have is that, due to the way VRRP has to interact with
> kernel ARP, the vrrpd software changes the assigned MAC addresses on
> the interfaces it has been configured to use. Since the above scenario
> would have two VRRP groups, resulting in two different MAC addresses,
> we can't run two instances of VRRP as above using the same ethernet
> interface.
>

(Continue reading)

kanhu | 9 Dec 2005 07:17

Unable to learn macs on bridge ports

Hi list,

I am using bridge-utils with uClinux having kernel-2.4.19.
All the commands with brctl is working fine except the showmacs.
when i execute the command

/>brctl showmacs test

bridge name     bridge id               STP enabled     interfaces

It does not show any learned mac, So the bride(test) is not functioning 
properly for unicast packets.
Bridging option is already enabled in kernel.

Any help to proceed is welcome

With Thanks & Regards
             Kanhu

Stephen Hemminger | 9 Dec 2005 18:09

Re: Unable to learn macs on bridge ports

On Fri, 09 Dec 2005 11:47:59 +0530
kanhu <kanhu <at> innomedia.soft.net> wrote:

> Hi list,
> 
> I am using bridge-utils with uClinux having kernel-2.4.19.
> All the commands with brctl is working fine except the showmacs.
> when i execute the command
> 
> />brctl showmacs test
> 
> bridge name     bridge id               STP enabled     interfaces
> 
> It does not show any learned mac, So the bride(test) is not functioning 
> properly for unicast packets.
> Bridging option is already enabled in kernel.
> 
> Any help to proceed is welcome
> 
> With Thanks & Regards
>              Kanhu

What architecture? and are perhaps bridge-utils thought it had sysfs
support in the build, but it 2.4.19 doesn't have that.

--

-- 
Stephen Hemminger <shemminger <at> osdl.org>
OSDL http://developer.osdl.org/~shemminger

(Continue reading)

ro0ot | 11 Dec 2005 08:59

Bridging Firewall with Kernel 2.6 failed

Hi all,

I have a bridging firewall running fine with kernel 2.4.31 (Slackware 
10.1) and iptables 1.2.11

Yesterday I install the new kernel 2.6.14.3 and iptables 1.3.4 but the 
bridging firewall doesn't work anymore.

Do I need to patch the kernel 2.6 as what I did it for kernel 2.4? Or 
what I have missed?

Regards,
ro0ot

Gary W. Smith | 11 Dec 2005 10:11

RE: Bridging Firewall with Kernel 2.6 failed

Hi ro0ot, 

Exactly what part of "doesn't work anymore" doesn't work?  Does it not
work when you create the bridge or does it not work after you apply
iptables?  What commands are you running to instantiate the bridge?
What commands do you think are failing?

Gary Wayne Smith

> -----Original Message-----
> From: netfilter-bounces <at> lists.netfilter.org [mailto:netfilter-
> bounces <at> lists.netfilter.org] On Behalf Of ro0ot
> Sent: Saturday, December 10, 2005 11:59 PM
> To: netfilter <at> lists.netfilter.org; bridge <at> lists.osdl.org
> Subject: Bridging Firewall with Kernel 2.6 failed
> 
> Hi all,
> 
> I have a bridging firewall running fine with kernel 2.4.31 (Slackware
> 10.1) and iptables 1.2.11
> 
> Yesterday I install the new kernel 2.6.14.3 and iptables 1.3.4 but the
> bridging firewall doesn't work anymore.
> 
> Do I need to patch the kernel 2.6 as what I did it for kernel 2.4? Or
> what I have missed?
> 
> Regards,
> ro0ot
>

(Continue reading)

ro0ot | 13 Dec 2005 19:31

Re: Bridging Firewall with Kernel 2.6 failed

Hi Gary,

All the commands I ran did not show any failing messages.

The traffic doesn't seems passing through the bridge, why?

Do I need "physdev" in iptables to get bridging firewall work?

Gary W. Smith wrote:

>Hi ro0ot, 
>
>Exactly what part of "doesn't work anymore" doesn't work?  Does it not
>work when you create the bridge or does it not work after you apply
>iptables?  What commands are you running to instantiate the bridge?
>What commands do you think are failing?
>
>Gary Wayne Smith
>
>  
>
>>-----Original Message-----
>>From: netfilter-bounces <at> lists.netfilter.org [mailto:netfilter-
>>bounces <at> lists.netfilter.org] On Behalf Of ro0ot
>>Sent: Saturday, December 10, 2005 11:59 PM
>>To: netfilter <at> lists.netfilter.org; bridge <at> lists.osdl.org
>>Subject: Bridging Firewall with Kernel 2.6 failed
>>
>>Hi all,
>>

(Continue reading)

ro0ot | 13 Dec 2005 19:29

Re: Bridging Firewall with Kernel 2.6 failed

I am using kernel 2.6.14.3, iptables 1.3.4 and bridge-utils 1.0.6

I did flag the "802.1d Ethernet Bridging" in Networking 
support/Networking options

Gladiston Justini - JustiSecure wrote:

> Mr. ro0ot,
>
>     You need:
>         1. Kernel 2.6.xx
>         2. Iptables 1.3.xx
>         3. brctl-util
>
> In kernel configuration, do you flag  '802.1d Ethernet Bridging' in  
> Network support/Networking options
>
>
> Sorry my english.
> :)
> Gadi
>
>
>
>
>
> On Sun, 2005-12-11 at 15:59 +0800, ro0ot wrote:
>
>>Hi all,
>>

(Continue reading)

Kashif Ali Bukhari | 16 Dec 2005 16:03

Picon

Re: Bridging Firewall with Kernel 2.6 failed

iptabels dont support bridge use ebtables ;)

On 12/10/05, ro0ot <ro0ot <at> phreaker.net> wrote:
> Hi all,
>
> I have a bridging firewall running fine with kernel 2.4.31 (Slackware
> 10.1) and iptables 1.2.11
>
> Yesterday I install the new kernel 2.6.14.3 and iptables 1.3.4 but the
> bridging firewall doesn't work anymore.
>
> Do I need to patch the kernel 2.6 as what I did it for kernel 2.4? Or
> what I have missed?
>
> Regards,
> ro0ot
>
>
>
>
>

--
Syed Kashif Ali Bukhari
Network Engineer
Beaconhouse IT services, Lahore Pakistan

Group

gmane.linux.network.bridge.

Search Archive

Page

1 | 2 | 3 | 4 | 5

Articles in period: 40

December 2005

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

[PATCH] bridge: netfilter: using strlcpy() instead of strncpy() (17 May 2013)
[PATCH] Add support for netconsole driver used on bridge device with V (1 May 2013)
[PATCHv4 net-next 0/2] Add two new flags to bridge. (30 Apr 2013)
[PATCHv2 net-next 0/2] Add two new flags to bridge. (29 Apr 2013)
[PATCH net-next 0/2] Add some new flags to bridges. (29 Apr 2013)
[PATCH v2 net-next 0/6] Allow bridge to function in non-promisc mode (19 Apr 2013)
Configuration-messages from root switch hello-timer not forwarded (19 Apr 2013)
[PATCH] bridge: Add missing include for in6_addr (18 Apr 2013)
[PATCH] Notify userspace about bridge learning MAC on new port (15 Apr 2013)
bridging and VLANs (15 Apr 2013)
[PATCH net] bridge: make user modified path cost sticky (14 Apr 2013)
[PATCH 0/3] bridge: implement restricted forwarding policy (8 Apr 2013)
network namespace + bridge visibility (28 Mar 2013)
[PATCH net-next] bridge: remove unused variable ifm (28 Mar 2013)
[PATCH] bridge: fix crash when set mac address of br interface (23 Mar 2013)
[PATCH net-next] bridge: avoid br_ifinfo_notify when nothing changed (23 Mar 2013)
[PATCH 2/2] bridge: Use IPv6 link-local address for multicast listener (20 Mar 2013)
[PATCH v2] net: add ETH_P_802_3_MIN (28 Mar 2013)
[PATCH] bridge: netfilter: use PTR_RET instead of IS_ERR + PTR_ERR (12 Mar 2013)
[PATCH -next] bridge: using for_each_set_bit to simplify the code (11 Mar 2013)
[PATCH -next] bridge: using for_each_set_bit_from to simplify the code (11 Mar 2013)

Archives

12	May 2013
61	April 2013
80	March 2013
66	February 2013
140	January 2013
71	December 2012
20	November 2012
12	October 2012
12	September 2012
55	August 2012
10	July 2012
15	June 2012
18	May 2012
3	April 2012
40	March 2012
21	February 2012
17	January 2012
17	December 2011
39	November 2011
2	October 2011
18	September 2011
27	August 2011
6	July 2011
16	June 2011
51	May 2011
35	April 2011
100	March 2011
43	February 2011
23	January 2011
24	December 2010
21	November 2010
53	October 2010
10	September 2010
41	August 2010
20	July 2010
43	June 2010
47	May 2010
57	April 2010
102	March 2010
31	February 2010
82	January 2010
46	December 2009
103	November 2009
8	October 2009
11	September 2009
92	August 2009
27	July 2009
81	June 2009
143	May 2009
96	April 2009
82	March 2009
23	February 2009
44	January 2009
12	December 2008
39	November 2008
30	October 2008
31	September 2008
28	August 2008
43	July 2008
55	June 2008
51	May 2008
54	April 2008
67	March 2008
16	February 2008
33	January 2008
13	December 2007
52	November 2007
29	October 2007
35	September 2007
36	August 2007
20	July 2007
17	June 2007
30	May 2007
72	April 2007
73	March 2007
44	February 2007
38	January 2007
50	December 2006
38	November 2006
38	October 2006
32	September 2006
37	August 2006
37	July 2006
29	June 2006
40	May 2006
34	April 2006
19	March 2006
19	February 2006
21	January 2006
40	December 2005
38	November 2005
27	October 2005
30	September 2005
38	August 2005
30	July 2005
38	June 2005
51	May 2005
24	April 2005
47	March 2005
20	February 2005
97	January 2005
37	December 2004
15	November 2004
6	October 2004
52	September 2004
99	August 2004
71	July 2004
70	June 2004
71	May 2004
56	April 2004
54	March 2004
39	February 2004
37	January 2004
9	December 2003
11	November 2003
40	October 2003
48	September 2003
44	August 2003
64	July 2003
87	June 2003
78	May 2003
83	April 2003
75	March 2003
148	February 2003
68	January 2003
65	December 2002
84	November 2002
121	October 2002
82	September 2002
6	July 2002
89	June 2002
113	May 2002
103	April 2002
1	September 2001

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template