LDP
/
LDP
mirror of https://github.com/tLDP/LDP
0
1
Fork 0
Code Releases Activity

new entry; old howto

This commit is contained in:
gferg 2001-03-08 14:13:43 +00:00
parent 20830ff5d3
commit 220b246b26
1 changed files with 285 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

285
LDP/howto/linuxdoc/Bridge.sgml Normal file
View File

@ -0,0 +1,285 @@
<!doctype linuxdoc system>
<article>
<!-- Title information -->
<title>Bridging mini-Howto
<author>Christopher Cole,
<tt><htmlurl url="mailto:cole@coledd.com" name="cole@coledd.com"></tt>
<date>v1.21, March 7, 2001
<abstract>
This document describes how to setup an ethernet bridge. What
is an ethernet bridge? An ethernet bridge is a device that controls data
packets within a subnet in an attempt to cut down the amount of traffic.
A bridge is usually placed between two separate groups of computers that
talk within themselves, but not so much with the computers in the other
group. A good example of this is to consider a cluster of Macintoshes and
a cluster of unix machines. Both of these groups of machines tend to be
quite chatty amongst themselves, and the traffic they produce on the
network causes collisions for the other machines who are trying to speak
to one another. A bridge would be placed between these groups of
computers. The job of the bridge is then to examine the destination of
the data packets one at a time and decide whether or not to pass the
packets to the other side of the ethernet segment. The result is a
faster, quieter network with less collisions.
</abstract>
<!-- Table of contents -->
<toc>
<sect>Setup
<p>
<enum>
<item>Get ``Bridge Config'':
<tscreen>
<url url="ftp://ftp.tux.org/people/alan-cox/BRCFG.tgz">
</tscreen>
<verb>
BRCFG may also be found at:
</verb>
<tscreen>
<url url="http://coledd.com/networking/bridge/">
</tscreen>
<item>Enable multiple ethernet devices on your machine by
adding this to your <tt>/etc/lilo.conf</tt>,
and re-run <tt>lilo</tt>:
<tscreen>
<verb>
append = "ether=0,0,eth1"
</verb>
</tscreen>
If you have three interfaces on your bridge, use this line instead:
<tscreen>
<verb>
append = "ether=0,0,eth1 ether=0,0,eth2"
</verb>
</tscreen>
<!--
</p>
-->
<!--
<p>
-->
More interfaces can be found by adding more ether statements.
By default a stock Linux kernel probes for a single ethercard,
and once one is found the probe ceases.
The above append statement tells the kernel to keep probing
for more ethernet devices after the first one is found.
<!--
</p>
-->
<!--
<p>
-->
Alternatively, the boot parameter can be used instead:
<tscreen>
<verb>
linux ether=0,0,eth1
</verb>
</tscreen>
Or, with 3 interfaces, use:
<tscreen>
<verb>
linux ether=0,0,eth1 ether=0,0,eth2
</verb>
</tscreen>
<!--
</p>
-->
<item>Recompile the kernel with <tt>BRIDGING</tt> enabled.
<item>A bridge should not have an IP address.
It CAN, but a plain bridge doesn't need one.
To remove the IP address from your bridge, go to
<tt>/etc/sysconfig/network-scripts/</tt> (for a RedHat system)
and copy <tt>ifcfg-lo0</tt> to <tt>ifcfg-eth0</tt> &amp;
<tt>ifcfg-eth1</tt>.
In these 2 eth files, change the line containing
``<tt>DEVICE=lo</tt>'' to ``<tt>DEVICE=eth0</tt>''
and ``<tt>DEVICE=eth1</tt>''.
Other distributions may deviate from this, do what you need to do!
If there are more than 2 interfaces to this bridge,
be sure to make the corresponding configurations to those, as well.
<item>Reboot, so you are running the new kernel with bridging in it,
and also to make sure that an IP addresses are not bound to the
network interfaces.
<item>Once the system is back up,
put the ethernet cards into promiscuous mode,
so they will look at every packet that passes by its interface:
<tscreen>
<verb>
ifconfig eth0 promisc ; ifconfig eth1 promisc
</verb>
</tscreen>
All interfaces which are connected to network segments to be bridged
are to be put into promiscuous mode.
<item>Turn bridging ON using the <tt>brcfg</tt> program:
<tscreen>
<verb>
brcfg -ena
</verb>
</tscreen>
<item>Verify that there is different traffic on each interface:
<tscreen>
<verb>
tcpdump -i eth0 (in one window)
tcpdump -i eth1 (in another window)
</verb>
</tscreen>
<item>Run a sniffer or <tt>tcpdump</tt> on another machine
to verify the bridge is separating the segment correctly.
</enum>
</p>
<sect>Common problems
<p>
<enum>
<item>
<descrip>
<tag/Question/
I get the message
<tscreen>
<verb>
ioctl(SIOCGIFBR) failed: Package not installed
</verb>
</tscreen>
What does this mean?
<tag/Answer/
You don't have bridging capability in your kernel.
Get a 2.0 or greater kernel,
and recompile with the <tt>BRIDGING</tt> option enabled.
</descrip>
<item>
<descrip>
<tag/Question/
Machines on one side cannot ping the other side!
<tag/Answer/
<itemize>
<item>Did you enable bridging using ``<tt>brcfg -ena</tt>''?
(<tt>brcfg</tt> should say ``<tt>bridging is ENABLED</tt>'')
<item>Did you put the interfaces into promiscuous mode?
(issue the ``<tt>ifconfig</tt>'' command.
The ``<tt>PROMISC</tt>'' flag should be on for
both interfaces.)
<item>If using multiple-media interface adapters,
make sure that the correct one is enabled.
You may need to use the config/setup program that
came with the network interface card.
</itemize>
</descrip>
<item>
<descrip>
<tag/Question/
I cannot <tt>telnet</tt>/<tt>ftp</tt> from the bridge! Why?
<tag/Answer/
This is because there is no IP address bound to any of bridge
interfaces. A bridge is to be a transparent part of a network.
</descrip>
<item>
<descrip>
<tag/Question/
What do I need to set up in the way of routing?
<tag/Answer/
Nothing!
All routing intelligence is handled by
the bridging code in the kernel.
To see the ethernet addresses as they are learned by the bridge,
use the <tt>brcfg</tt> program in debug mode:
<tscreen>
<verb>
brcfg -deb
</verb>
</tscreen>
</descrip>
<item>
<descrip>
<tag/Question/
The bridge appears to work, but why doesn't ``traceroute'' show the
bridge as a part of the path?
<tag/Answer/
Due to the nature of a bridge, a ``traceroute'' should NOT show the
bridge as a part of the path. A bridge is to be a transparent
component of the network.
</descrip>
<item>
<descrip>
<tag/Question/
Is it necessary to compile <tt>IP_FORWARD</tt> into the kernel?
<tag/Answer/
No. The bridging code in the kernel takes care of the packet
transport.
<tt>IP_FORWARD</tt> is for a gateway which has IP addresses
bound to its interfaces.
</descrip>
<item>
<descrip>
<tag/Question/
Why are the physical ethernet addresses for port 1 and port 2 the
same according to the ``<tt>brcfg</tt>'' program?
Shouldn't they be different?
<tag/Answer/
No. Every port on a bridge intentionally is assigned the same
physical ethernet address by the bridging code.
</descrip>
<item>
<descrip>
<tag/Question/
Bridging does not appear to be an option when performing a make
config on the kernel. How does one enable it?
<tag/Answer/
During the kernel config, answer 'Y' to the question, ``Prompt for
development and/or incomplete code/drivers (CONFIG_EXPERIMENTAL)
[Y/n/?]''.
</descrip>
<item>
<descrip>
<tag/Question/
Too many hubs (4 or more) chained one after another (in series)
cause timing problems on an ethernet. What effect does a bridge
have in a subnet that is layered with hubs?
<tag/Answer/
A bridge resets the 3/4/5 hubs rule. A bridge does not deal with
packets the way a hub does, and is therefore not a contributor to
timing problems on a network.
</descrip>
<item>
<descrip>
<tag/Question/
Can a bridge interface to both 10Mb and 100Mb ethernet segments?
Will such a configuration slow down the rest of the traffic on the
high speed side?
<tag/Answer/
Yes, a bridge can tie together a 10Mb segment with a 100Mb segment.
As long as the network card on the fast network is 100Mb capable,
TCP takes care of the rest. While it's true that the
packets from a host in the 100Mb network communicating to a host
in the 10Mb network are moving at only 10Mb/s, the rest of the
traffic on the fast ethernet is not slowed down.
</descrip>
</enum>
</p>
</article>