mirror of https://github.com/tLDP/LDP
286 lines
8.9 KiB
Plaintext
286 lines
8.9 KiB
Plaintext
<!doctype linuxdoc system>
|
|
|
|
<article>
|
|
|
|
<!-- Title information -->
|
|
|
|
<title>Bridging mini-Howto
|
|
<author>Christopher Cole,
|
|
<tt><htmlurl url="mailto:cole@coledd.com" name="cole@coledd.com"></tt>
|
|
<date>v1.21, March 7, 2001
|
|
|
|
<abstract>
|
|
This document describes how to setup an ethernet bridge. What
|
|
is an ethernet bridge? An ethernet bridge is a device that controls data
|
|
packets within a subnet in an attempt to cut down the amount of traffic.
|
|
A bridge is usually placed between two separate groups of computers that
|
|
talk within themselves, but not so much with the computers in the other
|
|
group. A good example of this is to consider a cluster of Macintoshes and
|
|
a cluster of unix machines. Both of these groups of machines tend to be
|
|
quite chatty amongst themselves, and the traffic they produce on the
|
|
network causes collisions for the other machines who are trying to speak
|
|
to one another. A bridge would be placed between these groups of
|
|
computers. The job of the bridge is then to examine the destination of
|
|
the data packets one at a time and decide whether or not to pass the
|
|
packets to the other side of the ethernet segment. The result is a
|
|
faster, quieter network with less collisions.
|
|
</abstract>
|
|
|
|
<!-- Table of contents -->
|
|
<toc>
|
|
|
|
<sect>Setup
|
|
|
|
<p>
|
|
<enum>
|
|
<item>Get ``Bridge Config'':
|
|
<tscreen>
|
|
<url url="ftp://ftp.tux.org/people/alan-cox/BRCFG.tgz">
|
|
</tscreen>
|
|
<verb>
|
|
BRCFG may also be found at:
|
|
</verb>
|
|
<tscreen>
|
|
<url url="http://coledd.com/networking/bridge/">
|
|
</tscreen>
|
|
|
|
<item>Enable multiple ethernet devices on your machine by
|
|
adding this to your <tt>/etc/lilo.conf</tt>,
|
|
and re-run <tt>lilo</tt>:
|
|
<tscreen>
|
|
<verb>
|
|
append = "ether=0,0,eth1"
|
|
</verb>
|
|
</tscreen>
|
|
If you have three interfaces on your bridge, use this line instead:
|
|
<tscreen>
|
|
<verb>
|
|
append = "ether=0,0,eth1 ether=0,0,eth2"
|
|
</verb>
|
|
</tscreen>
|
|
<!--
|
|
</p>
|
|
-->
|
|
|
|
<!--
|
|
<p>
|
|
-->
|
|
More interfaces can be found by adding more ether statements.
|
|
By default a stock Linux kernel probes for a single ethercard,
|
|
and once one is found the probe ceases.
|
|
The above append statement tells the kernel to keep probing
|
|
for more ethernet devices after the first one is found.
|
|
<!--
|
|
</p>
|
|
-->
|
|
|
|
<!--
|
|
<p>
|
|
-->
|
|
Alternatively, the boot parameter can be used instead:
|
|
<tscreen>
|
|
<verb>
|
|
linux ether=0,0,eth1
|
|
</verb>
|
|
</tscreen>
|
|
Or, with 3 interfaces, use:
|
|
<tscreen>
|
|
<verb>
|
|
linux ether=0,0,eth1 ether=0,0,eth2
|
|
</verb>
|
|
</tscreen>
|
|
<!--
|
|
</p>
|
|
-->
|
|
|
|
<item>Recompile the kernel with <tt>BRIDGING</tt> enabled.
|
|
|
|
<item>A bridge should not have an IP address.
|
|
It CAN, but a plain bridge doesn't need one.
|
|
To remove the IP address from your bridge, go to
|
|
<tt>/etc/sysconfig/network-scripts/</tt> (for a RedHat system)
|
|
and copy <tt>ifcfg-lo0</tt> to <tt>ifcfg-eth0</tt> &
|
|
<tt>ifcfg-eth1</tt>.
|
|
In these 2 eth files, change the line containing
|
|
``<tt>DEVICE=lo</tt>'' to ``<tt>DEVICE=eth0</tt>''
|
|
and ``<tt>DEVICE=eth1</tt>''.
|
|
Other distributions may deviate from this, do what you need to do!
|
|
If there are more than 2 interfaces to this bridge,
|
|
be sure to make the corresponding configurations to those, as well.
|
|
|
|
<item>Reboot, so you are running the new kernel with bridging in it,
|
|
and also to make sure that an IP addresses are not bound to the
|
|
network interfaces.
|
|
|
|
<item>Once the system is back up,
|
|
put the ethernet cards into promiscuous mode,
|
|
so they will look at every packet that passes by its interface:
|
|
<tscreen>
|
|
<verb>
|
|
ifconfig eth0 promisc ; ifconfig eth1 promisc
|
|
</verb>
|
|
</tscreen>
|
|
All interfaces which are connected to network segments to be bridged
|
|
are to be put into promiscuous mode.
|
|
|
|
<item>Turn bridging ON using the <tt>brcfg</tt> program:
|
|
<tscreen>
|
|
<verb>
|
|
brcfg -ena
|
|
</verb>
|
|
</tscreen>
|
|
|
|
<item>Verify that there is different traffic on each interface:
|
|
<tscreen>
|
|
<verb>
|
|
tcpdump -i eth0 (in one window)
|
|
tcpdump -i eth1 (in another window)
|
|
</verb>
|
|
</tscreen>
|
|
|
|
<item>Run a sniffer or <tt>tcpdump</tt> on another machine
|
|
to verify the bridge is separating the segment correctly.
|
|
</enum>
|
|
</p>
|
|
|
|
|
|
<sect>Common problems
|
|
|
|
<p>
|
|
<enum>
|
|
<item>
|
|
<descrip>
|
|
<tag/Question/
|
|
I get the message
|
|
<tscreen>
|
|
<verb>
|
|
ioctl(SIOCGIFBR) failed: Package not installed
|
|
</verb>
|
|
</tscreen>
|
|
What does this mean?
|
|
<tag/Answer/
|
|
You don't have bridging capability in your kernel.
|
|
Get a 2.0 or greater kernel,
|
|
and recompile with the <tt>BRIDGING</tt> option enabled.
|
|
</descrip>
|
|
|
|
<item>
|
|
<descrip>
|
|
<tag/Question/
|
|
Machines on one side cannot ping the other side!
|
|
<tag/Answer/
|
|
<itemize>
|
|
<item>Did you enable bridging using ``<tt>brcfg -ena</tt>''?
|
|
(<tt>brcfg</tt> should say ``<tt>bridging is ENABLED</tt>'')
|
|
<item>Did you put the interfaces into promiscuous mode?
|
|
(issue the ``<tt>ifconfig</tt>'' command.
|
|
The ``<tt>PROMISC</tt>'' flag should be on for
|
|
both interfaces.)
|
|
<item>If using multiple-media interface adapters,
|
|
make sure that the correct one is enabled.
|
|
You may need to use the config/setup program that
|
|
came with the network interface card.
|
|
</itemize>
|
|
</descrip>
|
|
|
|
<item>
|
|
<descrip>
|
|
<tag/Question/
|
|
I cannot <tt>telnet</tt>/<tt>ftp</tt> from the bridge! Why?
|
|
<tag/Answer/
|
|
This is because there is no IP address bound to any of bridge
|
|
interfaces. A bridge is to be a transparent part of a network.
|
|
</descrip>
|
|
|
|
<item>
|
|
<descrip>
|
|
<tag/Question/
|
|
What do I need to set up in the way of routing?
|
|
<tag/Answer/
|
|
Nothing!
|
|
All routing intelligence is handled by
|
|
the bridging code in the kernel.
|
|
To see the ethernet addresses as they are learned by the bridge,
|
|
use the <tt>brcfg</tt> program in debug mode:
|
|
<tscreen>
|
|
<verb>
|
|
brcfg -deb
|
|
</verb>
|
|
</tscreen>
|
|
</descrip>
|
|
|
|
<item>
|
|
<descrip>
|
|
<tag/Question/
|
|
The bridge appears to work, but why doesn't ``traceroute'' show the
|
|
bridge as a part of the path?
|
|
<tag/Answer/
|
|
Due to the nature of a bridge, a ``traceroute'' should NOT show the
|
|
bridge as a part of the path. A bridge is to be a transparent
|
|
component of the network.
|
|
</descrip>
|
|
|
|
<item>
|
|
<descrip>
|
|
<tag/Question/
|
|
Is it necessary to compile <tt>IP_FORWARD</tt> into the kernel?
|
|
<tag/Answer/
|
|
No. The bridging code in the kernel takes care of the packet
|
|
transport.
|
|
<tt>IP_FORWARD</tt> is for a gateway which has IP addresses
|
|
bound to its interfaces.
|
|
</descrip>
|
|
|
|
<item>
|
|
<descrip>
|
|
<tag/Question/
|
|
Why are the physical ethernet addresses for port 1 and port 2 the
|
|
same according to the ``<tt>brcfg</tt>'' program?
|
|
Shouldn't they be different?
|
|
<tag/Answer/
|
|
No. Every port on a bridge intentionally is assigned the same
|
|
physical ethernet address by the bridging code.
|
|
</descrip>
|
|
|
|
<item>
|
|
<descrip>
|
|
<tag/Question/
|
|
Bridging does not appear to be an option when performing a make
|
|
config on the kernel. How does one enable it?
|
|
<tag/Answer/
|
|
During the kernel config, answer 'Y' to the question, ``Prompt for
|
|
development and/or incomplete code/drivers (CONFIG_EXPERIMENTAL)
|
|
[Y/n/?]''.
|
|
</descrip>
|
|
|
|
<item>
|
|
<descrip>
|
|
<tag/Question/
|
|
Too many hubs (4 or more) chained one after another (in series)
|
|
cause timing problems on an ethernet. What effect does a bridge
|
|
have in a subnet that is layered with hubs?
|
|
<tag/Answer/
|
|
A bridge resets the 3/4/5 hubs rule. A bridge does not deal with
|
|
packets the way a hub does, and is therefore not a contributor to
|
|
timing problems on a network.
|
|
</descrip>
|
|
|
|
<item>
|
|
<descrip>
|
|
<tag/Question/
|
|
Can a bridge interface to both 10Mb and 100Mb ethernet segments?
|
|
Will such a configuration slow down the rest of the traffic on the
|
|
high speed side?
|
|
<tag/Answer/
|
|
Yes, a bridge can tie together a 10Mb segment with a 100Mb segment.
|
|
As long as the network card on the fast network is 100Mb capable,
|
|
TCP takes care of the rest. While it's true that the
|
|
packets from a host in the 100Mb network communicating to a host
|
|
in the 10Mb network are moving at only 10Mb/s, the rest of the
|
|
traffic on the fast ethernet is not slowed down.
|
|
</descrip>
|
|
</enum>
|
|
</p>
|
|
|
|
</article>
|