Bridge: Difference between revisions

From Alpine Linux
(Use the ifupdown scripts from bridge package)
(14 intermediate revisions by 7 users not shown)
Line 1: Line 1:
[[Category:Networking]]
[[Category:Networking]]
This document describes how to configure a [http://en.wikipedia.org/wiki/Bridging_%28networking%29 network bridge] interface in Alpine Linux.
This document describes how to configure a [http://en.wikipedia.org/wiki/Bridging_%28networking%29 network bridge] interface in Alpine Linux.
Alpine linux 2.4 or newer is required.


== Using brctl ==
== Using brctl ==
Bridges are manually managed with the '''brctl''' command.
Bridges are managed manually with the '''brctl''' command.
<pre>
<pre>
Usage: brctl COMMAND [BRIDGE [INTERFACE]]
Usage: brctl COMMAND [BRIDGE [INTERFACE]]
Line 27: Line 25:
</pre>
</pre>


To manually create a bridge interface br0:
To manually create bridge interface br0:
{{Cmd|brctl addbr br0}}
{{Cmd|brctl addbr br0}}


To add interface eth0 and eth1 to the bridge br0:
To add interface eth0 and eth1 to br0:
{{Cmd|brctl addif br0 eth0
{{Cmd|brctl addif br0 eth0
brctl addif br0 eth1}}
brctl addif br0 eth1}}


Note that you need to set the link status to ''up'' on the added interfaces.
Note: You need to set the link status to ''up'' on the added interfaces.
{{Cmd|ip link set dev eth0 up
{{Cmd|ip link set dev eth0 up
ip link set dev eth1 up}}
ip link set dev eth1 up}}
Line 41: Line 39:


== Configuration file ==
== Configuration file ==
Install the scripts that configures the bridge.
{{Note|This requires Alpine Linux v2.4 or newer}}
Install the scripts that configure the bridge.
{{Cmd|apk add bridge}}
{{Cmd|apk add bridge}}


Bridging is then configured in ''/etc/network/interfaces'' with the ''bridge-ports'' keyword.
Bridging is then configured in ''/etc/network/interfaces'' with the ''bridge-ports'' keyword.
Note that you normally don't assign ip addresses to the bridged interfaces (eth0 and eth1 in our example) but to the bridge itself (br0).
Note: You normally don't assign ip addresses to the bridged interfaces (eth0 and eth1 in our example) but to the bridge itself (br0).


In this example the address 192.168.0.1/24 is used.
In this example the address 192.168.0.1/24 is used.
Line 58: Line 57:
</pre>
</pre>


You can set the various options with those keywords:
You can set the various options with these keywords:
; bridge-ports
: Set bridge ports (ethX) or none for no physical interfaces
; bridge-aging
; bridge-aging
: Set ageing time
: Set ageing time
Line 75: Line 76:
; bridge-stp
; bridge-stp
: STP on/off
: STP on/off
== Using pre-up/post-down ==
For older versions of Alpine Linux, or if you want be able to control the bridge interfaces individually, you need to use pre-up/post-down hooks.
Example ''/etc/network/interfaces'':
<pre>
auto br0
iface br0 inet static
pre-up brctl addbr br0
pre-up echo 0 > /proc/sys/net/bridge/bridge-nf-call-arptables
pre-up echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables
pre-up echo 0 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
address 192.168.0.253
netmask 255.255.255.0
gateway 192.168.0.254
post-down brctl delbr br0
auto eth0
iface eth0 inet manual
up ip link set $IFACE up
up brctl addif br0 $IFACE
down brctl delif br0 $IFACE || true
down ip link set $IFACE down
auto eth1
iface eth1 inet manual
up ip link set $IFACE up
up brctl addif br0 $IFACE
down brctl delif br0 $IFACE || true
down ip link set $IFACE down
</pre>
That way, you create br0 with: ifup br0. You can add/remove
individual interfaces to the bridge with ifup eth0, ifdown eth0.
== Bridging for a Xen dom0 ==
Bridging in a dom0 is a bit specific as it consists in bridging a real interface (i.e. ethX) with a virtual interface (i.e. vifX.Y).
At bridge creation time, the virtual interface does not exist and will be added by the Xen toolstack when a domU is booting (see Xen documentation on how to link the virtual interface to the correct bridge).
;Particulars :
- the bridge consists of a single physical interface <br/>
- the physical interface does not have an IP and is configured manually <br/>
- the bridge will have the IP address and will be auto, resulting in bringing up the physical interface <br/>
This translates to a sample config :
Example ''/etc/network/interfaces'':
<pre>
auto eth0
iface eth0 inet manual
auto br0
iface br0 inet static
address 192.168.0.253
netmask 255.255.255.0
gateway 192.168.0.254
        bridge_ports eth0
        bridge_stp 0
</pre>
After the domU OS is started, the virtual interface wil be added and the working bridge can be checked with
<pre>
brctl show
ifconfig -a
</pre>
== Bridging for KVM ==
Example ''/etc/network/interfaces'':
{{Note|I personally remove the eth0 declaration without any issue.}}
<pre>
auto br0
iface br0 inet dhcp
  bridge_ports eth0
  bridge_stp 0
</pre>
=== Little script to allow dhcp over iptables ===
{{Note|I tried the Using pre-up/post-down as mentionned in #3, but it didn't work well for me }}
{{Note|Usually it will be in /etc/rc.local as mentioned [https://wiki.libvirt.org/page/Networking#Debian.2FUbuntu_Bridging here] }}
<pre>
rc-update add local
</pre>
<pre>
cat >> /etc/local.d/iptables_dhcp_kvm.start << EOM
echo 0 > /proc/sys/net/bridge/bridge-nf-call-arptables
echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 0 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
exit 0
EOM
</pre>
<pre>
cat >> /etc/local.d/iptables_dhcp_kvm.stop << EOM
exit 0
EOM
</pre>
<pre>
chmod +x /etc/local.d/iptables_dhcp_kvm.*
</pre>
== Bridging for QEMU ==
Replace ''/etc/network/interfaces'' with the following:
<pre>
auto lo
iface lo inet loopback
auto br0
iface br0 inet dhcp
  bridge_ports eth0
  bridge_stp 0
</pre>
To enable DHCP and get QEMU to use the bridge we've created above, run:
<pre>
apk add bridge
echo 'tun' >> /etc/modules
echo 'tap' >> /etc/modules
echo 'allow br0' > /etc/qemu/bridge.conf
echo 'net.ipv4.conf.br0.bc_forwarding=1' >> /etc/sysctl.conf
sysctl -p
echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables
</pre>
After a ''reboot'', you can use the bridge like so (assuming you have a ''qcow2'' image named ''felix-pojtigners-theia.qcow2''):
<pre>
qemu-system-x86_64 -m 4096 -accel kvm -net nic -net bridge,br=br0 -boot d -drive format=qcow2,file=felix-pojtingers-theia.qcow2
</pre>
If you don't get a DHCP response for the guest machine (assuming you have a DHCP server running on the physical network that ''eth0'' is connected to), you can debug with ''tshark'':
<pre>
tshark -i eth0  -Y "bootp.option.type == 53"
</pre>

Revision as of 06:46, 23 July 2021

This document describes how to configure a network bridge interface in Alpine Linux.

Using brctl

Bridges are managed manually with the brctl command.

Usage: brctl COMMAND [BRIDGE [INTERFACE]]

Manage ethernet bridges

Commands:
	show			Show a list of bridges
	addbr BRIDGE		Create BRIDGE
	delbr BRIDGE		Delete BRIDGE
	addif BRIDGE IFACE	Add IFACE to BRIDGE
	delif BRIDGE IFACE	Delete IFACE from BRIDGE
	setageing BRIDGE TIME		Set ageing time
	setfd BRIDGE TIME		Set bridge forward delay
	sethello BRIDGE TIME		Set hello time
	setmaxage BRIDGE TIME		Set max message age
	setpathcost BRIDGE COST		Set path cost
	setportprio BRIDGE PRIO		Set port priority
	setbridgeprio BRIDGE PRIO	Set bridge priority
	stp BRIDGE [1|0]		STP on/off

To manually create bridge interface br0:

brctl addbr br0

To add interface eth0 and eth1 to br0:

brctl addif br0 eth0 brctl addif br0 eth1

Note: You need to set the link status to up on the added interfaces.

ip link set dev eth0 up ip link set dev eth1 up

Configuration file

Note: This requires Alpine Linux v2.4 or newer

Install the scripts that configure the bridge.

apk add bridge

Bridging is then configured in /etc/network/interfaces with the bridge-ports keyword. Note: You normally don't assign ip addresses to the bridged interfaces (eth0 and eth1 in our example) but to the bridge itself (br0).

In this example the address 192.168.0.1/24 is used.

auto br0
iface br0 inet static
	bridge-ports eth0 eth1
	bridge-stp 0
	address 192.168.0.1
	netmask 255.255.255.0

You can set the various options with these keywords:

bridge-ports
Set bridge ports (ethX) or none for no physical interfaces
bridge-aging
Set ageing time
bridge-fd
Set bridge forward delay
bridge-hello
Set hello time
bridge-maxage
Set bridge max message age
bridge-pathcost
Set path cost
bridge-portprio
Set port priority
bridge-bridgeprio
Set bridge priority
bridge-stp
STP on/off

Using pre-up/post-down

For older versions of Alpine Linux, or if you want be able to control the bridge interfaces individually, you need to use pre-up/post-down hooks.

Example /etc/network/interfaces:

auto br0
iface br0 inet static
	pre-up brctl addbr br0
	pre-up echo 0 > /proc/sys/net/bridge/bridge-nf-call-arptables
	pre-up echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables
	pre-up echo 0 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
	address 192.168.0.253
	netmask 255.255.255.0
	gateway 192.168.0.254
	post-down brctl delbr br0
	
auto eth0
iface eth0 inet manual
	up ip link set $IFACE up
	up brctl addif br0 $IFACE
	down brctl delif br0 $IFACE || true
	down ip link set $IFACE down
	
auto eth1
iface eth1 inet manual
	up ip link set $IFACE up
	up brctl addif br0 $IFACE
	down brctl delif br0 $IFACE || true
	down ip link set $IFACE down

That way, you create br0 with: ifup br0. You can add/remove individual interfaces to the bridge with ifup eth0, ifdown eth0.

Bridging for a Xen dom0

Bridging in a dom0 is a bit specific as it consists in bridging a real interface (i.e. ethX) with a virtual interface (i.e. vifX.Y). At bridge creation time, the virtual interface does not exist and will be added by the Xen toolstack when a domU is booting (see Xen documentation on how to link the virtual interface to the correct bridge).

Particulars

- the bridge consists of a single physical interface
- the physical interface does not have an IP and is configured manually
- the bridge will have the IP address and will be auto, resulting in bringing up the physical interface

This translates to a sample config :

Example /etc/network/interfaces:

auto eth0
iface eth0 inet manual

auto br0
iface br0 inet static
	address 192.168.0.253
	netmask 255.255.255.0
	gateway 192.168.0.254
        bridge_ports eth0
        bridge_stp 0

After the domU OS is started, the virtual interface wil be added and the working bridge can be checked with

brctl show

ifconfig -a

Bridging for KVM

Example /etc/network/interfaces:

Note: I personally remove the eth0 declaration without any issue.
auto br0
iface br0 inet dhcp
  bridge_ports eth0
  bridge_stp 0

Little script to allow dhcp over iptables

Note: I tried the Using pre-up/post-down as mentionned in #3, but it didn't work well for me
Note: Usually it will be in /etc/rc.local as mentioned here
rc-update add local
cat >> /etc/local.d/iptables_dhcp_kvm.start << EOM
echo 0 > /proc/sys/net/bridge/bridge-nf-call-arptables
echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 0 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
exit 0
EOM
cat >> /etc/local.d/iptables_dhcp_kvm.stop << EOM
exit 0
EOM
chmod +x /etc/local.d/iptables_dhcp_kvm.*

Bridging for QEMU

Replace /etc/network/interfaces with the following:

auto lo
iface lo inet loopback

auto br0
iface br0 inet dhcp
  bridge_ports eth0
  bridge_stp 0

To enable DHCP and get QEMU to use the bridge we've created above, run:

apk add bridge
echo 'tun' >> /etc/modules
echo 'tap' >> /etc/modules
echo 'allow br0' > /etc/qemu/bridge.conf
echo 'net.ipv4.conf.br0.bc_forwarding=1' >> /etc/sysctl.conf
sysctl -p
echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables

After a reboot, you can use the bridge like so (assuming you have a qcow2 image named felix-pojtigners-theia.qcow2):

qemu-system-x86_64 -m 4096 -accel kvm -net nic -net bridge,br=br0 -boot d -drive format=qcow2,file=felix-pojtingers-theia.qcow2

If you don't get a DHCP response for the guest machine (assuming you have a DHCP server running on the physical network that eth0 is connected to), you can debug with tshark:

tshark -i eth0  -Y "bootp.option.type == 53"