Linux/Netzwerk/Konfiguration/Bridging: Unterschied zwischen den Versionen
Die Seite wurde neu angelegt: „== Bridging == Bridging puts multiple interfaces into the same network segment. This is very popular when connecting a server to multiple switches for high availability or with virtualization. In the latter case it is usually used to create a bridge in the host (eg. dom0) and put the virtual interfaces of the guests (domU) into the bridge. * The [https://packages.debian.org/bridge-utils bridge-utils] package is required to create bridged interfaces. Exam…“ |
Keine Bearbeitungszusammenfassung |
||
| Zeile 1: | Zeile 1: | ||
== Bridging == | == Bridging == | ||
Bridging puts multiple interfaces into the same network segment. This is very popular when connecting a server to multiple switches for high availability or with virtualization. In the latter case it is usually used to create a bridge in the host (eg. dom0) and put the virtual interfaces of the guests (domU) into the bridge. * The [https://packages.debian.org/bridge-utils bridge-utils] package is required to create bridged interfaces. | Bridging puts multiple interfaces into the same network segment. This is very popular when connecting a server to multiple switches for high availability or with virtualization. In the latter case it is usually used to create a bridge in the host (eg. dom0) and put the virtual interfaces of the guests (domU) into the bridge. | ||
* The [https://packages.debian.org/bridge-utils bridge-utils] package is required to create bridged interfaces. | |||
; Example | |||
Connect a server to 2 switches (via eth0 and eth1) by defining bridge 0 and give the server an IP address in this subnet: | |||
auto br0 | auto br0 | ||
iface br0 inet static | iface br0 inet static | ||
| Zeile 13: | Zeile 14: | ||
If a server is connected to multiple switches then you usually need to run the spanning tree protocol to avoid loops. Therefore STP must be turned on via an "up" command as shown above. | If a server is connected to multiple switches then you usually need to run the spanning tree protocol to avoid loops. Therefore STP must be turned on via an "up" command as shown above. | ||
Example | ; Example | ||
Bridge setup without IP address configuration (use "manual" instead of "static") to "forward" an interface to a guest VM. (The static bridge config contains only 1 physical interface. The virtual interface will be added to the bridge when the VM is started.) | |||
auto br1 | auto br1 | ||
iface br1 inet manual | iface br1 inet manual | ||
| Zeile 21: | Zeile 22: | ||
up /usr/sbin/brctl stp br1 off | up /usr/sbin/brctl stp br1 off | ||
Note: The Linux bridge supports only STP, no RSTP (Rapid Spanning Tree). Therefore it supports only the old STP Costs, not the new RSTP Costs (see [https://en.wikipedia.org/wiki/Spanning_Tree_Protocol#Data_rate_and_STP_path_cost Spanning_Tree_Protocol]). This is usually fine with Cisco Switches, but eg. Juniper switches use the RSTP costs and therefore this may lead to different spanning tree calculations and loop problems. This can be fixed by settings the costs manually, either on the switch or on the server. Setting the cost on the switch is preferred as Linux switches back to the default costs whenever an interface does down/up. | ; Note | ||
: The Linux bridge supports only STP, no RSTP (Rapid Spanning Tree). Therefore it supports only the old STP Costs, not the new RSTP Costs (see [https://en.wikipedia.org/wiki/Spanning_Tree_Protocol#Data_rate_and_STP_path_cost Spanning_Tree_Protocol]). This is usually fine with Cisco Switches, but eg. Juniper switches use the RSTP costs and therefore this may lead to different spanning tree calculations and loop problems. This can be fixed by settings the costs manually, either on the switch or on the server. Setting the cost on the switch is preferred as Linux switches back to the default costs whenever an interface does down/up. | |||
=== Bridging without Switching === | === Bridging without Switching === | ||
| Zeile 28: | Zeile 29: | ||
In some setups this is bad. For example if the bridge connects 2 trunk interfaces and the same MAC addresses may be seen from both interfaces, depending on the VLAN. As the Linux bridge does not support VLANs (dedicated MAC address tables per each VLAN), in such setups you have to disable the MAC address learning and put the bridge into a real "bridge" mode with: | In some setups this is bad. For example if the bridge connects 2 trunk interfaces and the same MAC addresses may be seen from both interfaces, depending on the VLAN. As the Linux bridge does not support VLANs (dedicated MAC address tables per each VLAN), in such setups you have to disable the MAC address learning and put the bridge into a real "bridge" mode with: | ||
up /sbin/brctl setageing br0 0 | up /sbin/brctl setageing br0 0 | ||
up /sbin/brctl stp br0 off | up /sbin/brctl stp br0 off | ||
Version vom 21. Februar 2025, 14:38 Uhr
Bridging
Bridging puts multiple interfaces into the same network segment. This is very popular when connecting a server to multiple switches for high availability or with virtualization. In the latter case it is usually used to create a bridge in the host (eg. dom0) and put the virtual interfaces of the guests (domU) into the bridge.
- The bridge-utils package is required to create bridged interfaces.
- Example
Connect a server to 2 switches (via eth0 and eth1) by defining bridge 0 and give the server an IP address in this subnet:
auto br0 iface br0 inet static address 10.10.0.15/24 gateway 10.10.0.1 bridge_ports eth0 eth1 up /usr/sbin/brctl stp br0 on
If a server is connected to multiple switches then you usually need to run the spanning tree protocol to avoid loops. Therefore STP must be turned on via an "up" command as shown above.
- Example
Bridge setup without IP address configuration (use "manual" instead of "static") to "forward" an interface to a guest VM. (The static bridge config contains only 1 physical interface. The virtual interface will be added to the bridge when the VM is started.)
auto br1 iface br1 inet manual bridge_ports eth4 up /usr/sbin/brctl setageing br1 0 up /usr/sbin/brctl stp br1 off
- Note
- The Linux bridge supports only STP, no RSTP (Rapid Spanning Tree). Therefore it supports only the old STP Costs, not the new RSTP Costs (see Spanning_Tree_Protocol). This is usually fine with Cisco Switches, but eg. Juniper switches use the RSTP costs and therefore this may lead to different spanning tree calculations and loop problems. This can be fixed by settings the costs manually, either on the switch or on the server. Setting the cost on the switch is preferred as Linux switches back to the default costs whenever an interface does down/up.
Bridging without Switching
By default the Linux bridge acts like a switch. This means, it remembers the MAC addresses behind a switch port and if the destination MAC address is known, data packets or only forward to the respective port - otherwise packets will be broadcasted.
In some setups this is bad. For example if the bridge connects 2 trunk interfaces and the same MAC addresses may be seen from both interfaces, depending on the VLAN. As the Linux bridge does not support VLANs (dedicated MAC address tables per each VLAN), in such setups you have to disable the MAC address learning and put the bridge into a real "bridge" mode with:
up /sbin/brctl setageing br0 0 up /sbin/brctl stp br0 off