AMiLDA FORUM

You are not logged in.

Announcement

### Our Homepage is down at the moment...work in progress !! ###

#1 2007-03-05 21:51:55

c0a800ff
New member
Romania
Registered: 2007-03-05
Last visit: 2007-03-06
Posts: 3

bridge-utils

Hello,

Just compiled the latest version of AMiLDA and wanted to implement a layer 2 switch on it. The easiest way to do it is using bridge-utils since you have the iptables to come in handy.

However, have compiled bridge-utils-1.2, booted from the new image and everything seem to be just fine until I have tried to implement the very first bridge.

- Assign an interface to each port.
~ # admswconfig eth0 0c
~ # admswconfig eth1 1c
~ # admswconfig eth2 2c
~ # admswconfig eth3 3c
~ # admswconfig eth4 4c

- All interfaces have no ip
~ # ifconfig eth0 0.0.0.0
~ # ifconfig eth1 0.0.0.0
~ # ifconfig eth2 0.0.0.0
~ # ifconfig eth3 0.0.0.0
~ # ifconfig eth4 0.0.0.0

- Create bridge interface and assign the ethernets to it
~ # brctl addbr br0
~ # brctl addif br0 eth0
device eth0 entered promiscuous mode
~ # brctl addif br0 eth1
device eth1 entered promiscuous mode
~ # brctl addif br0 eth2
device eth2 entered promiscuous mode
~ # brctl addif br0 eth3
device eth3 entered promiscuous mode
~ # brctl addif br0 eth4
device eth4 entered promiscuous mode

- Bring up the bridge
~ # ifconfig br0 192.168.0.64 broadcast 192.168.0.255 netmask 255.255.255.0
br0: port 5(eth4) entering learning state
br0: port 4(eth3) entering learning state
br0: port 3(eth2) entering learning state
br0: port 2(eth1) entering learning state
br0: port 1(eth0) entering learning state
~ # br0: port 5(eth4) entering forwarding state
br0: topology change detected, propagating
br0: port 4(eth3) entering forwarding state
br0: topology change detected, propagating
br0: port 3(eth2) entering forwarding state
br0: topology change detected, propagating
br0: port 2(eth1) entering forwarding state
br0: topology change detected, propagating
br0: port 1(eth0) entering forwarding state
br0: topology change detected, propagating

- Make sure iptables's policies are on ACCEPT state
~ # iptables -P INPUT ACCEPT
~ # iptables -P FORWARD ACCEPT
~ # iptables -P OUTPUT ACCEPT

At this stage, the bridge is configured as it follows:
WAN port is eth0
LAN 1-4 are the ethernets from 1 to 4

The eth0 port responds on ping but all the others are not.
The bridge does not send traffic even though it appears to be functioning.

- List bridge interfaces
~ # brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.000e2ea0f6c2       no

This is weird... the show command should have listed all 5 interfaces but none appear.

The router I work on is an Edimax BR-6104KP.

Does anyone have any idea of what I might have done wrong?

Regards,
C0A800FF

Offline

 

#2 2007-03-05 23:07:05

sergioag
Developer
Peru
From: Lima
Registered: 2006-02-16
Last visit: 2011-08-15
Posts: 166
Website

Re: bridge-utils

Hi

If you want to make a layer-2 switch, it's lots easier to use admswconfig.

Anyway, if you don't want to use it, check the kernel configuration ("802.1d Ethernet Bridging") for correct options, as i don't think bridging is enabled by default (not necesary). Also check the ebtables project http://ebtables.sourceforge.net/.

Hope this helps you a bit.

Sergio

Offline

 

#3 2007-03-05 23:30:41

c0a800ff
New member
Romania
Registered: 2007-03-05
Last visit: 2007-03-06
Posts: 3

Re: bridge-utils

"802.1d Ethernet Bridging" is enabled by default in the AMiLDA kernel (2.4.32) as well as other kernel features needed by layer 2 model. This is the reason I've posted this thread.

The bridge-utils was the easiest approach to it so I took it but I guess I'll have to go for ebtables smile

Thanks for the tip!

Offline

 

#4 2007-03-06 02:50:22

c0a800ff
New member
Romania
Registered: 2007-03-05
Last visit: 2007-03-06
Posts: 3

Re: bridge-utils

Okay,

After digging, I came up with these results.

You cannot bind a logical ethernet to another logical ethernet:
- admswconfig creates a series of logcal ethernets bounded internaly to ethernets to suit your needs.
- brctl (bridge-utils) also binds ethernets to create a logical ethernet (the bridge itself).

Solution:
- Using admswconfig you bind the phisical ports on the router to a phisicala ethernet (1 or 2) cause the router does not have more smile
- Create a bridge for the one ethernet you have bounded your phisical ports on.
- Assign an IP to the bridge.
- Run your filtering rules on the bridge interface.

Pros:
- You have created a bridge that does not need an IP to route from one one side to the other side but at same time have an IP you can control the whole "switch".
- All layer 2 (even 3)  features works as long you will be using the bridge interface in your filtering rules.

Cons:
- Kernel overhead when constructing the bridge itself since you have a few logical ethernets bounded to the phisical one (eth0 or eth1) then bounded to the bridge interface.

The whole overhead at the end of my test was that using a syn flood, I've had around 47mbps throughput instead of the router throughput.

ebtables have the same behaviour. At least for me smile

So... happy moding.

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2008 PunBB