Introduction
Default Debian/Ubuntu installations include the iproute2 package. The "ip" family of commands is more stable then the commands it supersedes, such as arp, ifconfig and route. The iproute2 package also supersedes two older Linux bridge packages: bridge-utils and vlan. However, the author finds configuring networking in the /etc/network/interfaces file simpler using the bridge-utils package; definitions that require scripting using iproute2 require minimal statements using bridge-utils. Thus, this article incorporates both iproute2 and bridge-utils commands to configure bridges.Initial Configuration
The initial VirtualBox installation uses Ubuntu Server 14.04 with eight NICs, only one of which is configured. The /etc/network/interfaces file consists of:auto loThis configures interface eth0 with an IP address, gateway and name servers, the first of which is the local wireless LAN router. A Cisco 7206 router has two Gigabit Ethernet interfaces, one (10.64.0.1) for the Ubuntu switch and the other (172.16.0.2) for a connection to a tun/tap device on the host laptop. The host laptop and Cisco 7206 routers use OSPF to manage routing from the virtual environment, local wireless LAN (192.168.1.0/24) and default gateway.
iface lo inet loopback
auto eth0
iface eth0 inet static
address 10.64.0.2
netmask 255.255.255.0
gateway 10.64.0.1
dns-nameservers 192.168.1.1 8.8.8.8 4.4.4.4
Configuring the Layer 2 Switch
As mentioned above, the author adds the bridge-utils package (sudo apt-get install bridge-utils). The bridge-utils package provides several statements that are used in the /etc/network/interfaces file. The iproute2 commands create the bridge and bridge-utils commands configure it at boot time. The following is an annotated /etc/network/interfaces file:auto loAs previously noted, bridge-utils has been superseded by iproute2. However, the simple configuration used here is stable. More complex configurations may not be stable using bridge-utils commands and are likely more reliable using iproute2 scripts.
iface lo inet static
auto br0
iface br0 inet static
address 10.64.0.2
netmask 255.255.255.0
gateway 10.64.0.1
dns-nameservers 192.168.1.1 8.8.8.8 4.4.4.4
bridge_stp on #bridge-utils commad to enable Spanning Tree Protocol
bridge_waitport 0 #bridge-utils commad to set immediate availability
bridge_fd 0 #bridge-utils commad to set no forwarding delay
bridge_ports eth0 eth1 eth2 eth3 eth4 eth5 eth6 eth7 #bridge-utils commad to add ports to bridge
pre-up ip link add br0 type bridge && ip link set dev br0 up #iproute2 command to create and start the bridge interface
iface eth0 inet manual
iface eth1 inet manual
iface eth2 inet manual
iface eth3 inet manual
iface eth4 inet manual
iface eth5 inet manual
iface eth6 inet manual
iface eth7 inet manual
The bridge may be checked using several commands:
switch@phl-core:~$ ip addr
...
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000This indicates eth0 (and the other seven NICs, omitted for brevity) are up and configured only with MAC addresses. The bridge is up and configured with both MAC and IP interfaces.
link/ether 08:00:27:82:81:29 brd ff:ff:ff:ff:ff:ff
...
10: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 08:00:27:1d:86:04 brd ff:ff:ff:ff:ff:ff
inet 10.64.0.2/24 brd 10.64.0.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::6854:53ff:fe4c:271/64 scope link
valid_lft forever preferred_lft forever
switch@phl-core:~$ ip routeThis indicates all Layer 3 (IP) traffic is through the bridge interface.
default via 10.64.0.1 dev br0 10.64.0.0/24 dev br0 proto kernel scope link src 10.64.0.2
switch@phl-core:~$ arp -nThese two commands -- arp and brctl showmacs -- show MAC addresses of other devices known by the switch and the entire MAC address table (local and external). In this case, the switch has entries for all of its local Ethernet devices and the Cisco 7206 router to which it is attached.
Address HWtype HWaddress Flags Mask Iface
10.64.0.1 ether ca:02:10:48:00:06 C br0
switch@phl-core:~$ brctl showmacs br0
port no mac addr is local? ageing timer
7 08:00:27:1d:86:04 yes 0.00
6 08:00:27:20:e5:3a yes 0.00
3 08:00:27:43:d0:28 yes 0.00
1 08:00:27:82:81:29 yes 0.00
2 08:00:27:9d:d2:0e yes 0.00
4 08:00:27:d9:9c:bb yes 0.00
8 08:00:27:f4:a0:8f yes 0.00
5 08:00:27:fd:e4:c1 yes 0.00
1 ca:02:10:48:00:06 no 0.00
Adding Additional Switches
The original device used in this article (VirtualBox machine and Ubuntu host names "switch") is cloned to create additional switches. Once the switch is working, you may change its /etc/hosts and etc/hostname files to reflect its working name, in this case phl-core, phl-servers and phl-storage. The only change required in the /etc/network/interfaces file is the IP address of the bridge: 10.64.0.2 for phl-core, 10.64.0.4 for phl-servers and 10.64.0.5 for phl-storage. Importantly, the default gateway for all switches is 10.64.0.1 -- the Cisco 7206 router. Even though traffic from phl-servers and phl-storage must pass through phl-core, no Layer 3 processing (IP) is required because Ethernet frames are processed by phl-core using only MAC addresses at Layer 2.As a check, issue the command "traceroute 8.8.8.8." Traceroute operates at Layer 3 (IP); since phl-core operates at Laer 2, it does not appear in the trace and the first IP address hop from phl-servers and phl-storage is the Cisco 7206 router's 10.64.0.1 interface.
Ubuntu switches may be added throughout the GNS3 topology, replacing the native (and functionally limited) GNS3 switches.
Spanning Tree Protocol
Spanning Tree Protocol (STP) is a method of detecting bridge loops -- Physical Layer 1 cabling connections in which multiple paths to the same MAC address exist. Bridging loop continuously forward frames and can eventually build to so much traffic the network becomes congested and unreliable. STP is a protocol that detects bridge loops and automatically disables ports to logically eliminate them.In the above switch topology, phl-core is connected to phl-servers (eth2 - eth0) and phl-storage (eth4 - eth0) using two cables. There is no direct connection between phl-servers and phl-storage, so traffic between the two must pass through phl-core. The "brctl showstp" command on phl-core will list both eth2 and eth4 as "forwarding," that is, operational.
If we add a cable linking phl-servers to phl-storage (eth1 - eth1), there is now a bridge loop. For example, traffic from phl-core has two paths to eth0 on phl-servers: one direct (eth2 - eth0) and the other through phl-storage (eth4 - eth0) and then from phl-storage to phl-servers (eth1 - eth1). STP detects this loop and automatically shuts down a port. The "brctl showstp" command on phl-core will now list eth2 as "blocking" and eth4 as "forwarding." STP does not need to shut down any port on phl-servers and phl-storage; eth0 and eth1 on both remain in the "forwarding" state. However, all traffic from phl-servers directly to phl-core is blocked and must pass through phl-storage instead.
This case illustrates how STP is an automated protocol whose decisions may result in suboptimal topologies. The goal to directly connect the servers to the storage switches was achieved, but traffic from the servers to client networks now no longer passes directly to the core, but instead indirectly through the storage switch.
No comments :
Post a Comment