You are not logged in.
- Topics: Active | Unanswered
#1 2017-10-21 00:41:22
- Maniaxx
- Member
- Registered: 2014-05-14
- Posts: 738
[SOLVED]Network bridge eth0/tap0 with iproute2
Hi,
i want to set up a network bridge with eth0 and tap0 (for QEMU) manually with iproute2 (no deprecated tools (like brctl), no QEMU bridge-helper or scripts).
It results in no layer3 traffic. Wireshark shows ARP requests to the gateway in both directions on eth0 (and br0 only incoming). I also cannot ping the gateway (192.168.1.1). 100% packet loss.
I want internet access for eth0/tap0 and they need to be able to communicate to each other. I assigned different IPs and MACs to the NICs. I'm not sure if that's correct as some examples just flush the IP on eth0. But if i remove the ip from eth0 i'm not sure how to contact the host from tap0 (QEMU).
Anyone know what's wrong here?
This is my script:
#!/bin/bash
if [[ ! $(grep br0 < /proc/net/dev) ]]; then
echo "Creating bridge"
systemctl stop NetworkManager.service
ip tuntap add tap0 mode tap user 1000
ip link set tap0 up
ip link add dev br0 type bridge
ip link set eth0 promisc on
ip link set eth0 master br0
ip link set tap0 master br0
sysctl net.ipv4.ip_forward=1 >/dev/null 2>&1
ip addr add 192.168.1.7/24 broadcast 192.168.1.255 dev tap0
ip addr add 192.168.1.8/24 broadcast 192.168.1.255 dev br0
ip link set br0 address 00:25:22:11:11:11
ip link set dev br0 up
else
echo "Removing bridge"
ip link set eth0 nomaster
ip link set tap0 nomaster
ip link set eth0 down
ip tuntap del tap0 mode tap
ip addr flush dev br0
ip link del dev br0 type bridge
ip link set eth0 promisc off
ip link set eth0 up
ip route add default via 192.168.1.1 dev eth0 proto static metric 100
sysctl net.ipv4.ip_forward=0 >/dev/null 2>&1
systemctl start NetworkManager.service
fi$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000
link/ether 00:25:22:33:33:33 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.6/24 brd 192.168.1.255 scope global eth0
valid_lft forever preferred_lft forever
61: tap0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel master br0 state DOWN group default qlen 1000
link/ether ae:41:d6:f3:1c:f6 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.7/24 brd 192.168.1.255 scope global tap0
valid_lft forever preferred_lft forever
62: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:25:22:11:11:11 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.8/24 brd 192.168.1.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::225:22ff:fe11:1111/64 scope link
valid_lft forever preferred_lft forever$ ip route
default via 192.168.1.1 dev eth0 proto static metric 100
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.6
192.168.1.0/24 dev tap0 proto kernel scope link src 192.168.1.7 linkdown
192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.8Last edited by Maniaxx (2017-11-09 06:02:10)
sys2064
Offline
#2 2017-10-21 05:58:56
- nesk
- Member
- Registered: 2011-03-31
- Posts: 181
Re: [SOLVED]Network bridge eth0/tap0 with iproute2
I want internet access for eth0/tap0 and they need to be able to communicate to each other. I assigned different IPs and MACs to the NICs. I'm not sure if that's correct as some examples just flush the IP on eth0. But if i remove the ip from eth0 i'm not sure how to contact the host from tap0 (QEMU).
Anyone know what's wrong here?
Remove the IP from eth0 - packets from tap0 will reach the bridge's IP.
Remove the IP from tap0 as well. TAP provides link layer interface (Ethernet) - the guest is supposed to use it with IP addressing and so on.
Here's how things look like with my setup (eno1 is physical interface) - with VM booted up and able to access the internet:
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bridge0 state UP group default qlen 1000
link/ether 11:22:33:44:44:55 brd ff:ff:ff:ff:ff:ff
5: bridge0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 33:11:22:55:77:88 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.49/24 brd 192.168.0.255 scope global bridge0
valid_lft forever preferred_lft forever
6: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bridge0 state UNKNOWN group default qlen 1000
link/ether 66:77:88:99:22:11 brd ff:ff:ff:ff:ff:ffi want to set up a network bridge with eth0 and tap0 (for QEMU) manually with iproute2 (no deprecated tools (like brctl), no QEMU bridge-helper or scripts).
Why? Educational experience? All this can be accomplished with NetworkManager (which you apparently have, judging from your scripts) managing the bridge(s) and qemu-bridge-helper creating taps. Works well for me with 2 bridges and several VMs.
Offline
#3 2017-10-22 01:39:26
- Maniaxx
- Member
- Registered: 2014-05-14
- Posts: 738
Re: [SOLVED]Network bridge eth0/tap0 with iproute2
Why? Educational experience?
Yes, i want to do it manually at least once.
Thanks so far. It does work now.
They say traffic is queued twice and gateway traffic can be force routed to eth0 but i couldn't get it completely done.
http://ebtables.netfilter.org/examples/ … l#ex_speed
http://ebtables.netfilter.org/examples/ … x_redirect
http://ebtables.netfilter.org/examples/ … l#example2 (scroll down to "Acknowledgements, Final Comments and Useful Links")
with this:
ebtables -t broute -A BROUTING -d ${MAC_ETH0} -p ipv4 -j redirect --redirect-target DROP
ebtables -t broute -A BROUTING -p ARP -i eth0 -d ${MAC_ETH0} -j DROPKeeping eth0 IP intact (no br0 IP, different br0 MAC).
It does work but i cannot ping eth0 from tap0/QEMU. Both have internet access though and eth0 can ping tap0 IP. Maybe needs an exception for tap0 somewhere.
sys2064
Offline