![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2020-01-25
組成 bridge 的 nic
所有加入 bridge 的 interface 都要支持 promiscuous mode <--- 此 mode 是吃 CPU 資源的
否則不能成為 bridge 的成員
dmesg 及 /var/log/messages 會見到
.......................... device eth0 entered promiscuous mode device eth0 left promiscuous mode ..........................
安裝
aptitude install bridge-utils
CLI - brctl
人手建立 bridge:
brctl addbr bridgename
刪除 bridge:
brctl delbr bridgename
forward delay:
在 bridge 啟動時會有 30s delay # 在沒有 network loop 的主機情況下, 可以考慮 forwarding delay off
brctl setfd bridgename 0
remark
在 /etc/network/interfaces 的設定
bridge_fd 0
把 NIC 加入到 bridge:
brctl addif bridgename device1 device2 ....
i.e.
brctl addif br0 eth0 eth1
在 bridge 內移除 NIC:
brctl delif bridgename device
查看狀態:
brctl show bridgename
brctl showmacs bridgename
用 brctl 去建立 bridge 的 Full Example
ifconfig eth0 0.0.0.0 ifconfig eth1 0.0.0.0 brctl addbr mybridge brctl addif mybridge eth0 eth1 ifconfig mybridge 192.168.0.1 netmask 255.255.255.0
永久設置
/etc/network/interfaces
auto eth0 eth1 br0
iface eth0 inet manual
pre-up ifconfig $IFACE up
post-down ifconfig $IFACE down
iface eth1 inet manual
pre-up ifconfig $IFACE up
post-down ifconfig $IFACE down
# Bridge setup
iface br0 inet static
address 192.168.1.2
broadcast 192.168.1.255
netmask 255.255.255.0
gateway 192.168.1.1
bridge_ports eth0 eth1 # 這裡開始是有關 bridge 的設定
bridge_stp no
bridge_fd 0 # default 15 (delay forward, interfaces joining the bridge)
bridge_maxwait 0 # setup scripts 過幾多秒後才進入 forwarding
bridge_waitport 0 # no delay before a port becomes available說明
bridge_maxwait
the Debian bridge setup scripts will wait for the bridge ports to get to the forwarding status,
doesn't allow factional part.
bridge_waitport time [ports]
wait for a max of time seconds for the specified ports to become available
if no ports are specified then those specified on bridge_ports will be used here.
設置學到的 mac address 的有效時間
brctl setageing bridgename time // 在 fdb (Forwarding DataBase) 的有效時間
brctl setgcint <brname> <time> // 多久檢查一次 fdb
Spanning Tree Protocol
啟用:
brctl stp bridgename on
查看 stp:
brctl showstp
hairpin
hairpin: reflective relay (send frames back out through the port the frame was received on)
Dummy bridge
# VM 使用
auto lxcbr0
iface lxcbr0 inet manual
pre-up brctl addbr $IFACE
up ip link set $IFACE up
post-down brctl delbr $IFACE
down ip link set $IFACE down
bridge_stp off # disable Spanning Tree Protocol
bridge_waitport 0 # no delay before a port becomes available
bridge_fd 0 # no forwarding delay
查看系統是否支援 ebtables
cat /proc/sys/net/bridge/bridge-nf-*
詳見:
- man brctl
- man bridge-utils-interfaces
