Bridging mini-HOWTO
Christopher
Cole
cole@coledd.com
Vertaald door: Ellen
Bokhorst
bokkie@nl.linux.org
Maart 2001
1.22
20-05-2002
tab
Naar DocBook 4.1 geconverteerd en GFDL per Christopher
Cole toegevoegd
1.21
07-03-2001
cc
In dit document wordt beschreven hoe een ethernet bridge op te zetten.
Wat is een ethernet bridge? Een ethernet bridge is een device dat
datapackets bestuurt binnen een subnet in een poging de hoeveelheid
verkeer te beperken. Een bridge wordt gewoonlijk tussen twee aparte
groepen computers geplaatst welke binnen die groep communiceren, maar
niet zoveel met de computers in de andere groep.
Een goed voorbeeld hiervan is te zien in een cluster met Macintosh machines
en een cluster unix machines. Beiden groepen machines neigen nogal
babbelziek onder elkaar te zijn, en het verkeer dat ze op het netwerk
produceren, veroorzaakt aanvaringen met de andere machines die met
elkaar proberen te communiceren. Tussen deze groepen computers zou een
bridge worden geplaatst. De taak van de bridge bestaat uit het één
voor één bestuderen van de bestemming van de datapakketjes
en te besluiten of het de pakketjes wel of niet aan de andere kant van
het ethernetsegment zal doorgeven.
Het resultaat is een sneller, stiller netwerk met minder aanvaringen.
Setup
Haal Bridge Config op:
BRCFG.tgz
BRCFG is ook te vinden op:
http://coledd.com/networking/bridge
Activeer meerdere ethernet devices op je machine door
deze regel toe te voegen aan het bestand /etc/lilo.conf,
en lilo uit te voeren:
append = "ether=0,0,eth1"
Als je drie interfaces op je bridge hebt, gebruik dan in plaats
daarvan deze regel:
append = "ether=0,0,eth1 ether=0,0,eth2"
Er kunnen meer interfaces worden gevonden door meer ether statements
toe te voegen. Standaard detecteert een Linux kernel een enkele ethernetkaart,
en zodra er één wordt gevonden, stopt de detectie.
De bovenstaande append opdracht vertelt de kernel te blijven zoeken naar
meer ethernet devices nadat de eerste werd gevonden.
Als alternatief kan daarvoor in de plaats een bootparameter worden gebruikt:
linux ether=0,0,eth1
Of, gebruik bij 3 interfaces:
linux ether=0,0,eth1 ether=0,0,eth2
Hercompileer de kernel met BRIDGING geactiveerd.
Een bridge heeft geen IP-adres nodig. Het kan wel, maar
voor een gewone bridge hoeft dat niet. Ga (bij een RedHat systeem) naar
/etc/sysconfig/network-scripts/
en kopieer
ifcfg-lo0 naar ifcfg-eth0 &
ifcfg-eth1 om het IP-adres uit je bridge
te verwijderen.
Wijzig in deze twee nieuwe bestanden de regel met daarin
DEVICE=lo in DEVICE=eth0
en DEVICE=eth1.
Aangezien andere distributies hiervan kunnen afwijken, moet je wellicht
aanvullende documentatie raadplegen.
Als er meer dan 2 interfaces naar deze bridge zijn, zorg dan dat je
de corresponderende configuraties ook daarin maakt.
Reboot zodat je de nieuwe kernel met BRIDGING draait,
en zorg er ook voor dat er geen IP-adressen zijn verbonden met de
netwerkinterfaces.
Plaats de ethernetkaarten in promiscuous modus zodra een
backup van het systeem is gemaakt, zodat ze elk pakket dat de interfaces
passeert bekijken:
ifconfig eth0 promisc ; ifconfig eth1 promisc
Alle interfaces die zijn verbonden met netwerksegmenten
aan de bridge worden in promiscuous modus geplaatst.
Zet bridging aan met behulp van het programma
brcfg:
brcfg -ena
Verifieer dat er ander verkeer op elke interface is:
tcpdump -i eth0 (in een venster)
tcpdump -i eth1 (in een ander venster)
Start een sniffer of tcpdump op
een andere machine om te verifiëren dat de bridge het segment correct
scheidt.
Algemene Problemen
Ik krijg de melding ioctl(SIOCGIFBR) failed: Package not installed
. Wat betekent dit?
Je hebt de bridging mogelijkheid niet in je kernel.
Haal een 2.0 of nieuwere kernel op, en compileer het met
de optie BRIDGING geactiveerd.
Machines aan de ene kant kunnen de andere kant niet pingen!
Heb je bridging met behulp van het programm
brcfg -ena geactiveerd?
(brcfg zou
bridging is ENABLED aan moeten geven)
Heb je de interfaces in promiscuous modus
geplaatst?
(roep de opdracht ifconfig aan.
De vlag PROMISC zou aan moeten staan
bij beide interfaces.)
Als je multiple-media interface-adapters
gebruikt, zorg dan dat de juiste is geactiveerd.
Wellicht dat je het config/setup programma moet gebruiken
dat met de netwerkinterfacekaart werd meegeleverd.
Ik kan niet telnetten/ftp'en vanaf de bridge! Waarom niet?
Dit komt doordat er geen IP-adres is verbonden met een van
de bridge interfaces. Een bridge dient een transparant deel van een netwerk
te zijn.
Wat heb ik nodig om de wijze van routing op te zetten?
Niets!
Alle routing intelligentie wordt afgehandeld door de bridging code
in de kernel. Gebruik het programma brcfg
in debug modus om de ethernetadressen te zien zoals ze door de bridge worden
geleerd:
brcfg -deb
De bridge schijnt te werken, maar waarom toont
traceroute de bridge niet als onderdeel van het pad?
Vanwege de aard van een bridge hoort traceroute de bridge niet als onderdeel van het pad te tonen. Een bridge
dient als een transparante component van het netwerk.
Is het noodzakelijk IP_FORWARD in de kernel te
compileren?
Nee. De bridging code in de kernel zorgt voor het transport
van pakketjes.
IP_FORWARD is voor een gateway die IP-adressen
aan zijn interfaces heeft verbonden.
Waarom zijn de fysieke ethernetadressen voor poort 1 en
poort 2 hetzelfde volgens het programma
brcfg?
Zouden ze niet verschillend moeten zijn?
Nee. Aan elke poort van een bridge wordt door de bridging
code expres hetzelfde fysieke ethernetadres toegekend.
Bridging verschijnt niet als optie wanneer een make config
op de kernel uitvoert.
Hoe activeert men dit?
Antwoord tijdens de kernelconfig Y
op de vraag
Prompt for development and/or incomplete code/drivers (CONFIG_EXPERIMENTAL) [Y/n/?].
Te veel hubs (4 of meer) zijn na elkaar in serie geketend,
wat op een ethernet voor timing problemen zorgt. Welk effect heeft een
bridge in een subnet dat met hubs in lagen werkt?
Een bridge reset de 3/4/5 hubs rule. Een bridge gaat niet
zo om met pakketjes zoals een hub dat doet, en draagt daarom niet bij
aan timing problemen op een netwerk.
Kan een bridge interface naar zowel 10Mb als 100Mb
ethernetsegmenten? Zal een dergelijke configuratie de rest van het
verkeer op de hoge snelheidslijn vertragen?
Je, een bridge kan een 10Mb segment aan een 100Mb segment
verbinden. Zolang als de netwerkkaart op het snelle netwerk 100Mb capabel
is, zorgt TCP voor de rest. Ondanks dat het klopt dat de pakketjes van
een host in het 100Mb netwerk die communiceert met een host in het
10Mb netwerk slechts met een snelheid van 10Mb's worden verplaatst, wordt
de rest van het verkeer op het snelle ethernet niet vertraagd.
Copyright
Copyright © 2002 Christopher Cole
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation; with no Invariant Sections, no Front-Cover Texts and no Back-Cover Texts. A copy of the license is included in the section entitled "GNU Free Documentation License".
GNU Free Documentation License
Version 1.1, March 2000
Copyright (C) 2000 Free Software Foundation, Inc.
59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
PREAMBLE
The purpose of this License is to make a manual, textbook,
or other written document "free" in the sense of freedom: to
assure everyone the effective freedom to copy and redistribute it,
with or without modifying it, either commercially or
noncommercially. Secondarily, this License preserves for the
author and publisher a way to get credit for their work, while not
being considered responsible for modifications made by
others.
This License is a kind of "copyleft", which means that
derivative works of the document must themselves be free in the
same sense. It complements the GNU General Public License, which
is a copyleft license designed for free software.
We have designed this License in order to use it for manuals
for free software, because free software needs free documentation:
a free program should come with manuals providing the same
freedoms that the software does. But this License is not limited
to software manuals; it can be used for any textual work,
regardless of subject matter or whether it is published as a
printed book. We recommend this License principally for works
whose purpose is instruction or reference.
APPLICABILITY AND DEFINITIONS
This License applies to any manual or other work that
contains a notice placed by the copyright holder saying it can be
distributed under the terms of this License. The "Document",
below, refers to any such manual or work. Any member of the
public is a licensee, and is addressed as "you".
A "Modified Version" of the Document means any work
containing the Document or a portion of it, either copied
verbatim, or with modifications and/or translated into another
language.
A "Secondary Section" is a named appendix or a front-matter
section of the Document that deals exclusively with the
relationship of the publishers or authors of the Document to the
Document's overall subject (or to related matters) and contains
nothing that could fall directly within that overall subject.
(For example, if the Document is in part a textbook of
mathematics, a Secondary Section may not explain any mathematics.)
The relationship could be a matter of historical connection with
the subject or with related matters, or of legal, commercial,
philosophical, ethical or political position regarding
them.
The "Invariant Sections" are certain Secondary Sections
whose titles are designated, as being those of Invariant Sections,
in the notice that says that the Document is released under this
License.
The "Cover Texts" are certain short passages of text that
are listed, as Front-Cover Texts or Back-Cover Texts, in the
notice that says that the Document is released under this
License.
A "Transparent" copy of the Document means a
machine-readable copy, represented in a format whose specification
is available to the general public, whose contents can be viewed
and edited directly and straightforwardly with generic text
editors or (for images composed of pixels) generic paint programs
or (for drawings) some widely available drawing editor, and that
is suitable for input to text formatters or for automatic
translation to a variety of formats suitable for input to text
formatters. A copy made in an otherwise Transparent file format
whose markup has been designed to thwart or discourage subsequent
modification by readers is not Transparent. A copy that is not
"Transparent" is called "Opaque".
Examples of suitable formats for Transparent copies include
plain ASCII without markup, Texinfo input format, LaTeX input
format, SGML or XML using a publicly available DTD, and
standard-conforming simple HTML designed for human modification.
Opaque formats include PostScript, PDF, proprietary formats that
can be read and edited only by proprietary word processors, SGML
or XML for which the DTD and/or processing tools are not generally
available, and the machine-generated HTML produced by some word
processors for output purposes only.
The "Title Page" means, for a printed book, the title page
itself, plus such following pages as are needed to hold, legibly,
the material this License requires to appear in the title page.
For works in formats which do not have any title page as such,
"Title Page" means the text near the most prominent appearance of
the work's title, preceding the beginning of the body of the
text.
VERBATIM COPYING
You may copy and distribute the Document in any medium,
either commercially or noncommercially, provided that this
License, the copyright notices, and the license notice saying this
License applies to the Document are reproduced in all copies, and
that you add no other conditions whatsoever to those of this
License. You may not use technical measures to obstruct or
control the reading or further copying of the copies you make or
distribute. However, you may accept compensation in exchange for
copies. If you distribute a large enough number of copies you
must also follow the conditions in section 3.
You may also lend copies, under the same conditions stated
above, and you may publicly display copies.
COPYING IN QUANTITY
If you publish printed copies of the Document numbering more
than 100, and the Document's license notice requires Cover Texts,
you must enclose the copies in covers that carry, clearly and
legibly, all these Cover Texts: Front-Cover Texts on the front
cover, and Back-Cover Texts on the back cover. Both covers must
also clearly and legibly identify you as the publisher of these
copies. The front cover must present the full title with all
words of the title equally prominent and visible. You may add
other material on the covers in addition. Copying with changes
limited to the covers, as long as they preserve the title of the
Document and satisfy these conditions, can be treated as verbatim
copying in other respects.
If the required texts for either cover are too voluminous to
fit legibly, you should put the first ones listed (as many as fit
reasonably) on the actual cover, and continue the rest onto
adjacent pages.
If you publish or distribute Opaque copies of the Document
numbering more than 100, you must either include a
machine-readable Transparent copy along with each Opaque copy, or
state in or with each Opaque copy a publicly-accessible
computer-network location containing a complete Transparent copy
of the Document, free of added material, which the general
network-using public has access to download anonymously at no
charge using public-standard network protocols. If you use the
latter option, you must take reasonably prudent steps, when you
begin distribution of Opaque copies in quantity, to ensure that
this Transparent copy will remain thus accessible at the stated
location until at least one year after the last time you
distribute an Opaque copy (directly or through your agents or
retailers) of that edition to the public.
It is requested, but not required, that you contact the
authors of the Document well before redistributing any large
number of copies, to give them a chance to provide you with an
updated version of the Document.
MODIFICATIONS
You may copy and distribute a Modified Version of the
Document under the conditions of sections 2 and 3 above, provided
that you release the Modified Version under precisely this
License, with the Modified Version filling the role of the
Document, thus licensing distribution and modification of the
Modified Version to whoever possesses a copy of it. In addition,
you must do these things in the Modified Version:
Use in the Title Page
(and on the covers, if any) a title distinct from that of the
Document, and from those of previous versions (which should, if
there were any, be listed in the History section of the
Document). You may use the same title as a previous version if
the original publisher of that version gives permission.
List on the Title Page,
as authors, one or more persons or entities responsible for
authorship of the modifications in the Modified Version,
together with at least five of the principal authors of the
Document (all of its principal authors, if it has less than
five).
State on the Title page
the name of the publisher of the Modified Version, as the
publisher.
Preserve all the
copyright notices of the Document.
Add an appropriate
copyright notice for your modifications adjacent to the other
copyright notices.
Include, immediately
after the copyright notices, a license notice giving the public
permission to use the Modified Version under the terms of this
License, in the form shown in the Addendum below.
Preserve in that license
notice the full lists of Invariant Sections and required Cover
Texts given in the Document's license notice.
Include an unaltered
copy of this License.
Preserve the section
entitled "History", and its title, and add to it an item stating
at least the title, year, new authors, and publisher of the
Modified Version as given on the Title Page. If there is no
section entitled "History" in the Document, create one stating
the title, year, authors, and publisher of the Document as given
on its Title Page, then add an item describing the Modified
Version as stated in the previous sentence.
Preserve the network
location, if any, given in the Document for public access to a
Transparent copy of the Document, and likewise the network
locations given in the Document for previous versions it was
based on. These may be placed in the "History" section. You
may omit a network location for a work that was published at
least four years before the Document itself, or if the original
publisher of the version it refers to gives permission.
In any section entitled
"Acknowledgements" or "Dedications", preserve the section's
title, and preserve in the section all the substance and tone of
each of the contributor acknowledgements and/or dedications
given therein.
Preserve all the
Invariant Sections of the Document, unaltered in their text and
in their titles. Section numbers or the equivalent are not
considered part of the section titles.
Delete any section
entitled "Endorsements". Such a section may not be included in
the Modified Version.
Do not retitle any
existing section as "Endorsements" or to conflict in title with
any Invariant Section.
If the Modified Version includes new front-matter sections
or appendices that qualify as Secondary Sections and contain no
material copied from the Document, you may at your option
designate some or all of these sections as invariant. To do this,
add their titles to the list of Invariant Sections in the Modified
Version's license notice. These titles must be distinct from any
other section titles.
You may add a section entitled "Endorsements", provided it
contains nothing but endorsements of your Modified Version by
various parties--for example, statements of peer review or that
the text has been approved by an organization as the authoritative
definition of a standard.
You may add a passage of up to five words as a Front-Cover
Text, and a passage of up to 25 words as a Back-Cover Text, to the
end of the list of Cover Texts in the Modified Version. Only one
passage of Front-Cover Text and one of Back-Cover Text may be
added by (or through arrangements made by) any one entity. If the
Document already includes a cover text for the same cover,
previously added by you or by arrangement made by the same entity
you are acting on behalf of, you may not add another; but you may
replace the old one, on explicit permission from the previous
publisher that added the old one.
The author(s) and publisher(s) of the Document do not by
this License give permission to use their names for publicity for
or to assert or imply endorsement of any Modified Version.
COMBINING DOCUMENTS
You may combine the Document with other documents released
under this License, under the terms defined in section 4 above for
modified versions, provided that you include in the combination
all of the Invariant Sections of all of the original documents,
unmodified, and list them all as Invariant Sections of your
combined work in its license notice.
The combined work need only contain one copy of this
License, and multiple identical Invariant Sections may be replaced
with a single copy. If there are multiple Invariant Sections with
the same name but different contents, make the title of each such
section unique by adding at the end of it, in parentheses, the
name of the original author or publisher of that section if known,
or else a unique number. Make the same adjustment to the section
titles in the list of Invariant Sections in the license notice of
the combined work.
In the combination, you must combine any sections entitled
"History" in the various original documents, forming one section
entitled "History"; likewise combine any sections entitled
"Acknowledgements", and any sections entitled "Dedications". You
must delete all sections entitled "Endorsements."
COLLECTIONS OF DOCUMENTS
You may make a collection consisting of the Document and
other documents released under this License, and replace the
individual copies of this License in the various documents with a
single copy that is included in the collection, provided that you
follow the rules of this License for verbatim copying of each of
the documents in all other respects.
You may extract a single document from such a collection,
and distribute it individually under this License, provided you
insert a copy of this License into the extracted document, and
follow this License in all other respects regarding verbatim
copying of that document.
AGGREGATION WITH INDEPENDENT WORKS
A compilation of the Document or its derivatives with other
separate and independent documents or works, in or on a volume of
a storage or distribution medium, does not as a whole count as a
Modified Version of the Document, provided no compilation
copyright is claimed for the compilation. Such a compilation is
called an "aggregate", and this License does not apply to the
other self-contained works thus compiled with the Document, on
account of their being thus compiled, if they are not themselves
derivative works of the Document.
If the Cover Text requirement of section 3 is applicable to
these copies of the Document, then if the Document is less than
one quarter of the entire aggregate, the Document's Cover Texts
may be placed on covers that surround only the Document within the
aggregate. Otherwise they must appear on covers around the whole
aggregate.
TRANSLATION
Translation is considered a kind of modification, so you may
distribute translations of the Document under the terms of section
4. Replacing Invariant Sections with translations requires
special permission from their copyright holders, but you may
include translations of some or all Invariant Sections in addition
to the original versions of these Invariant Sections. You may
include a translation of this License provided that you also
include the original English version of this License. In case of
a disagreement between the translation and the original English
version of this License, the original English version will
prevail.
TERMINATION
You may not copy, modify, sublicense, or distribute the
Document except as expressly provided for under this License. Any
other attempt to copy, modify, sublicense or distribute the
Document is void, and will automatically terminate your rights
under this License. However, parties who have received copies, or
rights, from you under this License will not have their licenses
terminated so long as such parties remain in full
compliance.
FUTURE REVISIONS OF THIS LICENSE
The Free Software Foundation may publish new, revised
versions of the GNU Free Documentation License from time to time.
Such new versions will be similar in spirit to the present
version, but may differ in detail to address new problems or
concerns. See http://www.gnu.org/copyleft/.
Each version of the License is given a distinguishing
version number. If the Document specifies that a particular
numbered version of this License "or any later version" applies to
it, you have the option of following the terms and conditions
either of that specified version or of any later version that has
been published (not as a draft) by the Free Software Foundation.
If the Document does not specify a version number of this License,
you may choose any version ever published (not as a draft) by the
Free Software Foundation.
How to use this License for your documents
To use this License in a document you have written, include
a copy of the License in the document and put the following
copyright and license notices just after the title page:
Copyright (c) YEAR YOUR NAME.
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.1
or any later version published by the Free Software Foundation;
with the Invariant Sections being LIST THEIR TITLES, with the
Front-Cover Texts being LIST, and with the Back-Cover Texts being LIST.
A copy of the license is included in the section entitled "GNU
Free Documentation License".
If you have no Invariant Sections, write "with no Invariant
Sections" instead of saying which ones are invariant. If you have
no Front-Cover Texts, write "no Front-Cover Texts" instead of
"Front-Cover Texts being LIST"; likewise for Back-Cover
Texts.
If your document contains nontrivial examples of program
code, we recommend releasing these examples in parallel under your
choice of free software license, such as the GNU General Public
License, to permit their use in free software.