Linux BRIDGE-STP-HOWTO

Uwe B�hme

            Johann-Heinrich-Abt-Stra�e 7
            95213
            M�nchberg
            Germany
            +49/9251 960877
            +49/9251 960878
            [email protected]

Lennert Buytenhenk

  bridge code maintainer and developer
  gnu.org

            [email protected]

  Still draft

  Copyright � 2000 by Uwe B�hme
  Revision History
  Revision v0.00 01 June 2000 Revised by: U.B.
  Initial Release.
  Revision v1.01 07 June 2000 Revised by: U.B.
  Applied patch from Lennert. Corrected some syntactical errors.
  Completed some brctl commands. Added test output and description.
  Revision v1.02 08 June 2000 Revised by: U.B.
  More typo and grammar corrections.
  Revision v1.03 09 June 2000 Revised by: U.B.
  The usual typo. Applied Lennert's explanations about the message logs
  of the pull-the-plug-test.
  Revision v1.04 11 June 2000 Revised by: U.B.
  The usual typo. Applied ultimate test dumps.
  Revision v1.05 17 June 2000 Revised by: U.B.
  System freeze remark. Modified style sheet.
  Revision v0.01 25 June 2000 Revised by: U.B.
  Changes name from BRIDGE-HOWTO to BRIDGE-STP-HOWTO (avoid interference
  with BRIDGE-HOWTO by Christopher Cole) and restart Version numbering
  (we where already too far). Lennert Buytenhenk announced as coauthor.
    _________________________________________________________________

  Table of Contents
  1. [1]License
  2. [2]What Is A Bridge?
  3. [3]Rules On Bridging
  4. [4]Preparing The Bridge

       4.1. [5]Get The Files
       4.2. [6]Apply The Patches
       4.3. [7]Configure The Kernel
       4.4. [8]Compile The Kernel
       4.5. [9]Compile The Bridge Utilities

  5. [10]Set Up The Bridge

       5.1. [11]brctl Command Synopsis
       5.2. [12]Basic Setup

  6. [13]Advanced Bridge Features

       6.1. [14]Spanning Tree Protocol
       6.2. [15]Bridge And The IP-Chains

  7. [16]A Practical Setup Example

       7.1. [17]Hardware-setup
       7.2. [18]Software-setup
       7.3. [19]See It Work
       7.4. [20]Bridge Tests

  Appendix A. [21]Network Interface Cards
  Appendix B. [22]Recommended Reading
  Appendix C. [23]FAQ

  About The Linux Modular Bridge And STP

  This document describes how to setup a bridge with the recent kernel
  patches and brctl utility by Lennert Buytenhek. With developer kernel
  2.3.47 the new bridging code is part of the mainstream. On 20.06.2000
  there are patches for stable kernels 2.2.14 and 2.2.15. What happend
  if a penguin crosses a bridge?
    _________________________________________________________________

1. License

  Copyright (c) 2000 by Uwe B�hme. This document may be distributed only
  subject to the terms and conditions set forth in the [24]LDP License
  available at [25]http://sunsite.unc.edu/LDP/LICENSE.html
    _________________________________________________________________

2. What Is A Bridge?

  A bridge is a device that separates two or more network segments
  within one logical network (e.g. IP-subnet).

  A bridge is usually placed between two separate groups of computers
  that talk with each other, but not that much with the computers in the
  other group. A good example of this is to consider a cluster of
  Macintoshes and a cluster of Unix machines. Both of these groups of
  machines tend to be quite chatty amongst themselves, and the traffic
  they produce on the network causes collisions for the other machines
  who are trying to speak to one another.

  The job of the bridge is to examine the destination of the data
  packets one at a time and decide whether or not to pass the packets to
  the other side of the Ethernet segment. The result is a faster,
  quieter network with less collisions.

  The bridging code decides whether to bridge data or to drop it not by
  looking at the protocol type (IP, IPX, NetBEUI), but by looking at the
  MAC-address unique to each NIC.

  Important

  It's vital to understand that a bridge is neither a router nor a
  fire-wall. Spoken in simple term a bridge behaves like a network
  switch (i.e. Layer 2 Switch), making it a transparent network
  component (which is not absolutely true, bat nearly). Read more about
  this at [26]Section 3.

  In addition, you can overcome hardware incompatibilities with a
  bridge, without leaving the address-range of your IP-net or subnet.
  E.g. it's possible to bridge between different physical media like 10
  Base T and 100 Base TX.

  My personal reason for starting to set up a bridge was that in my work
  I had to connect Fast Ethernet components to a existing HP Voice Grade
  network, which is a proprietary networking standard.

  Features Above Pure Bridging

  STP
         The Spanning Tree Protocol is a nifty method of keeping
         Ethernet devices connected in multiple paths working. The
         participating switches negotiate the shortest available path by
         STP. This feature will be discussed in [27]Section 6.1.

  Multiple Bridge Instances
         Multiple bridge instances allow you to have more than one
         bridge on your box up and running, and to control each instance
         separately.

  Fire-walling
         There is a patch to the bridging code which allows you to use
         IP chains on the interface inside a bridge. More info about
         this you'll find at [28]Section 6.2.
    _________________________________________________________________

3. Rules On Bridging

  There is a number of rules you are not allowed to break (otherwise
  your bridge does).

    * A port can only be a member of one bridge.
    * A bridge knows nothing about routes.
    * A bridge knows nothing about higher protocols than ARP. That's the
      reason why it can bridge any possible protocol possibly running on
      your Ethernet.
    * No matter how many ports you have in your logical bridge, it's
      covered by only one logical interface
    * As soon as a port (e.g. a NIC) is added to a bridge you have no
      more direct control about it.

  Warning

  If one of the points mentioned above is not clear to you now, don't
  continue reading. Read the documents listed in [29]Appendix Appendix B
  first.

  If you ever tried to ping an unmanaged switch, you will know that it
  doesn't work, because you don't have a IP-address for it. To switch
  datagrams it doesn't need one. The other thing is if you want to
  manage the switch. It's too much strain, to take a dumb terminal, walk
  to the place you installed it (normally a dark, dusty and warm room,
  with a lot of green and red Christmas lights), to connect the terminal
  and to change the settings.

  What you want is remote management, usually by SNMP, telnet, rlogin or
  (best) ssh. For all this services you will need a IP. That's the
  exception to the transparency. The new code allows you without any
  problem to assign a IP address to the virtual interface formed by the
  bridge-instance you will create in [30]Section 5.2. All NIC's (or
  other interfaces) in your bridge will happily listen and respond to
  datagrams destined to this IP.

  All other data will not interfere with the bridge. The bridge just
  acts like a switch.
    _________________________________________________________________

4. Preparing The Bridge

  This section describes what you need and how you do to prepare your
  bridge.
    _________________________________________________________________

4.1. Get The Files

  Here you can find a list of the files and down-loads you will need for
  the setup of the bridge. If you have one of the mentioned files or
  packages on your distribution, of course there is no need to create
  network load.

  I'll only mention the files for the 2.2.14 kernel. If you want to try
  a different one (e.g. 2.2.15 or the recent development kernel) just
  replace the kernel version number and look whether you find it.

  File and package list

  Unpatched kernel-sources
         E.g. linux-2.2.14.tar.bz2 available from your local kernel.org
         mirror. Please check first if you find it in your distribution
         (take unpatched kernel-sources). If you don't, please check
         [31]The Linux Kernel Archive Mirror System for a close by
         mirror and down-load it from there.

  Bridge patches

  Note

  If your kernel is later than 2.3.47 you don't need this. The bridging
  is part of the mainstream from that version.

         Get the bridge kernel patches for your kernel version from
         [32]http://www.openrock.net/bridge/. Identify the file by the
         kernel number.

  Note

  There are also patches allowing to work with IP chains. I never tried
  it, for I don't see the need to fire-wall inside my LAN, and
  absolutely no need to bridge against the outer world. Feel free to
  contribute about that issue.

  Kernel patches for the stable 2.2 kernel.
         + [33]bridge-0.0.5-against-2.2.14.diff
         + [34]bridge-0.0.5-against-2.2.15.diff

  Bridge configuration utilities
         You also will need the bridge configuration utilities to set up
         the bridge [35]Section 5. You can also download them from
         [36]http://www.openrock.net/bridge/. The current one (as of
         this writing) is bridge-utils-0.9.1.tar.gz.
         [37]bridge-utils-0.9.1.tar.gz.
    _________________________________________________________________

4.2. Apply The Patches

  Note

  If your kernel is later than 2.3.47 you don't need this. The bridging
  is part of the mainstream from that version.

  Apply the bridging patch your kernel. If you don`t know how to do that
  read the Kernel-HOWTO which can be found in your distribution or at
  [38]http://sunsite.unc.edu/LDP/HOWTO/HOWTO-INDEX.html

  Example 1. Applying a kernel patch
root@mbb-1:~ # cd /usr/src/linux-2.2.14
root@mbb-1:/usr/src/linux-2.2.14 # patch -p1 < \
   bridge-0.0.5-against-2.2.14.diff

You are viewing proxied material from ftp.icm.edu.pl. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.