Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge of "how to use Linux Bridge". In the operation of actual cases, many people will encounter such a dilemma. Next, let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Linux Bridge detailed explanation

Linux Bridge (Bridge) is a virtual switch realized by pure software, which has the same functions as the physical switch, such as layer 2 switching, MAC address learning and so on. So we can bind a device such as tun/tap,veth pair to a bridge, just like connecting the device to a physical switch. In addition, like veth pair and tun/tap, it is also a virtual network device, which has all the characteristics of a virtual device, such as configuring IP,MAC addresses and so on.

Linux Bridge is usually used in conjunction with KVM, docker and other virtualization technologies to build virtual networks, and since this tutorial does not cover virtualization technologies, we will use the netns we learned earlier to simulate virtual devices.

How to use Linux Bridge?

There are many ways to operate a bridge. Here we introduce how to operate it through bridge-utils. Since it is not a tool that comes with the Linux system, we need to install it manually.

# centosyum install-y bridge-utils# ubuntuapt-get install-y bridge-utils

Use brctl help to view usage help

Never heard of command [help] Usage: brctl [commands] commands: addbr add bridge delbr delete bridge addif add interface to bridge delif delete interface from bridge hairpin {on | off} turn hairpin on/off setageing setageing time setbridgeprio Set bridge priority setfd set bridge forward delay sethello sethello time setmaxage setmax message age setpathcost setpathcost setportprio setport priority show [] show a list of bridges showmacs Show a list of mac addrs showstp show bridge stp info stp {on | off} turn stp on/off

Common commands such as

Create a new bridge:

Brctl addbr

Add a device (such as eth0) to the bridge:

Brctl addif eth0

Displays the currently existing bridges and the network ports to which they are connected:

Brctl show

Start the bridge:

Ip link set up

To delete the bridge, you need to close it first:

Ip link set downbrctl delbr

Or delete the bridge directly using the ip link del command

Ip link del

> when adding Linux Bridge, a virtual network card with the same name is automatically added to the host machine, so we can operate the virtual network card through the ip link command, that is, to operate the bridge, and the bridge will forward data only when the virtual network card status is up.

Experiment

In the last section, "Linux veth pair details", we used veth pair to connect two isolated netns together, which in the real world is equivalent to connecting two computers together with a network cable, but in the real world, very few people use it. Because a device not only needs to communicate with another device, it needs to communicate with many network devices, and if it is still used in this way, it requires very complex network wiring, and ordinary network devices in the real world do not have that many network interfaces.

So what do you need to do if you want a device to communicate with many network devices? In our daily life, apart from mobile phones and computers, the most common network equipment is the router. Our mobile phones are connected to the WI-FI, and the computer is plugged into the router, waiting to get the IP from the router's DHCP server, so they can communicate with each other. This is the second layer switching function of the router. The main function of Linux Bridge is layer 2 switching, which simulates the real world layer 2 switch. Let's change the network topology slightly, as shown in the following figure:

We set up a bridge, three netns, three pairs of veth pair, one end in the netns and the other connected to the bridge. In order to simplify the topology, I removed the tap devices from the netns and configured the IP directly on the veth.

> veth devices can not only act as "network cables", but also can be used as virtual network cards.

# add Bridge brctl addbr br0# Boot Bridge ip link set br0 up# add three new netnsip netns add ns0ip netns add ns1ip netns add ns2# add two pairs of vethip link add veth0-ns type veth peer name veth0-brip link add veth2-ns type veth peer name veth2-brip link add veth3-ns type veth peer name veth3-br# move one end of veth to netns ip link set veth0-ns netns ns0ip link set veth2-ns netns ns1ip link set veth3-ns netns ns2# will add this in netns Earth Loopback and veth start and configure IPip netns exec ns0 ip link set lo upip netns exec ns0 ip link set veth0-ns upip netns exec ns0 ip addr add 10.0.0.1 veth 24 dev veth0-nsip netns exec ns1 ip link set lo upip netns exec ns1 ip link set veth2-ns upip netns exec ns1 ip addr add 10.0.0.2 Universe 24 dev veth2-nsip netns exec ns2 ip link set lo upip netns exec ns2 ip link set veth3-ns upip netns exec ns2 ip addr add 10.0.0.3 Universe 24 dev veth3 -ns# launches and mounts the other end of the veth to the bridge ip link set veth0-br upip link set veth2-br upip link set veth3-br upbrctl addif br0 veth0-brbrctl addif br0 veth2-brbrctl addif br0 veth3-br

Test network connectivity

Test network connectivity to 10.0.0.2 of ns1 in the namespace ns0 using ip netns exec ns0 ping 10.0.0.2

PING 10.0.0.2 (10.0.0.2) 56 (84) bytes of data.64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.032 ms64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.058 ms64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.052 ms64 bytes from 10.0.0.2: icmp_seq=4 ttl=64 time=0.044 Ms ^ C-- 10.0.0.2 ping statistics-4 packets transmitted, 4 received, 0% packet loss Time 54msrtt min/avg/max/mdev = 0.032 ms 0.046 ms 0.058 max 0.011

Use ip netns exec ns0 ping 10.0.0.3 to test network connectivity to 10.0.0.3 of ns2 in the namespace ns0

PING 10.0.0.3 (10.0.0.3) 56 (84) bytes of data.64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=0.054 ms64 bytes from 10.0.0.3: icmp_seq=2 ttl=64 time=0.045 ms64 bytes from 10.0.0.3: icmp_seq=3 ttl=64 time=0.058 ms64 bytes from 10.0.0.3: icmp_seq=4 ttl=64 time=0.064 Ms ^ C-- 10.0.0.3 ping statistics-4 packets transmitted, 4 received, 0 packet loss Time 81msrtt min/avg/max/mdev = 0.045 ms 0.055 ms 0.064 Universe 0.008

Test network connectivity to 10.0.0.1 of ns0 in the namespace ns1 using ip netns exec ns1 ping 10.0.0.1

PING 10.0.0.1 (10.0.0.1) 56 (84) bytes of data.64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.031 ms64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.046 ms64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.038 ms64 bytes from 10.0.0.1: icmp_seq=4 ttl=64 time=0.041 Ms ^ C-- 10.0.0.1 ping statistics-4 packets transmitted, 4 received, 0% packet loss Time 81msrtt min/avg/max/mdev = 0.031 ms 0.039 max 0.046 Universe 0.005

Use ip netns exec ns1 ping 10.0.0.3 to test network connectivity to 10.0.0.3 of ns2 in the namespace ns1

PING 10.0.0.3 (10.0.0.3) 56 (84) bytes of data.64 bytes from 10.0.0.3: icmp_seq=1 ttl=64 time=0.060 ms64 bytes from 10.0.0.3: icmp_seq=2 ttl=64 time=0.059 ms64 bytes from 10.0.0.3: icmp_seq=3 ttl=64 time=0.044 ms64 bytes from 10.0.0.3: icmp_seq=4 ttl=64 time=0.065 Ms ^ C-- 10.0.0.3 ping statistics-4 packets transmitted, 4 received, 0 packet loss Time 65msrtt min/avg/max/mdev = 0.044 ms 0.057 ms 0.065 Universe 0.007

Test network connectivity to 10.0.0.1 of ns0 in the namespace ns2 using ip netns exec ns2 ping 10.0.0.1

PING 10.0.0.1 (10.0.0.1) 56 (84) bytes of data.64 bytes from 10.0.0.1: icmp_seq=1 ttl=64 time=0.032 ms64 bytes from 10.0.0.1: icmp_seq=2 ttl=64 time=0.056 ms64 bytes from 10.0.0.1: icmp_seq=3 ttl=64 time=0.043 ms64 bytes from 10.0.0.1: icmp_seq=4 ttl=64 time=0.060 Ms ^ C-- 10.0.0.1 ping statistics-4 packets transmitted, 4 received, 0% packet loss Time 69msrtt min/avg/max/mdev = 0.032, 0.047, 0.060, 0.013, ms

Test network connectivity to 10.0.0.2 of ns1 in the namespace ns2 using ip netns exec ns2 ping 10.0.0.2

PING 10.0.0.2 (10.0.0.2) 56 (84) bytes of data.64 bytes from 10.0.0.2: icmp_seq=1 ttl=64 time=0.030 ms64 bytes from 10.0.0.2: icmp_seq=2 ttl=64 time=0.055 ms64 bytes from 10.0.0.2: icmp_seq=3 ttl=64 time=0.044 ms64 bytes from 10.0.0.2: icmp_seq=4 ttl=64 time=0.042 Ms ^ C-- 10.0.0.2 ping statistics-4 packets transmitted, 4 received, 0% packet loss Time 114msrtt min/avg/max/mdev = 0.030 ms 0.042 ms 0.055 pound 0.011

You can see that we connect the three isolated netns together through the bridge, and in this way, we can easily add a fourth netns and a fifth netns.... We won't expand here.

This is the end of "how to use Linux Bridge". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.