import site.body

Linux Networking: Dummy Interfaces and Virtual Bridges

Updates

  • corrected the 'type' in example code for bringing up a dummy interface

In this part of the 'An introduction to Virtual Networking on Linux' Series we talk about bridging networks and our first Linux specific virtual network device, The Dummy network interface

Bridge Interfaces

Bridges in Linux are software implemntations of a layer 2 switch. they switch raw ethernet packets based on the address in the MAC address field between interfaces. Unlike a hub it does not broadcast each packet to all interfaces but instead 'learns' which device is at the other end and only transmits the packet out the interface that the device the packet is addressed to is connected to.

Usage

  • Connecting 2 or more networks attached to different interfaces without having to bother with routing (physical to physical)
  • Connect the interfaces from multiple VMs together to create a virtual network so the guests on the host can communicate with each other privately (virtual to virtual)
  • Connect Virtual machines to the real network and reuse existing routers and DHCP servers on the network for address assignment and passing network traffic (virtual to physical)

Setup

Make a bridge using only the ip command (no brctl)

$ /sbin/ip li add br0 type bridge

To connect an interface to the bridge ensure it is in the 'down' state and has no IP addresses attached to it.

$ /sbin/ip li set dev eth0 master br0

You should now be able to bring up the bridge device and assign an IP address to it

Notes

  • Avoid creating a loop in your switching fabric by tying together two or more switches in a ring (both virtual Linux switches and real physical ones). This can cause all sorts of issues and normaly manifests as excessive network traffic. As the linux switch is in software you will notice excessive CPU usage by a kernel thread that can not be killed with traditinal tools (eg kill command)
  • If you want to use multiple links for redundency consider ethernet 'Teaming'/'Bonding' (link aggregation) or using LACP with switches that support it. they will allow you to bundle together multiple physical links into one virtual one that can support higher bandwidth than a single link and automatically 'fail' any link that gets disconnected, only using the working/connected interfaces
  • If you still want to conenct 2 switches tgether with 2 or more ethernet connections that are not bonded then ensure you enable STP on both switches. on linux this can be done with the /sbin/bridge command (avalible in newer versions of iproute2) of by using the older brctl command (bridge set <iface> on). this will prevent looping by automatically enabling and disabling links that form a loop. keep in mind that you will not get the bandwith increases of using multiple links like in the LACP example above (as all extra links are disabled) however you will get the redundency (when the 'enabled' link is pulled/removed, STP will automatically enabled one of the backup links)

Links

Dummy Interfaces

Dummy interfaces are not used that often except on devices that are both routers and hosting services. a classic example of this is a router with a web interface. if the web-service binds itself to the IP address of the Ethernet interface but not the WiFi interface and the Ethernet gets unplugged. Then the web interface becomes uncontactable due to the Ethernet link being in the 'DOWN' state

Dummy networks solve this by creating virtual 'stub' to which you can assign IP addresses that are not bound to a physical interface and can therefore always be in the 'UP' state

Usage

  • Set up a virtual network/IP that is not bound to an interface.
  • Intercept traffic for specific ranges/IPs instead of just black-holing the traffic

Setup

To create a dummy interface called dummy0 use the following command:

$ /sbin/ip li add dummy0 type dummy

Notes

  • There may be a limit on the ammount of dummy interfaces your system can create on older kernels. this is set by the 'numdummies' paramater to the dummy module and can be set on the kernel cmdline via grub, via a file in /etc/modprobe.d (new) or via /etc/modprobe.conf (old). you will need to add the following code to one of the configs: options dummy numdummies=4
  • Not many people know about them and wont miss them until they are multihomed in some way.