How make virtual interfaces ( subinterfaces ) on linux machine

How make virtual interfaces ( subinterfaces ) on linux machine

[Elvir Kuric]

Hi all, 

I want to know is there some manual or even better
book how to make virtual interfaces  ( subinterfaces )
on linux machine and attach VLANs which are
implemented on switch to these virtaul interfaces.

I just need suggestions for some good reading.

Thank you in advance and regards


 
____________________________________________________________________________________
Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com

Re: How make virtual interfaces ( subinterfaces ) on linux machine

[Taylor, Grant]

Elvir Kuric wrote:
> I want to know is there some manual or even better
> book how to make virtual interfaces  ( subinterfaces )
> on linux machine and attach VLANs which are
> implemented on switch to these virtaul interfaces.

I'm not quite sure exactly what you mean by virtual interfaces.

Presently, you can easily create virtual / logical interfaces for any given 
VLAN for a physical interface.  Do some reading on vconfig if you want / 
need more information.  Or, reply and I'll be happy to help.

You could do something as crazy as this, which I have successfully done before.

ifconfig eth0 0.0.0.0 up
ifconfig eth1 0.0.0.0 up

ifenslave bond0 eth0 eth1

vconfig add bond0 1
vconfig add bond0 2

ifconfig bond0.1 1.0.0.1 netmask 255.0.0.0 up
ifconfig bond0.1:1 1.255.255.254 netmask 255.0.0.0 up

ifconfig bond0.2 2.0.0.1 netmask 255.0.0.0 up
ifconfig bond0.2 2.0.0.1 netmask 255.0.0.0 up

brctl addbr bri0
brctl addif bri0 bond0.1
brctl addif bri0 bond0.2

ifconfig bri0 3.0.0.1 netmask 255.0.0.0 up
ifconfig bri0:1 3.255.255.254 netmask 255.0.0.0 up


Then use IPTables / EBTables / ARPTables to your heart's content. If you 
enable layer 3 matching on layer 2 for ebtables, you can use IPTables to 
filter bridged traffic.

In the above scenario, you end up with the following interfaces:

eth0
eth1
bond0
bond0.1
bond0.1:1
bond0.2
bond0.2:1
bri0
bri0:1

I hope that helps.  If you have any other questions, fire away.  Sorry, I'm 
not sure of any concise manual, per say, but there are a few man pages for 
each command that you can use in conjunction with other commands.  :)



Grant. . . .

P.S.  Router-On-A-(Bonded and / or VLAN)-Stick is fun and can be very 
useful.  :}  When you start combining a layer 2 managed switch with a Linux 
box things get VERY interesting.  Can you say load sharing across 8 cable 
modems on a router with 2 NICs...

Re: How make virtual interfaces ( subinterfaces ) on linux machine

[Pollywog]

On Tuesday 05 December 2006 20:13, Taylor, Grant wrote:
> Elvir Kuric wrote:
> > I want to know is there some manual or even better
> > book how to make virtual interfaces  ( subinterfaces )
> > on linux machine and attach VLANs which are
> > implemented on switch to these virtaul interfaces.
>
> I'm not quite sure exactly what you mean by virtual interfaces.

Is "IP aliasing" what the OP was describing?  There are HOWTO's for that if 
that is what it is.  Perhaps I misunderstood.

Re: How make virtual interfaces ( subinterfaces ) on linux machine

[Elvir Kuric]

Thank you very much Taylor.

I will try this, but I need to read more about this
topic, so that is reason why I asked for materail to
read, you wrote solution, and that is great, but if I
want relly understand this I need to read much more?

Anyway thank you very much for this.


Best wishes 

Elvir Kuric 
--- "Taylor, Grant" <gtaylor@riverviewtech.net> wrote:

> Elvir Kuric wrote:
> > I want to know is there some manual or even better
> > book how to make virtual interfaces  (
> subinterfaces )
> > on linux machine and attach VLANs which are
> > implemented on switch to these virtaul interfaces.
> 
> I'm not quite sure exactly what you mean by virtual
> interfaces.
> 
> Presently, you can easily create virtual / logical
> interfaces for any given 
> VLAN for a physical interface.  Do some reading on
> vconfig if you want / 
> need more information.  Or, reply and I'll be happy
> to help.
> 
> You could do something as crazy as this, which I
> have successfully done before.
> 
> ifconfig eth0 0.0.0.0 up
> ifconfig eth1 0.0.0.0 up
> 
> ifenslave bond0 eth0 eth1
> 
> vconfig add bond0 1
> vconfig add bond0 2
> 
> ifconfig bond0.1 1.0.0.1 netmask 255.0.0.0 up
> ifconfig bond0.1:1 1.255.255.254 netmask 255.0.0.0
> up
> 
> ifconfig bond0.2 2.0.0.1 netmask 255.0.0.0 up
> ifconfig bond0.2 2.0.0.1 netmask 255.0.0.0 up
> 
> brctl addbr bri0
> brctl addif bri0 bond0.1
> brctl addif bri0 bond0.2
> 
> ifconfig bri0 3.0.0.1 netmask 255.0.0.0 up
> ifconfig bri0:1 3.255.255.254 netmask 255.0.0.0 up
> 
> 
> Then use IPTables / EBTables / ARPTables to your
> heart's content. If you 
> enable layer 3 matching on layer 2 for ebtables, you
> can use IPTables to 
> filter bridged traffic.
> 
> In the above scenario, you end up with the following
> interfaces:
> 
> eth0
> eth1
> bond0
> bond0.1
> bond0.1:1
> bond0.2
> bond0.2:1
> bri0
> bri0:1
> 
> I hope that helps.  If you have any other questions,
> fire away.  Sorry, I'm 
> not sure of any concise manual, per say, but there
> are a few man pages for 
> each command that you can use in conjunction with
> other commands.  :)
> 
> 
> 
> Grant. . . .
> 
> P.S.  Router-On-A-(Bonded and / or VLAN)-Stick is
> fun and can be very 
> useful.  :}  When you start combining a layer 2
> managed switch with a Linux 
> box things get VERY interesting.  Can you say load
> sharing across 8 cable 
> modems on a router with 2 NICs...
> 
> 



 
____________________________________________________________________________________
Do you Yahoo!?
Everyone is raving about the all-new Yahoo! Mail beta.
http://new.mail.yahoo.com

Re: How make virtual interfaces ( subinterfaces ) on linux machine

[Grant Taylor]

On 12/06/06 00:34, Elvir Kuric wrote:
> Thank you very much Taylor.

You are welcome.

> I will try this, but I need to read more about this
> topic, so that is reason why I asked for materail to
> read, you wrote solution, and that is great, but if I
> want relly understand this I need to read much more?

I'm sorry, I was trying to say that I don't have or know of a good 
concise location to read about this information.  Try reading some 
tutorials on bridging, vlan / trunking, and bonding.  I think you will 
pick up a lot of what you are wanting there.  If there is a location to 
start reading, it will be a networking tutorial that introduces concepts 
that you can then find out how to implement them on Linux.

> Anyway thank you very much for this.

You are welcome.



Grant. . . .

Re: How make virtual interfaces ( subinterfaces ) on linux machine

[Clemens]

[-- Attachment #1: Type: text/plain, Size: 1001 bytes --]

> 
> Then use IPTables / EBTables / ARPTables to your heart's content. If you
> enable layer 3 matching on layer 2 for ebtables, you can use IPTables to
> filter bridged traffic.

this is very interesting, because i was trying to set up a firewall
on a vmware server (vmware creates a bridge, which is not a linux
bridge (so brctl and ebtables do not work on this) , and connects
all virtual machines to this bridge in order to give access to the
network).

i did the exact thing as you described, created a dummy interface,
bridged my eth0 via a linuxbridge to the dummy interface, and then
connected the vmware bridge to my dummy interface. that way, i am
able to firewall the vmware traffic using ebtables.

but now my question: what are you using the is there any advantage
in using iptables to filter bridged traffic as you noted in my quote
above? i use ebtables to do all the filtering in the linuxbridge,
and it works pretty well..

thanks for your reply,

clemens



[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 250 bytes --]

Re: How make virtual interfaces ( subinterfaces ) on linux machine

[Grant Taylor]

On 12/06/06 01:57, Clemens wrote:
> but now my question: what are you using the is there any advantage
> in using iptables to filter bridged traffic as you noted in my quote
> above? i use ebtables to do all the filtering in the linuxbridge,
> and it works pretty well..

EBTables is a very good basic layer 2 filtering mechanism.  However, I
don't think you can do statefull matching with EBTables like you can
with IPTables.  By using IPTables to filter traffic for bridges, you can
take advantage of all of the advanced match extensions that you can not
do with EBTables.



Grant. . . .

Re: How make virtual interfaces ( subinterfaces ) on linux machine

[Clemens]

[-- Attachment #1: Type: text/plain, Size: 402 bytes --]

sorry, i did not go through my email after writing, just neglect the
"what are you using the" part :)

> but now my question: what are you using the is there any advantage
> in using iptables to filter bridged traffic as you noted in my quote
> above? i use ebtables to do all the filtering in the linuxbridge,
> and it works pretty well..
> 
> thanks for your reply,
> 
> clemens
> 
> 


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 250 bytes --]

Re: How make virtual interfaces ( subinterfaces ) on linux machine

[Petr Pisar]

On 2006-12-06, Elvir Kuric <omasnjak@yahoo.com> wrote:
> I will try this, but I need to read more about this
> topic, so that is reason why I asked for materail to
> read, you wrote solution, and that is great, but if I
> want relly understand this I need to read much more?

Iptables Tutorial [http://iptables-tutorial.frozentux.net/]
Linux Advanced Routing & Traffic Control [http://www.lartc.org/]

I know, it's only a summary but nice to read.

One hint: study iproute2. It's replacement for ifconfig/route commands
and provides a lot of more features than the old ones.

-- Petr

Re: How make virtual interfaces ( subinterfaces ) on linux machine

[Elvir Kuric]

Thank you, 

when I post this thread I thought it will not be
interesting for some disscusion but it is.
I think this thread about VLANs on linux is very
interesting and it will be very useful for memeber of
netfilter mailing list to talk more about it.


Regards and best wishes to all of you 

Elvir
--- Petr Pisar <xpisar@fi.muni.cz> wrote:

> On 2006-12-06, Elvir Kuric <omasnjak@yahoo.com>
> wrote:
> > I will try this, but I need to read more about
> this
> > topic, so that is reason why I asked for materail
> to
> > read, you wrote solution, and that is great, but
> if I
> > want relly understand this I need to read much
> more?
> 
> Iptables Tutorial
> [http://iptables-tutorial.frozentux.net/]
> Linux Advanced Routing & Traffic Control
> [http://www.lartc.org/]
> 
> I know, it's only a summary but nice to read.
> 
> One hint: study iproute2. It's replacement for
> ifconfig/route commands
> and provides a lot of more features than the old
> ones.
> 
> -- Petr
> 
> 
> 



 
____________________________________________________________________________________
Need a quick answer? Get one in minutes from people who know.
Ask your question on www.Answers.yahoo.com

Re: How make virtual interfaces ( subinterfaces ) on linux machine

[Alexandru Dragoi]

Elvir Kuric wrote:
> Hi all, 
>
> I want to know is there some manual or even better
> book how to make virtual interfaces  ( subinterfaces )
> on linux machine and attach VLANs which are
> implemented on switch to these virtaul interfaces.
>
> I just need suggestions for some good reading.
>
> Thank you in advance and regards
>
>
>  
> ____________________________________________________________________________________
> Do you Yahoo!?
> Everyone is raving about the all-new Yahoo! Mail beta.
> http://new.mail.yahoo.com
>
>   
You ned to make sure you have 8021q module loaded

# modprobe 8021q

Then use vconfig to attach 802.1q tags to ethernet frames

# vconfig add ethx 20

(x is a index of ethernet interface card)

This will create the interface ethx.20 (the naming can be change with 
set_name_type option of vconfig, check the manual) wich is similar to a 
cisco subinterface with encapsulation dot1q 20. You can add ip with 
ifconfig, or do everything else you you with a network interface in linux.