From: "Philipp Gühring" <pg@futureware.at>
To: bridge@osdl.org
Subject: [Bridge] Linux Dynamic Bridging Support
Date: Thu, 15 Oct 2009 16:54:31 +0200 [thread overview]
Message-ID: <4AD737A7.3090103@futureware.at> (raw)
Hi,
The scenario I have is that I have a computer with one network interface
eth0, that is receiving it's configuration through DHCP, and uses
complex firewalling rules for eth0.
Now I want to add a virtual machine on that computer
According to the usual recipies, I have to do the following:
ifconfig eth0 0.0.0.0
brctl addbr br0
brctl addif br0 eth0
dhclient br0
Afterwards I can add interfaces to the bridge:
brctl addif br0 tun0
This has several disadvantages:
* It causes a network outage for up to a few seconds (mostly due to the
unnecessary DHCP)
* It does not migrate the firewall rules to br0
* It breaks all firewall-rules that were written for eth0
* If I use eth0 in the office today, wlan0 at home, and ppp0 when I am
outside, then I would need lots of different scripts for all the
different bridging combinations.
Now the idea is to add migration support to Linux Bridging.
It could look like this:
brctl addbr br0
brctl takeif br0 eth0
take-interface would migrate the IP address, and routing entries from
the eth0 interface to the bridge, in a more-or-less atomic fashion, and
add eth0 as interface to the brige. It would also adapt iptables-rules
that were written for eth0 to be pointing to br0 now.
To release the bridge again, it could be done like this:
brctl releaseif br0 eth0
brctl delbr br0
Since all that is a bit complex, I still have an alternative proposal:
What if we bridge-enable all normal interfaces?
It could look like this:
brctl enablebr eth0
This would enable bridging mode for the eth0 interface. It automatically
is able to use the DHCP ip address it was given, the firewalling, ...
I can then easily add additional interfaces to the bridge-enabled
interface like this:
brctl addif eth0 tun0
And I don't need to worry about DHCP, firewalls, ... anymore.
So my question now is:
Which way should we go? Migrating interface configuration into bridges,
or bridge-enabling interfaces?
Best regards,
Philipp Gühring
next reply other threads:[~2009-10-15 14:54 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-10-15 14:54 Philipp Gühring [this message]
2009-10-15 19:36 ` [Bridge] Linux Dynamic Bridging Support Nicolas de Pesloüan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4AD737A7.3090103@futureware.at \
--to=pg@futureware.at \
--cc=bridge@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.