[Bridge] What are actually ethernet devices (and what does a bridge do?).

[Bridge] What are actually ethernet devices (and what does a bridge do?).

[Stef Bon]

Hello,

I'm trying to set up bridged interfaces for my LinuxFromScratch
machine, to make it possible to run virtual machines
which should have direct access to the network.

The way to do is to use a bridge, which allows to attach more than one
(virtual) device to a (physical) device.

Now when reading on the internet all about sollutions to to that,
there are a lot, and I am losing the oversight:
do not see the wood through the trees like we use to say in Holland.

Now what strikes me first is that in a lot of cases a bridge is
getting an ip address, which is (I think) not right.
An bridge connects connects devices, and these devices should get the
ip address, not the bridge self!

Looking futher at what an ethernet device is (in Linux), is that it
actually two things at the same time. When
making the Linux host set up the network ethernet devices, it does two
things: bring up the hardware link with

ip link set eth0 up

(when the ethernet device is eth0)

This command is doing something in what is defined in the OSI model as
physical layer.

When success, the device is assigned an ip address, in my case an ipv4 address:

ip addr add 192.168.0.13/255.255.255.0 dev eth0

This has only meaning in another layer, I'm not sure which, probably
the Network Layer.
On my system this operation is called service ipv4-static.

Its working on the eth0 interface which happens to have the same name
as the hardware link.

I'm only thinking out loud, please correct me if I'm on the wrong track.

So it's good to know this command is doing something in that layer.

So what does a bridge do when chaining a virtual device to an physical device?
It creates an interface in the network layer, and linking it to an
existing physical device.

Now every service, like the assigning of an ipv4 address, is possible
on the virtual device.

So again, I do not understand why the bridge self is getting an ip
address. It's a network device
to connect other devices to, replacing the original phyical device.

It does exist in the network layer, and not in the hardware layer.

Does my analysis make sense?

Stef

Re: [Bridge] What are actually ethernet devices (and what does a bridge do?).

[richardvoigt]

The host processor which does the bridging, can also act as a node
sending and receiving traffic to the bridged network.  What you see as
the "IP address of the bridge" is actually the configuration of the
interface representing this connection to the host processor.

Packets generated on the bridge host use this IP address as the source
address, packets sent to this IP address are processed locally on the
bridge host and not forwarded.

On Wed, Jun 30, 2010 at 4:37 AM, Stef Bon <stefbon@gmail.com> wrote:
> Hello,
>
> I'm trying to set up bridged interfaces for my LinuxFromScratch
> machine, to make it possible to run virtual machines
> which should have direct access to the network.
>
> The way to do is to use a bridge, which allows to attach more than one
> (virtual) device to a (physical) device.
>
> Now when reading on the internet all about sollutions to to that,
> there are a lot, and I am losing the oversight:
> do not see the wood through the trees like we use to say in Holland.
>
> Now what strikes me first is that in a lot of cases a bridge is
> getting an ip address, which is (I think) not right.
> An bridge connects connects devices, and these devices should get the
> ip address, not the bridge self!
>
> Looking futher at what an ethernet device is (in Linux), is that it
> actually two things at the same time. When
> making the Linux host set up the network ethernet devices, it does two
> things: bring up the hardware link with
>
> ip link set eth0 up
>
> (when the ethernet device is eth0)
>
> This command is doing something in what is defined in the OSI model as
> physical layer.
>
> When success, the device is assigned an ip address, in my case an ipv4 address:
>
> ip addr add 192.168.0.13/255.255.255.0 dev eth0
>
> This has only meaning in another layer, I'm not sure which, probably
> the Network Layer.
> On my system this operation is called service ipv4-static.
>
> Its working on the eth0 interface which happens to have the same name
> as the hardware link.
>
> I'm only thinking out loud, please correct me if I'm on the wrong track.
>
> So it's good to know this command is doing something in that layer.
>
> So what does a bridge do when chaining a virtual device to an physical device?
> It creates an interface in the network layer, and linking it to an
> existing physical device.
>
> Now every service, like the assigning of an ipv4 address, is possible
> on the virtual device.
>
> So again, I do not understand why the bridge self is getting an ip
> address. It's a network device
> to connect other devices to, replacing the original phyical device.
>
> It does exist in the network layer, and not in the hardware layer.
>
> Does my analysis make sense?
>
> Stef
> _______________________________________________
> Bridge mailing list
> Bridge@lists.linux-foundation.org
> https://lists.linux-foundation.org/mailman/listinfo/bridge
>

Re: [Bridge] What are actually ethernet devices (and what does a bridge do?).

[Jeff Mitchell]

On 06/30/2010 05:37 AM, Stef Bon wrote:
> Now what strikes me first is that in a lot of cases a bridge is
> getting an ip address, which is (I think) not right.
> An bridge connects connects devices, and these devices should get the
> ip address, not the bridge self!

It depends what you're trying to do.

Giving the bridge an IP address can allow you to do some things that 
might otherwise be difficult, by allowing you to do interesting things 
to the underlying interfaces and the bridge itself.

For instance, you could do this to receive packets destined for that IP 
address on any interface in the bridge.

Another use would be to ensure (by setting the ageing to zero) that any 
packet sent from your IP address goes out all of the interfaces. This is 
useful for mirroring/sniffing setups.

--Jeff

Re: [Bridge] What are actually ethernet devices (and what does a bridge do?).

[Stef Bon]

2010/6/30 richardvoigt@gmail.com <richardvoigt@gmail.com>:
> The host processor which does the bridging, can also act as a node
> sending and receiving traffic to the bridged network.  What you see as
> the "IP address of the bridge" is actually the configuration of the
> interface representing this connection to the host processor.
>
> Packets generated on the bridge host use this IP address as the source
> address, packets sent to this IP address are processed locally on the
> bridge host and not forwarded.

Ok, but then you're talking about a router for example, but I see a
lot of setups for machines hosting
other virtual machines, where the bridge gets also an ip address,
which does not make sense to me.

The function of a bridge is to share the physical device with more
ethernet devices (virtual because they are not connected to a real
device), and that's it.

Being a bridge between devices and an interface self at the same time
is confusing.

About creating virtual devices, does anyone know how to create them?
I've found veth, looks very promising,
but they seem to come in pairs.

Thanks,

Stef Bon

Re: [Bridge] What are actually ethernet devices (and what does a bridge do?).

[Jeff Mitchell]

On 06/30/2010 04:26 PM, Stef Bon wrote:
> 2010/6/30 richardvoigt@gmail.com<richardvoigt@gmail.com>:
>> The host processor which does the bridging, can also act as a node
>> sending and receiving traffic to the bridged network.  What you see as
>> the "IP address of the bridge" is actually the configuration of the
>> interface representing this connection to the host processor.
>>
>> Packets generated on the bridge host use this IP address as the source
>> address, packets sent to this IP address are processed locally on the
>> bridge host and not forwarded.
>
> Ok, but then you're talking about a router for example, but I see a
> lot of setups for machines hosting
> other virtual machines, where the bridge gets also an ip address,
> which does not make sense to me.
>
> The function of a bridge is to share the physical device with more
> ethernet devices (virtual because they are not connected to a real
> device), and that's it.
>
> Being a bridge between devices and an interface self at the same time
> is confusing.
>
> About creating virtual devices, does anyone know how to create them?
> I've found veth, looks very promising,
> but they seem to come in pairs.

Look at the documentation for your chosen virtual machine solution -- it 
should tell you how (or have built-in capabilities) to create the 
necessary networking devices.

--Jeff

Re: [Bridge] What are actually ethernet devices (and what does a bridge do?).

[Stef Bon]

2010/6/30 Stef Bon <stefbon@gmail.com>:

>
> About creating virtual devices, does anyone know how to create them?
> I've found veth, looks very promising,
> but they seem to come in pairs.

Ok already found a howto:

http://www.novell.com/communities/node/4094/xen-network-bridges-explained-with-troubleshooting-notes

Stef
>
> Thanks,
>
> Stef Bon
>

Re: [Bridge] What are actually ethernet devices (and what does a bridge do?).

[Sergei Zhirikov]

On 2010-06-30 22:26, Stef Bon wrote:
> 2010/6/30 richardvoigt@gmail.com<richardvoigt@gmail.com>:
>> The host processor which does the bridging, can also act as a node
>> sending and receiving traffic to the bridged network.  What you see as
>> the "IP address of the bridge" is actually the configuration of the
>> interface representing this connection to the host processor.
>>
>> Packets generated on the bridge host use this IP address as the source
>> address, packets sent to this IP address are processed locally on the
>> bridge host and not forwarded.
>
> Ok, but then you're talking about a router for example, but I see a
> lot of setups for machines hosting
> other virtual machines, where the bridge gets also an ip address,
> which does not make sense to me.
>
> The function of a bridge is to share the physical device with more
> ethernet devices (virtual because they are not connected to a real
> device), and that's it.

I think here is the source of your confusion. The function of the bridge is not sharing anything, but rather "joining" several devices (physical or virtual - does not matter) and representing them as a single network interface to the upper layers of the protocol stack. In other words, as soon as, say, eth0 joins a bridge it kind of stops being a network interface, but, of course, remains being a device (physical or virtual). All the devices of the bridge are connected together, not unlike a few wires soldered at a single point, as the result there is only one network interface (one "circuit"), represented by the bridge (called, for example, br0). And that is the only place where it makes sense to assign IP addresses. The rest is internal business of the bridge, where IP addresses have no meaning. (That is not taking into account some "advanced" things one can do with ebtables/iptables).

> Being a bridge between devices and an interface self at the same time
> is confusing.
>
> About creating virtual devices, does anyone know how to create them?
> I've found veth, looks very promising,
> but they seem to come in pairs.
>
> Thanks,
>
> Stef Bon
> _______________________________________________
> Bridge mailing list
> Bridge@lists.linux-foundation.org
> https://lists.linux-foundation.org/mailman/listinfo/bridge