Re: Ebtables usage

[Pascal Hambourg <pascal.mail@plouf.fr.eu.org>]

Hello,

Jacky Lam a écrit :
> Yes, my config is like this:
> 
>     Computer A (10.1.4.1) <-----> (eth0: 10.1.4.5) Linux Switch (eth1:
> 11.1.4.5) <-------> Computer B (11.1.4.3)
> 
> I each ip_forwarding and config the route table of Computer A,B. I get
> 500Mb/s from iperf while Linux Switch is 100% loaded.
> As I know this switching is done in IP level,

Your box is set up as a router, not a switch/bridge. Routing is done at
the IP level, and switching/bridging is done at the ethernet level.

> I want to do the job in
> data link layer to get higher throughput/lower CPU usage.

Not sure you'll get higher throughput though. Bridging adds its own
overhead.

> Then I tried the following configuration:
> 
>     Computer A (10.1.4.1) <-----> (eth0) Linux Switch (eth1) <------->
> Computer B (10.1.4.3)
> 
> I tried to setup a bridge like this as some document said:
> 
> iptables -t nat -A POSTROUTING -s 10.1.4.0/24 -d 10.1.4.0/24 -j ACCEPT
> iptables -t nat -A POSTROUTING -s 10.1.4.0/24 -j MASQUERADE

What do you need these rules for ? They are not needed for pure bridging.

> brctl addbr br0
> brctl stp br0 off
> brctl addif br0 eth0
> brctl addif br0 eth1
> 
> ifconfig eth0 0 0.0.0.0
> ifconfig eth1 0 0.0.0.0

Ok.

> ifconfig br0 10.1.4.5 netmask 255.255.255.0 up
> 
> echo '1' > /proc/sys/net/ipv4/ip_forward

This is IP-related and not required for pure bridging.

> But the throughput is only 200Mb/s and my Linux Switch is 100% loaded.
> What's wrong with that?

It may be the overhead caused by bridge-nf, netfilter, IPv4 conntrack
and iptables.
Try with /proc/sys/net/bridge/bridge-nf-call-iptables set to 0.

You did not explain what you want to do exactly with this box.