Versions Compared

Old Version 1

changes.mady.by.user Copy Page Tree

Saved on

compared with

New Version 2

changes.mady.by.user Kirill Nikolaev

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated for 4.8

Anchor
TopVNPage
TopVNPage

...

Login as root. Start "ncu" utility:

# ncu

CHARON Network Configuration Utility, STROMASYS (c)
2015
2016 Version 1.
6 
 
Interfaces Dedicated to State 
---------- ------------ -----
-------
eth0       host         connected to host
eth1       host         connected to host
lo         host         unmanaged from host
 
eth0 host connected to host 
eth1 host disconnected from host 
lo host unmanaged from host 
=================================================================
=
 
bridge name 
bridge id
 STP enabled interfaces 
========================== VLAN ================================= 
=================================================================
interfaces select 
select action: 
1 - Dedicate to CHARON 
2 - Release to host 
3 - Create Bridge with TAPs 
4 -
Destroy 
 Remove Bridge 
5 - Add VLAN 
6 - Remove VLAN 
7 - Print status
6 
8 - Exit

:> 3

Div
classpagebreak

 


Enter "3" to create a bridge between the host physical network adapter and the Linux virtual network interfaces (TAP) and specify the physical network interface ("eth1" in our example) and the number of virtual network interfaces to be created (2 in our example):

Specify the interface to be used for BRIDGE:eth1
How many tap should be created:2
Forming the bridge: ..1..2..3..4..5.. addif tap0 .. addif tap1 ..7..8 done!
Formed bridge br0_eth1 attached over eth1...

 select action: 
1 - Dedicate to CHARON 
2 - Release to host 
3 - Create Bridge with TAPs 
4 - Remove Bridge 
5 - Add VLAN 
6 - Remove VLAN 
7 - Print status
6 
8 - Exit

:>

5

7

Now enter "57" to see the created virtual interfaces:

Interfaces 
Dedicated to 
State
State

----------
 ------------
 
-----
-------
 
eth0
      host         
host connected to host
eth1      
eth1 bridge disconnected
bridge       connected to bridge
lo         host         
from bridge 
lo host unmanaged from host
tap0      
tap0 CHARON
bridge      
connected to
bridge
host
tap1      
tap1 bridge
bridge       
connected to bridge 
=================================================================
=
 
bridge name    
bridge id           STP enabled   interfaces 
br0_eth1
interfaces
br0_eth1      
  8000.
525400698995a  no    
22314588acac   no            eth1 
                                                 tap0 
                                                 tap1 
========================== VLAN ================================= 
=================================================================
tap1 

 select action: 
1 - Dedicate to CHARON 
2 - Release to host 
3 - Create Bridge with TAPs 
4 - Remove Bridge 
5 - Add VLAN 
6 - Remove VLAN 
7 - Print status
6 
8 - Exit

:>

E

8

In the example above we see 2 virtual network interfaces "tap0" and "tap1" connected to the created bridge. The physical network interface "eth1" is used for the bridge to the virtual network interfaces.

The interfaces "tap0" and "tap1" are ready to be used in CHARON configurations - they do not need to be additionally dedicated to CHARON.

Enter "68" to quit "ncu" utility.

Back to Table of Contents 

...

  1. Login as "root" user.

  2. Configure the physical network interface to run in promiscuous mode using the following command. This interface will be dedicated to the whole network bridge (created later).

    # ifconfig eth<N> 0.0.0.0 promisc up

    Promiscuous mode allows the physical (or virtual) network interface to accept the entire volume of incoming packets. This mode is essential for consistency of the information transfer.

  3. In case the firewall is enabled on the host system, the following command should be executed to allow the bridge to forward IP packets:

    # /sbin/iptable -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT

    This command can also be performed from the bridge configuration script. It has to be executed each time the iptables service is (re)started.

    It is also possible to make this setting system-wide. Either:

    1. Issue the given command from the firewall control panel.

    2. Add the following line to the end of the "/etc/sysconfig/iptables" file:

      -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT

Back to Table of Contents 

...

Creation of the desired number of virtual network interfaces (TAPs) can be performed in the following way:

# tunctl [-t tap<N>]

where “tap<N>” is a name of an instance of the virtual network interface, i.e. “tap0”, “tap1” etc.

Once each virtual network interface instance is created it must be set to promiscuous mode:

# /sbin/ifconfig tap<N> promisc up

 Back to Table of Contents

...

To interconnect the physical and virtual network interfaces created in the previous step, the network bridge must be introduced in the following way:

# /usr/sbin/brctl addbr br0

where “br0” stands for a name of the created bridge.

Now it is possible to add the network interfaces to the created bridge:

# /usr/sbin/brctl addif br0 eth<N>
# /usr/sbin/brctl addif br0 tap0

# /usr/sbin/brctl addif br0 tap<N>


 

 
Div
classpagebreak


Example:

# /usr/sbin/brctl addif br0 eth1

# /usr/sbin/brctl addif br0 tap0


The proposed configuration assumes one and only one network bridge, so loops are not possible. It is required to turn off the spanning tree protocol with the following command:

# /usr/sbin/brctl stp br0 off

 

Back to Table of Contents

Starting bridge

To start the created bridge “br0” use the following command:

# /sbin/ifconfig br0 up

Back to Table of Contents 

Usage of the virtual interface in CHARON-AXP configuration

Once the “tap<N>” interfaces have been created, the load command maps those interfaces to CHARON-AXP:

...
load tap_port/chnetwrk XQA0 interface="tap<N>"
... 

Back to Table of Contents