...

It is strongly recommended to use only physical network adapters for CHARON-AXP networking to gain maximum performances. In situations where the host has only one network adapter, you can use Linux virtual network Interfaces ("TUN/TAP") and map individual CHARON-AXP instances to their own virtual interfaces.

There are 2 ways to create the Linux virtual network Interfaces ("TUN/TAP"):

• Using the "ncu" utility
• Manually

...

This can be done using the ncu utility.

It is also possible to perform the operations manually. Refer to your Operating System Network Administration guide for details.

Using "ncu" utility to establish CHARON virtual network

Login as root and start the "ncu" utility:

CHARON Network Configuration Utility,  Version 1.6. Copyright (C) 2014-2019 STROMASYS SA. 
 
Interfaces Dedicated to State 
---------- ------------ ----- 
eth0 host connected to host 
eth1 host disconnected from host 
lo host unmanaged from host 
================================================================= 
bridge name bridge id STP enabled interfaces 
========================== VLAN ================================= 
================================================================= 
 select action: 
1 - Dedicate to CHARON 
2 - Release to host 
3 - Create Bridge with TAPs 
4 - Remove Bridge 
5 - Add VLAN 
6 - Remove VLAN 
7 - Print status 
8 - Exit

...

Enter "8" to quit the "ncu" utility.

...

Manual configuration of CHARON virtual network

Host preparation

...

Configure the physical network interface to run in promiscuous mode using the following command. This interface will be dedicated to the whole network bridge (created later).

...

# ifconfig eth<N> 0.0.0.0 promisc up

...

In case the firewall is enabled on the host system, the following command should be executed to allow the bridge to forward IP packets.

Red Hat Enterprise Linux 6.x:

...

# /sbin/iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT

This command can also be performed from the bridge configuration script. It has to be executed each time the iptables service is (re)started.

It is also possible to make this setting system-wide. Either:

...

.

...

...

-I FORWARD -m physdev --physdev-is-bridged -j ACCEPT

Red Hat Enterprise Linux 7.x and CentOS 7.x (the '>' sign below is the continuation line character):

...

# firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 1 -m physdev --physdev-is-bridged \

> -j ACCEPT

# firewall-cmd --permanent --direct --add-rule ipv6 filter INPUT 1 -m physdev --physdev-is-bridged \

> -j ACCEPT

# firewall-cmd --reload

...

...

Bridge creation

To interconnect the physical and virtual network interfaces created in the previous step, the network bridge must be introduced in the following way:

...

# /usr/sbin/brctl addbr br0

where “br0” stands for a name of the created bridge.

Now it is possible to add the network interfaces to the created bridge:

...

# /usr/sbin/brctl addif br0 eth<N>
# /usr/sbin/brctl addif br0 tap0
…
# /usr/sbin/brctl addif br0 tap<N>

...

# /usr/sbin/brctl addif br0 eth1

# /usr/sbin/brctl addif br0 tap0

The proposed configuration assumes one and only one network bridge so loops are not possible. It is required to turn off the spanning tree protocol with the following command:

...

# /usr/sbin/brctl stp br0 off

...

Starting bridge

To start the created bridge “br0”, use the following command:

...

# /sbin/ifconfig br0 up

...