Contents
General Information
The configuration of an Ethernet interface for the emulated is described in the basic guest configuration examples above and the Configuration File Reference.
The emulated Ethernet interfaces of Charon-PAR can be linked either to a
- physical host interface, or
- to a TAP interface on the host.
Notes for TAP interfaces:
- A TAP interface can either be created by the user or will be created automatically by the emulator if it does not already exist.
- For automatically created TAP interfaces, the user can specify a name or let the emulator select a name.
- A TAP interface is not automatically added to a bridge, this must be configured via the initialize_command.
- An automatically created TAP interface is deleted automatically upon emulator stop.
By default, emulated models have one Ethernet device. Depending on the model, more Ethernet devices can be added.
The emulated network devices
DE 500 PCI based cards (for 64-bit systems), and
LASI-82596 cards (for the 32-bit system)
do not support Jumbo frames. For physical interfaces, this feature must be disabled in the emulator configuration (together with any other offloading parameters).
Basic Configuration Components
Ethernet Interface Names
Names on 64-bit systems:
The name of the Ethernet interface in the emulator configuration file has the format EWxn with the following definitions:
- x is an upercase letter starting with A for the first interface and then continues with B, C, etc. for additional interfaces. The possible number of network cards depends on the features of the original physical system. The absolute maximum number is 16.
- n is the device number of the card starting with 0 for each value of x.
Names on 32-bit systems:
The currently supported 32-bit system supports only one Ethernet card named system.lan0.card.
Minimal Configuration Parameters
The configuration of each network interface must at least have two basic components as shown below:
64-bit system (example shows the first Ethernet card EWA0):
- Interface definition (
EWA0.iface
) - Interface initialization command: (EWA0.initialize_command)
32-bit system:
- Interface definition (system.lan0.card
.iface
) - Interface initialization command: (system.lan0.card.initialize_command)
The default configuration assumes that a physical network interface will be used.
Please refer to the Configuration File Reference and the configuration template of your model for more information.
Basic Configuration Example
Example of a basic network card configuration using a physical interface on a 64-bit emulated system:
EWA0.iface="enp0s20f0u3u4" EWA0.initialize_command="ethtool -K ${IFACE} rx off ; ethtool -K ${IFACE} tx off ; ethtool -K ${IFACE} sg off ; ethtool -K ${IFACE} gso off ; ethtool -K ${IFACE} gro off ; ethtool -K ${IFACE} txvlan off ; ethtool -K ${IFACE} rxvlan off"
The variable IFACE is set automatically by the emulator upon start.
Adding Additional Emulated Network Cards
Please note: Depending on your model, additional Ethernet controllers can be loaded. Please refer to the section I/O Slot Configuration in the Configuration File Reference chapter for details. The present section will show an example.
To add an additional Ethernet controller to your emulator configuration, you must perform the following steps:
- Identify a free PCI slot (model configuration template or Emulated Model Hardware Configuration Details).
- Add a load command to load an Ethernet module into the identified emulator slot (see the Configuration File Reference chapter for details).
- Add the network card configuration to your configuration file.
- Start the emulator and configure the interface in the guest system.
Step 1: identify a free PCI slot for your emulated model. The available slots depend on your model and the existing configuration.
Example: model "rp7400-1-650" has a PCI I/O expansion slot 4 (device path 0/8/0)
Step 2: add the load command for the Ethernet module to the configuration file.
Sample configuration command for slot 4: load ETH tulip PCI 4
Step 3: add the network card configuration to your configuration file selecting the correct host interface name (example: eth2). Note that the name of the second emulated interface is EWB0.
Example (the initialization command should be in one continuous line):
EWB0.iface="
eth2
"
EWB0.initialize_command="ethtool -K $IFACE rx off;
ethtool -K $IFACE
tx off; ethtool -K $IFACE
sg off; ethtool -K $IFACE
gso off;
ethtool -K $IFACE
gro off; ethtool -K $IFACE
txvlan off; ethtool -K $IFACE
rxvlan off"
Step 4: Start the emulator, boot the guest system and configure the second interface.
- On PA3, use the
ISL > ODE > RUN MAPPER2
command (access from console via: Interaction with IPL) to verify the existence of the new interface and the correct device path. - The above command also works on PA9, but on HP-UX you can use the
lanscan
command to verify the existence of the new interface (on HP-UX it is normally lan1). - Configure the interface.
- The easiest way on HP-UX is to use SAM > Network and Communication > Network Interface Cards (Actions > Configure).
- On MPE/iX, the interface must be added via NMMGR (for interactive use, xhpterm can be used to access this tool), and the interface must be started using the NETCONTROL command. Please refer to the documenation of your operating system for further information.
The following image shows a sample of a HPUX system with two Ethernet interfaces:
Supplemental Information: Virtual Bridge and TAP Interfaces
Basic Bridge Configuration
The following table shows a simple example of how to create a virtual bridge on Linux and how to add TAP interfaces to it using ip commands:
Step | Command |
---|---|
| |
ip link set my_tap0 up | |
ip link add name my_bridge type bridge | |
ip link set my_bridge up | |
ip link set <physical-int> master my_bridge | |
ip addr delete <ip-address>/<netmask> dev <physical-int> | |
ip addr add <ip-address>/<netmask> dev my_bridge | |
ip link set my_tap0 master my_bridge |
Linux Firewalls and Virtual Bridges
If firewall rules are to be used for bridged traffic, the kernel can be instructed to apply iptables (also arptables and ip6tables) rules to bridged traffic. In older versions, this option was included in the bridge functionality itself. Starting with kernel 3.18, the filtering functionality in the form of the br_netfilter module was moved into a separate module that can be loaded by the user if required. If the module is not loaded, no firewall rules are applied to bridge traffic and no further actions are required to pass the bridged traffic through the Linux host system.
To use the firewall for bridged traffic on newer Linux kernels, the module must be loaded using the command
# modprobe br_netfilter
or by defining an iptables rule that uses the physdev module.
After the module has been loaded, the system configuration parameters
net.bridge.bridge-nf-call-iptables
bridge-nf-call-arptables
bridge-nf-call-ip6tables
become available.
They are set to 1 by default (equivalent to echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables
). This value enables iptables rules for bridged traffic.
Setting the parameters to 0 will disable the firewall rules. They can be set permanently via /etc/sysctl.conf.
To allow bridged traffic through the enabled firewall, use commands like the following:
# firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 1 \
-m physdev --physdev-is-bridged -j ACCEPT
# firewall-cmd --permanent --direct --add-rule ipv6 filter INPUT 1 \
-m physdev --physdev-is-bridged -j ACCEPT
# firewall-cmd --reload
Please refer to the documentation of your host system for more detailed information.
Please note: at the time of writing, this feature is not yet available for nftables.