Table of Contents
General description
It is strongly recommended to use only physical network adapters for CHARON-VAX networking to gain maximum performances. In situations where the host has only one network adapter, you can use Linux virtual network Interfaces ("TUN/TAP") and map individual CHARON-VAX instances to their own virtual interfaces.
There are 2 ways to create the Linux virtual network Interfaces ("TUN/TAP"):
- Using the "ncu" utility
- Manually
Using "ncu" utility to establish CHARON virtual network
Login a root and start the "ncu" utility:
CHARON Network Configuration Utility, STROMASYS (c) 2016 Version 1.6
|
Enter "3" to create a bridge between the host physical network adapter and the Linux virtual network Interfaces (TAP) and specify the physical network interface ("eth1" in our example) and the number of the virtual network Interfaces to be created (2 in our example):
select action:
|
Now enter "7" to see the created virtual interfaces:
Interfaces Dedicated to State
|
In the example above we see 2 virtual network Interfaces, "tap0" and "tap1", connected to the created bridge. The physical network interface "eth1" is used for the bridge to the virtual network interfaces.
The interfaces "tap0" and "tap1" are ready to be used in CHARON configurations, they do not need to be additionally dedicated to CHARON.
Enter "8" to quit the "ncu" utility.
Manual configuration of CHARON virtual network
Host preparation
- Login as "root" user.
Configure the physical network interface to run in promiscuous mode using the following command. This interface will be dedicated to the whole network bridge (created later).
# ifconfig eth<N> 0.0.0.0 promisc up
The promiscuous mode allows the physical (or virtual) network interface to accept the entire volume of incoming packets. This mode is essential for consistency of the information transfer.
In case the firewall is enabled on the host system, the following command should be executed to allow the bridge to forward IP packets:
Red Hat Enterprise Linux 6.x:
# /sbin/iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
This command can also be performed from the bridge configuration script. It has to be executed each time the iptables service is (re)started.
It is also possible to make this setting system-wide. Either:
Issue the given command from the firewall control panel.
Add the following line to the end of the "
/etc/sysconfig/iptables
"
file:-I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
Red Hat Enterprise Linux 8.x, 7.x and CentOS 8.x, 7.x (the '>' sign below is the continuation line character):
# firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 1 -m physdev --physdev-is-bridged \
>
-j ACCEPT
# firewall-cmd --permanent --direct --add-rule ipv6 filter INPUT 1 -m physdev --physdev-is-bridged \
>
-j ACCEPT
# firewall-cmd --reload
Virtual interface creation
The creation of the desired number of virtual network interfaces (TAPs) can be performed in the following way:
|
where “tap<N>” is a name of an instance of the virtual network interface, i.e. “tap0”, “tap1” etc.
Once each virtual network interface instance is created it must be set to promiscuous mode:
|
Bridge creation
To interconnect the physical and virtual network interfaces created in the previous step, the network bridge must be introduced in the following way:
|
where “br0” stands for a name of the created bridge.
Now it is possible to add the network interfaces to the created bridge:
|
Example:
|
The proposed configuration assumes one and only one network bridge so loops are not possible. It is required to turn off the spanning tree protocol with the following command:
|
Starting bridge
To start the created bridge “br0”, use the following command:
|
Usage of the virtual interface in CHARON-VAX configuration
Once the “tap<N>” interfaces have been created, the load command maps those interfaces to CHARON-VAX:
|