Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Contents

General Information

Currently, Charon-HPA requires a dedicated Ethernet interface. TAP interfaces (connected to a Linux virtual bridge are not supported).

The configuration of such an interface is described in the basic guest configuration example above and the Configuration File Reference.

This chapter shows a workaround by which Charon-HPA traffic can use a virtual bridge on Linux. This is not the recommended configuration, but may be useful in several situations, for example:

  • The host system only has one physical Ethernet port.
  • There is a requirement to filter traffic to/from the guest system using a firewall on the host.

(warning) Do not use this workaround in an VMware environment. Instead add additional vNICs to the virtual machine to provide dedicated interfaces to the guest system as needed.

Workaround Description

The workaround is implemented using a virtual bridge and a veth interface pair. The following image shows an overview of the components:


Configuration Steps

The following steps show how to set up a virtual bridge and how to attach a veth interface to it. Such commands would have to be made persistent by creating an appropriate startup script.

The commands to create the above construction are as follows (execute them as the root user):

  1. Create the veth0/veth1 interface pair:
    # ip link add veth0 type veth peer name veth1

  2. Activate the interface pair:
    # ip link set veth0 up
    # ip link set veth1 up

  3. Turn off offloading (normally done in the Charon-HPA configuration file):
    # ethtool -K veth1 rx off tx off sg off gso off gro off txvlan off rxvlan off
    # ethtool -K veth0 rx off tx off sg off gso off gro off txvlan off rxvlan off

  4. Create the virtual bridge and activate it if it does not yet exist:
    # ip link add name <bridge-name> type bridge
    # ip link set <bridge-name> up

  5. Add physical interface and veth interface to bridge:
    # ip link set <physical-int-name> up
    # ip link set <physical-int-name> master <bridge-name>
    # ip link set veth0 master <bridge-name>

  6. Then configure Charon-HPA to use veth1.


After this configuration, both the host and the guest system can use the physical interface for communication. If required, firewall rules for bridge traffic can be added.

Please refer to the documentation of your Linux host system for more information.

<Go to top>

  • No labels


© Stromasys, 1999-2024  - All the information is provided on the best effort basis, and might be changed anytime without notice. Information provided does not mean Stromasys commitment to any features described.