2

I am thinking if it's possible to create a bridge while allowing each bridged network to exist in it's own subnet.
Network 1 - Say, I have a physical ethernet based network eth01 - with subnet 192.168.x.x/16.
Network 2 - I want to create another virtual network veth01(based on virtual interface) with subnet 172.16.x.x/12.

Now is it possible to create a linux bridge (virtual not physical) between Network1 and Network2, such that even after bridging the above two networks have there on subnets and there own DHCP.

Any reference or steps/commands on how to create this setup (if possible) are highly welcomed.

samshers
  • 228
  • 1
  • 4
  • 4
    You do not bridge different networks. You bridge on the same network, but route between networks. That is the purpose of a router. – Ron Maupin Jun 27 '20 at 19:04
  • Ron, if someone says - **"a bridge can be used to segment networks"** are they right. – samshers Jun 27 '20 at 19:07
  • 2
    "a bridge can be used to segment networks" That is about VLANs. To get traffic from one VLAN to another VLAN, you need a router. VLANs will segment a bridge (a switch is a bridge) into multiple, logical bridges that do not talk to each other. – Ron Maupin Jun 27 '20 at 19:09
  • Ron, my understanding: Switches - "only route traffic towards their addressed destinations using mac(L2)". Bridges - "send the traffic to every device on the other side if the traffic is meant to go to the other side" **???**. Am I understanding bridges right? – samshers Jun 27 '20 at 19:21
  • 1
    Switches do not route, they bridge. The term "switch" started out as a marketing term for high-density bridges. Switches/bridges forward frames based on the layer-2 address on the same layer-3 network. Routers route packets between networks. – Ron Maupin Jun 27 '20 at 19:23
  • " Switches do not route" - Agree. What I am trying to point is - like hub (L1) does bridges(L2) repeat the message to every MAC or only to the destined address. – samshers Jun 27 '20 at 19:27
  • No. Hubs repeat the electrical signals our every other interface. Bridges will create a Mac address table and only send frames to the interface where the MAC address is connected. Switches do that too, because switches are bridges, albeit with more interfaces than the original bridges. – Ron Maupin Jun 27 '20 at 19:30
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/109931/discussion-between-samshers-and-ron-maupin). – samshers Jun 27 '20 at 19:38
  • @samshers you already asked about the difference between bridge and switch and were told they were the same: https://serverfault.com/questions/1022779/in-virtual-networking-how-does-a-virtual-switch-differ-from-a-linux-kernel-brid . Now you still consider there's a difference. Why did you ask then? – A.B Jun 27 '20 at 21:23
  • The discussion was leading there - if you are referring to chat discussion. :-(. So double checked. – samshers Jun 27 '20 at 21:28

1 Answers1

4

You are thinking wrong on several levels.

  1. A bridge is a layer 2 device. If you connect two networks by a bridge, you are creating a single layer 2 network comprising both of the connected networks - in your case, the physical Ethernet based network connected to interface eth01 and the virtual network connected to interface veth01. Any layer 3 network carried on one of these network will then also be carried on the other one.
  2. There is no one-to-one relation between layer 2 and layer 3 networks. So in your scenario, the bridged network comprising the physical Ethernet and the virtual network can carry both the subnet 192.168.x.x/16 originally carried by the physical Ethernet on eth01 and the subnet 172.16.x.x/12 originally carried by the virtual network on veth01, without the two interacting in any way. (Except possibly competing for bandwidth.)
  3. DHCP is not "owned" by a network. You can run several DHCP servers on one layer 2 network if you do it carefully, and you can also run a single DHCP server serving several layer 2 network.

From your question, it seems what you want to do is configure two DHCP servers so that one of them serves only clients on the physical network and the other one only clients on the virtual network. This is something that cannot be easily done if you install a bridge between the two, as the bridge effectively removes the distinction between the two. If you need that, you should either reconsider your decision to use a bridge, and go for routing instead, or you need to find a distinguishing attribute for your DHCP server to decide from which layer 3 network it should take the IP address to assign to a given client.

Tilman Schmidt
  • 3,778
  • 10
  • 23
  • Tilman, (1) addresses my Q. ". If you connect two networks by a bridge, you are creating a single layer 2 network comprising both of the connected networks" :-) – samshers Jun 28 '20 at 08:46