1

I'm in a major confusion here, regarding bridges. I thought that they were devices that allowed going from one network to a different one without routing (doing the work at layer 2 instead), but if that's so then I don't understand 2 things:

1) how VirtualBox uses a bridge to give a VM an IP from the same LAN as the host - where are the 2 networks (origin and destination)? We were only setting an IP...

2) how a NIC can act as a bridge to give a machine more than one IP. The sysadmin at work and I were working on connecting a vm and a host on a separate, isolated network (not on the common LAN), and when I asked how the host could have more than 1 IP if it only had 1 NIC he told me that he could think of 3 ways to do so: set the NIC in promiscuous mode (so the kernel does all the job), use sub-interfaces (so you end up with eth0:0, eth0:1 and beyond), and have the NIC act as a bridge. Same problem here, what we want is to set an IP on a machine, not link two networks together.

What's the deal here? What's the function of bridges?

P.S I think I'm a little confused about interfaces too. Are they a software representation of NICs? As in, they abstract NICs from the kernel so it thinks of them as a network card?

Zoredache
  • 128,755
  • 40
  • 271
  • 413
ptn777
  • 105
  • 1
  • 1
  • 4

1 Answers1

7

Most commonly the term bridge refers to a device that stores and forwards Ethernet frames. The physical ports on a bridge will be in promiscuous, this means that every received frame will be accepted and processed. Please read the wikipedia article about bridges for more detail. Ciscos article about Bridging basics may also be useful.

  • Bridges operate at layer 2 in the OSI model. They do not know anything about TCP/IP, the only know about the layer 2 protocol (e.g. Ethernet).
  • Bridges look at the physical addresses (aka MAC addresses) only. They do not really know anything about IP addresses.
  • Bridges learn which bridge port that hosts are connected to. When a bridge re-transmits a frame it only sends it out the port that is closest to the destination.
  • An Ethernet switch at the basic level is really just a multi-port bridge.

The bulk of your confusion seems to be around how a virtualization software acts as bridge for serving the virtual machines that are on a machine.

When a virtual machine is created a unique MAC address is created and assigned to each network interface that in that virtual machine. If you look into the configuration of the VM you will see the generated MAC addresses and you can even modify them. If you do change it, please remember that it is critical that the MAC address be unique on your network.

When you start a VM configured with bridging your physical network interface that the VM is bound to will be switched into promiscuous mode. The virtual network product will load a piece of software that will perform the same function as a physical bridge. When an incoming frame is received that has a destination MAC address that matches the unique MAC address for a specific VM then the frame will be forwarded to the VM.

  1. The MAC address created by the virtualization software should have the Locally administered address bit set REF: IEEE MAC Addresses. If you create your own addresses please also use this bit to identify them as local.
Community
  • 1
Zoredache
  • 128,755
  • 40
  • 271
  • 413