Bridge virtual interface into physical network?

3

3

Like the diagram below, the physical network is 192.168.99.0/24. veth0 lives inside a separate network-namespace. I want it to directly connect into the physical network, thus node1 and veth0 can talk to each other through physical network without any NATs.

enter image description here

What I've tried is:

  • create a linux bridge br0
  • connect veth1 to br0
  • connect eth0 (physical NIC of node2) to br0

Turns out, if we ping from 192.168.99.3 to 192.168.99.1, then arp packets come from veth0, traverse through veth1 to br0, and then be broadcasted to node2's eth0, and finally get received by node1's eth0.

Howerver, when node1 replies, packet's dested to veth0's mac address won't be received by node2's eth0 (mac mismatch I guess), thus veth0 won't get arp reply packets and ping fails.

So, if I'm not understanding this wrong, can anybody gives me any ideas on how to make this bridge network happen?

UPDATE

I rebuild this test environment on bare metal machines, turns out everything works fine. Maybe something wrong with virtualbox networking.

dastan

Posted 2017-04-28T10:38:03.823

Reputation: 455

1This should work in theory, as bridging eth0 would switch it to promiscuous mode and disable MAC filtering. – user1686 – 2017-04-28T10:45:04.667

@grawity Unfortunately I didn't make this work. :( Can you take a try? – dastan – 2017-04-28T11:07:20.390

I just got this working on KVMs by using two veths on the bridge, one in the container namespace with the container's IP and one not, with the host IP. No IP on the bridge itself. Other nodes on the network see individual IPs and MACs. Biggest surprise was that moving things into namespaces erases the IP and such. – stolenmoment – 2019-10-02T16:46:57.833

Answers

1

What you are trying to do sounds correct, but there is an important number of small details (cleaning the previous configuration, bringing all interfaces up, creating a new network namespace from which to use one end of the veth pair), that I am not sure you have done everything correctly. In particular, I do not know whether you realized that you will need to dhcp (if you do not use a static IP address) the end of the veth pair inside the new network namespace .

So, in order to give you the full details, I will tell you how I do this, using veth's: first I clean the current configuration,

# systemctl stop network-manager
# ip link set dev usb0 down   
# ip addr flush dev usb0

then I create the veth pair, and then I put my ethernet interface (here it is called usb0) and one end of the veth pair into a bridge called br1:

# ip link add veth-a1 type veth peer name veth-b1
# ip link set veth-a1 up
# ip link add br1 type bridge
# ip link set veth-a1 master br1
# ip link set usb0 master br1
# ip link set usb0 up
# ip link set br1 up

Notice that it is important to bring the different interfaces up; then I start dhclient on the bridge:

# dhclient br1
.....
bound to 192.168.11.98 -- renewal in 16650 seconds.

Now I transfer the other end of the veth pair to the new network namespace, called ns1, and create an xterm inside the new network namespace:

# ip netns add ns1
# ip link set veth-b1 netns ns1
# ip netns exec ns1 xterm &

so that, from the xterm I can bring up the other end of the veth pair and start dhclient on it.

# ip link set dev veth-b1 up
# dhclient veth-b1

To test this, just ping www.debian.org, and you will check both the connection and the fact that DNSes are imported from your primary network namespace automatically.

It would have been much easier with a macvlan, though..,

MariusMatutiae

Posted 2017-04-28T10:38:03.823

Reputation: 41 321

I've followed your step and tested on a virtualbox machine, finally failed. I can't ping br1's IP from another virtualbox machine, and can't dhclient veth-br1 either. Guess usb0 won't accept a packet whose dest mac address is veth-br1. – dastan – 2017-05-03T02:40:35.433

I've test my setup method directly on bare metal machines, turns out everything works fine. Guess there's something wrong with the virtualbox networking. – dastan – 2017-05-03T11:44:05.407

Asked: 2017-04-28T10:38:03.823

Viewed: 5 208 times

Active: 2017-05-03T11:46:45.583