How to create a virtual LAN on Linux with dummy interfaces and bridges?

3

2

I'd like to create a LAN on Linux to run some experiments. This is primarily a learning exercise so I don't want to use real Ethernet interfaces or the like. It looks like I can create dummy interfaces and connect them to a bridge interface to do this. Each dummy interface would be an endpoint on the LAN and the bridge would act like an Ethernet switch. Here's how I'm creating the LAN:

ip link add dummy1 type dummy
ip link add dummy2 type dummy
ip link add br0 type bridge
ip link set dummy1 arp on
ip link set dummy2 arp on
ip link set dev dummy1 master br0
ip link set dev dummy2 master br0
ip address add 10.0.2.1/24 broadcast + dev br0
ip address add 10.0.2.2/24 broadcast + dev dummy1
ip address add 10.0.2.3/24 broadcast + dev dummy2
ip link set dummy1 up
ip link set dummy2 up
ip link set br0 up

I can see that the links are up (googling says that the "state UNKNOWN" is expected):

$ ip link
...
6: dummy1: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether fa:b9:0e:8e:a7:1f brd ff:ff:ff:ff:ff:ff
7: dummy2: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 7a:5d:8e:2b:76:d6 brd ff:ff:ff:ff:ff:ff
8: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 7a:5d:8e:2b:76:d6 brd ff:ff:ff:ff:ff:ff

And that the addresses are expected. However ping and arping do not work. In other words, none of the following report a response:

ping -I dummy1 10.0.2.3
arping -I dummy1 10.0.2.3

ping -I dummy2 10.0.2.2
arping -I dummy2 10.0.2.2

Running wireshark on the dummy interfaces shows ping and arping generating packets, but that's it.

It looks like the bridge knows the MAC addresses:

$ brctl showmacs br0
port no mac addr        is local?   ageing timer
  2 7a:5d:8e:2b:76:d6   yes        0.00
  2 7a:5d:8e:2b:76:d6   yes        0.00
  1 fa:b9:0e:8e:a7:1f   yes        0.00
  1 fa:b9:0e:8e:a7:1f   yes        0.00

However, I don't think that the bridge is forwarding frames from dummy1 to dummy2 and vice versa.

What should I do to make the bridge forward frames or is there a different way of building out this LAN virtually other than by using dummy interfaces?

Frank Hunleth

Posted 2017-07-13T20:31:39.453

Reputation: 133

Answers

6

Dummy interfaces are called "dummy" because they don't actually work. Their only usage (I know of) is to allow a long-lived application to bind on them, so you can move them around and bridge them to other interfaces without disrupting the application.

You won't be able to build a virtual LAN with dummy interfaces.

Instead, use network namespaces as a substitute for different computers ("hosts"), and connect them with virtual ethernet links (veth pairs).

This way, you can build a LAN as complicated as you like. Bridge them any way you want, do forwarding and NAT, set up complicated routing, etc.

As a starting point, here's a script I use to create a network namespace with a veth-pair connection into the main namespace, and an xterm in this namespace. Run as root, and replace USERNAME with your user name:

#!/bin/bash

# Setup network namespace with veth pair, start xterm in it

# nsterm ns0 veth0 10.0.0 yellow 24

if [[ $EUID -ne 0 ]]; then
   echo "This script must be run as root" 1>&2
   exit 1
fi

NS=${1:-ns0}
DEV=${2:-veth0}
DEV_A=${DEV}a
DEV_B=${DEV}b
ADDR=${3-:10.0.0}
ADDR_A=${ADDR}.254
ADDR_B=${ADDR}.1
MASK=${5:-24}
COL=${4:-yellow}

# echo ns=$NS dev=$DEV col=$COL mask=$MASK

ip netns add $NS
ip link add $DEV_A type veth peer name $DEV_B netns $NS
ip addr add $ADDR_A/$MASK dev $DEV_A
ip link set ${DEV}a up
ip netns exec $NS ip addr add $ADDR_B/$MASK dev $DEV_B
ip netns exec $NS ip link set ${DEV}b up
ip netns exec $NS ip route add default via $ADDR_A dev $DEV_B
ip netns exec $NS su -c "xterm -bg $COL &" USERNAME

dirkt

Posted 2017-07-13T20:31:39.453

Reputation: 11 627

Asked: 2017-07-13T20:31:39.453

Viewed: 6 627 times

Active: 2017-07-14T07:04:00.267