I have added two ethernet interfaces on a linux bridge. I started seeing too many packets on the both connected interfaces by using tcpdump.
The tcpdump message is:
IP 0.0.0.0 > 224.0.0.1: igmp quer v2
The machine is virtual machine & has centos OS 6.3 installed.
What is the reason both the interfaces are getting flooded with the igmp packets continiously? Its sort of loop. How to solve this?
The procedure I followed:
brctl addbr mybr
brctl addif mybr eth0
brctl addif mybr eth1
ifconfig mybr up
Related
I have attached one of my nics to a bridge in netplan:
network:
version: 2
renderer: networkd
ethernets:
eth0:
[...]
eth1:
dhcp4: no
dhcp6: no
bridges:
br0:
interfaces: [eth1]
dhcp4: no
dhcp6: no
parameters:
stp: false
That side of things behaves as expected, if I do a tcpdump -i br0 I can see every packet that arrives on eth1 on my bridge. However, if I tell QEMU to attach a (bare-metal, literally a while-true loop which receives packets from a virtio device) VM to it, I only receive broadcast packets in the VM:
qemu-system-aarch64 -kernel target/aarch64-unknown-none-softfloat/debug/router -s -machine virt -cpu cortex-a53 -nographic -monitor telnet:127.0.0.1:55555,server,nowait -netdev bridge,br=br0,id=ingress -device virtio-net-device,netdev=ingress
While that command is running, I can see a new virtual interface (tap0) which appears to be connected to the bridge just fine, but if I do a tcpdump -i tap0 I can clearly see that only broadcast packets from eth1 are going to tap0.
What is preventing my packets from arriving in tap0/my vm, and how can I make all packets arrive in tap0? I already tried ebtable-prerouting shenanigans to change the destination mac address of incoming packets to tap0's mac address, but with no success.
is it possible to reply all incoming packets/request on same network interface?
This is my setting: I have a headless Raspberry Pi (raspbian) with two network interfaces (eth0 and eth1). The fist interface (eth0) uses a public IP address, which is static. This interface is intended to provide access to the Pi (time- and web server, SSH) via the Internet. The second interface (eth1) uses the Raspberry Pi for general Internet connection (perform updates, sync own time or whatever) and uses a dynamic IP via DHCP. A general Internet connectivity over eth0 is not possible, so I have to use eth1 on the Pi.
My problem is that Internet (on the Pi) and the Internet access to the Pi are not working correctly.
first configuration (/etc/dhcpcd.conf):
interface eth0
static ip_address=141.41.241.68/28
static routers=141.41.241.65 192.168.0.1
after reboot 'ifconfig' shows the correct IP settings:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 141.41.241.68 netmask 255.255.255.240 broadcast 141.41.241.79
...
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.101 netmask 255.255.255.0 broadcast 192.168.0.255
...
result:
Internet on the Raspberry Pi (eth1): doesn't work
access to Raspberry Pi over Internet (via eth0):
SSH (TCP): works fine
Apache web server (TCP): works fine
NTP time server (UDP): works fine
Now I tried to change the metric of the interfaces, hoping that the change of prioritization is successful
second configuration (/etc/dhcpcd.conf):
interface eth1
metric 200
interface eth0
static ip_address=141.41.241.68/28
static routers=141.41.241.65 192.168.0.1
metric 201
result:
Internet on the Raspberry Pi (eth1): works fine
access to Raspberry Pi over Internet (via eth0):
SSH (TCP): doesn't work
Apache web server (TCP): doesn't work
NTP time server (UDP): doesn't work
Ok. I think all traffic going out to eth1 at default. With the tool 'iptraf-ng' I was able to see the problem:
TCP Connections (Source Host:Port) Iface
--------------------------------------------------
80.187.108.126:53024 eth0
141.41.241.68:80 eth0
141.41.241.68:80 eth1
80.187.108.126:53024 eth1
80.187.108.126:53025 eth0
141.41.241.68:80 eth0
141.41.241.68:80 eth1
80.187.108.126:53025 eth1
UDP Connections
--------------------------------------------------
UDP (76 bytes) from 80.187.108.126:28599 to 141.41.241.68:123 on eth0
UDP (76 bytes) from 192.168.0.101:123 to 80.187.108.126:28599 on eth1
We see:
On TCP: some connections going out to the wrong interface (eth1).
On UDP: The request from 80.187.108.126 came over eth0 and the response was sent over eth1.
Next, I defined the routing table to reply incoming packets on same network interface...
echo 100 public >> /etc/iproute2/rt_tables
ip rule add from 141.41.241.68/32 table public
ip route add default via 141.41.241.65 dev eth0 table public
result:
Internet on the Raspberry Pi (eth1): works fine
access to Raspberry Pi over Internet (via eth0):
SSH (TCP): works fine
Apache web server (TCP): works fine
NTP time server (UDP): doesn't work
and 'iptraf-ng' shows:
TCP Connections (Source Host:Port) Iface
--------------------------------------------------
141.41.241.68:80 eth0
80.187.108.126:52083 eth0
141.41.241.68:80 eth0
80.187.108.126:52084 eth0
141.41.241.68:80 eth0
80.187.108.126:52085 eth0
141.41.241.68:80 eth0
80.187.108.126:52086 eth0
141.41.241.68:80 eth0
80.187.108.126:52087 eth0
UDP Connections
--------------------------------------------------
UDP (76 bytes) from 80.187.108.126:28599 to 141.41.241.68:123 on eth0
UDP (76 bytes) from 192.168.0.101:123 to 80.187.108.126:28599 on eth1
We see:
On TCP: now it works correctly
On UDP: same problem :(
What can I do to send UDP responses over the correct interface (eth0)? I have no idea why TCP works fine but UDP fails :(
Its very frustrating and I have no more ideas.
I hope someone can help.
best regards,
SBond
I am facing some problem in adding wlan0 interface to Bridge in “Ad-hoc” mode. While same is working well in “managed” mode. Although adding wlan in managed mode was not straight forward but googling, I found some workaround for managed mode:
$sudo iw dev wlan0 set 4addr off
$sudo iw dev wlan0 set 4addr on
$sudo brctl addbr br0
$sudo brctl addif br0 wlan0
While running same sequence of commands for “ad-hoc” mode goes as follows:
$sudo iw dev wlan0 set 4addr off
$sudo iw dev wlan0 set 4addr on
command failed: Operation not supported (-95)
$sudo brctl addbr br0
$sudo brctl addif br0 wlan0
can't add wlan0 to bridge br0: Operation not supported
Wireless adaptor is from Intel and below is the machine info where I am running commands:
Ubuntu 14.04.4 LTS with Linux xxxx 3.13.0-78-generic #122-Ubuntu SMP Mon Feb 1 23:11:33 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
Any help is highly appreciated.
Thanks in advance.
I have started making many lxc containers on my host. So by default lxc provides a default bridge lxcbr0. How many virtual interfaces can be instantiated with lxcbr0. I started with 2000 containers,but i got stuck after 1024 containers.
The error being :
lxc-start: conf.c: instantiate_veth: 2978 failed to attach 'vethO7X5DJ' to
the bridge 'lxcbr0': Exchange full
lxc-start: conf.c: lxc_create_network: 3261 failed to create netdev
lxc-start: start.c: lxc_spawn: 826 failed to create the network
lxc-start: start.c: __lxc_start: 1080 failed to spawn 'container_1024'
lxc-start: lxc_start.c: main: 342 The container failed to start.
That is the linux bridge ports limit apparently, which is 1024.
You'll probably need to go with some custom networking (e.g. multiple bridges, as there is no hard limit on bridges) or might be http://openvswitch.org/ or something..
Create one more bridge lxcbr1 and then map lxcbr0 and lxcbr1 using veth interface like
$ ip link add veth0 type veth peer name veth1
$ brctl addif lxcbr0 veth0
$ brctl addif lxcbr1 veth1
$ ifconfig veth0 up
$ ifconfig veth1 up
What we have done is,
1) We create a queue by name veth0 and veth1; so any packet go via veth0 will reach veth1 and vice versa;
2) Then we added both the ends of vethX to lxcbr<0-1> so that all the packet will go to both bridges and all the interfaces connected to this bridges;
For a long time I had troubles using several software (early versions of Teamspeak 3, netcat, openvpn) communicating using UDP protocol. Today I identified the problem.
The main goal for me was to use openvpn over udp which did not seem to work on my server which has multiple ip addresses (runs Ubuntu Server Kernel 3.2.0-35-generic).
Using following config:
# ifconfig -a
eth0 Link encap:Ethernet HWaddr 11:11:11:11:11:11
inet addr:1.1.1.240 Bcast:1.1.1.255 Mask:255.255.255.224
...
# cat /etc/network/interfaces
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 1.1.1.240
broadcast 1.1.1.255
netmask 255.255.255.224
gateway 1.1.1.225
up ip addr add 1.1.1.249/27 dev eth0
down ip addr del 1.1.1.249/27 dev eth0
up ip addr add 2.2.2.59/29 dev eth0
down ip addr del 2.2.2.59/29 dev eth0
up route add -net 2.2.2.56 netmask 255.255.255.248 gw 2.2.2.57 eth0
# default route to access subnet
up route add -net 1.1.1.224 netmask 255.255.255.224 gw 1.1.1.225 eth0
Problem:
A simple tcpdump at the server reveals that udp packets (tested with netcat and openvpn) received at 2.2.2.59 are replied from 1.1.1.240 (client: 123.11.22.33)
13:55:30.253472 IP 123.11.22.33.54489 > 2.2.2.59.1223: UDP, length 5
13:55:36.826658 IP 1.1.1.240.1223 > 123.11.22.33.54489: UDP, length 5
Question:
Is this problem due to wrong configuration of the network interface or the application itself (OpenVPN, netcat)?
Is it possible for the/an application to listen on multiple ip addresses and reply from the interface address where it received the packet on UDP like it's doing when using TCP.
I know that you can bind applications for specific ip but that would not be the way to go.
I cannot see that this behaviour is due to the UDP protocol itself, since the application is possible to determine at which interface address the packet was received.
Specifically, openvpn has the --multihome option for handling this scenario correctly.