Re: bridges with multiple static IPs or DHPC - how to configure?

To: debian-user@lists.debian.org
Subject: Re: bridges with multiple static IPs or DHPC - how to configure?
From: "Karl E. Jorgensen" <karl@jorgensen.org.uk>
Date: Wed, 4 Jun 2014 21:25:58 +0100
Message-id: <[🔎] 20140604202558.GA9871@hawking>
In-reply-to: <[🔎] CAOBoUnMw2P_ZKV+4zQuOSuPDKKjzoaJosmKVtTwRBQj-GY9EgA@mail.gmail.com>
References: <[🔎] CAOBoUnMw2P_ZKV+4zQuOSuPDKKjzoaJosmKVtTwRBQj-GY9EgA@mail.gmail.com>

Hi

On Wed, Jun 04, 2014 at 08:00:49PM +0200, Steffen Dettmer wrote:
> Hi,
> 
> how to configure a bridge with multiple static IPs and/or DHPC
> via /etc/network/interfaces?
> 
> I tried many combinations, but I didn't find any working one.
> 
> Of course everything works as expected when configuring manually
> with "ip", "brctl" etc.
> 
> Any working example would be great!
> 
> The rest of the mail discusses what I tried so far.
> 
> Yes, I read man bridge-utils-interfaces(5), but it has simple
> examples only (single static IP or no IP). The man page tells,
> interfaces used as bridge_ports
> 
>    "are the  interfaces  that  are  part  of  the  bridge,  and
>    they shouldn't  have  any  stanzas defining them on the
>    interfaces file"          -- man bridge-utils-interfaces(5)
> 
> but this is wrong. There must be a stanza like
> 
>   auto eth3.14
>     iface eth3.14 inet manual

Hm... this is VLAN 14 on eth3....

> otherwise no bridge can use it any only gives an error message
> like "interface eth3.14 does not exist!".

Hm. have you got the "vlan" package installed?

But anyway: When you bridge interfaces together, the IP addresses
should be assigned to the *bridge*, not the interfaces that join the
bridge.  At least that's what I've been told.

> For an ordinary ethernet interface, the following works:
> 
>   auto eth3.10
>   iface eth3.10 inet static
>     address 10.72.9.17
>     netmask 255.255.255.248
>   iface eth3.10 inet static
>     address 10.72.9.25
>     netmask 255.255.255.248
> 
> For bridges, it is not clear how to use multiple stanzas for
> multiple IPs; it seems, the options to create the bridge and to
> add IPs to it are somehow mixed.

Hm.. it doesn't complain about having multiple stanzas with the name
iface !?  (I'm surprised here, so I may well learn something)

> There are options like bridge_ports. They have to be in each
> "iface br0" stanza?
> 
>   (Experiments show that "bridge_ports" are accumulated (probably
>   simply because each stanza brctl addif each, in total producing
>   the desired result), but other options such as bridge_maxwait
>   are not.)

Good.

> The same approach as for Ethernet does not work for Bridges:
> 
>   iface br1 inet static
>     address 10.1.1.1
>     netmask 255.255.255.248
>     bridge_ports eth3.10
>     bridge_maxwait 0
>   iface br1 inet static
>     address 10.1.1.9
>     netmask 255.255.255.248
>     bridge_ports eth3.11
>     bridge_ports eth3.12
>     bridge_maxwait 0
> 
> This adds all interfaces to br1, but only the IP address from the
> last block.

And you're bridging VLANs 10,11 and 12. Very unusual. If the VLANs
should be bridged, this is usually done on the switch...

> It is similar when it comes to DHCP.

Using a DHCP address on a bridge interface is .. unusual. But I guess
there must be use cases where it is valid.

E.g. a laptop which runs virtual machines (which are connected to the
bridge), because the virtual machines need to be in the same network?
I almost do this, but I decided to let the bridge interface be
"unattached" - i.e. the laptop *routes* traffic from the virtual
machines to the outside world via normal routing (and NAT where
appropriate).  This way, the virtual machines don't need to know about
me moving from one LAN to another.

I'd suggest something like this:

# ---8<-- cut here ---8<---
auto br0
iface br0 inet dhcp
      bridge-ports eth3
      post-up ip address add 10.1.1.1/24 dev br0
      post-up ip address add 10.1.1.9/24 dev br0
# ---8<-- cut here ---8<---

or alternatively:

# ---8<-- cut here ---8<---
auto br0:
iface br0 inet dhcp
      bridge-ports eth3
auto br0:1
iface br0:1
      address 10.1.1.1
      netmask 255.255.255.0
auto br0:2
iface br0:2
      address 10.1.1.9
      netmask 255.255.255.0
# ---8<-- cut here ---8<---

which should give the bridge 3 IP addresses: One assigned by DHCP as
well as 10.1.1.1 and 10.1.1.9.

I assume you only want ONE IP address from DHCP :-) If you want more
than that, we're really wandering into unknown territory.

In general, I suspect that you are confusing VLANs with IP aliasing:

- VLANs is a way of creating multiple (virtual and independent)
  networks on the same underlying network. This is accomplished by
  VLAN "tagging" - there are 10 bits reserved in the IP headers for
  this, allowing up to 4096 VLANs).  Linux represents each VLAN on the
  hardware interface as a separate network device using the
  dot-notation, e.g. eth0.1, eth0.2 etc.  Other notations are
  possible, but us poor puny humans are easily confused.

- IP Aliasing is a way of allowing a device to have multiple IP
  addresses on the same VLAN.  This is usually done via the "colon"
  notation - e.g. eth0:1, eth0:2 etc.

VLANs usually do not apply in a residential setting.  But if you're a
geek (and your switch supports it), feel free to play away on it.

-- 
Karl E. Jorgensen

Reply to:

Follow-Ups:
- Re: bridges with multiple static IPs or DHPC - how to configure?
  - From: Tom H <tomh0665@gmail.com>

References:
- bridges with multiple static IPs or DHPC - how to configure?
  - From: Steffen Dettmer <steffen.dettmer@gmail.com>

Prev by Date: Re: Post-installation: how to auto-configure network adapter (ie. enable internet access)?
Next by Date: Re: interpreting Gkrellm charts
Previous by thread: Re: bridges with multiple static IPs or DHPC - how to configure?
Next by thread: Re: bridges with multiple static IPs or DHPC - how to configure?
Index(es):
- Date
- Thread