Re: bridges with multiple static IPs or DHPC - how to configure?

To: debian-user <debian-user@lists.debian.org>
Subject: Re: bridges with multiple static IPs or DHPC - how to configure?
From: Steffen Dettmer <steffen.dettmer@gmail.com>
Date: Thu, 5 Jun 2014 15:34:27 +0200
Message-id: <[🔎] CAOBoUnN0kgcBEXnx1A+HeT7i69kt5PWR3cOmsnXUcRJjzKmUZg@mail.gmail.com>
In-reply-to: <[🔎] CAOBoUnMw2P_ZKV+4zQuOSuPDKKjzoaJosmKVtTwRBQj-GY9EgA@mail.gmail.com>
References: <[🔎] CAOBoUnMw2P_ZKV+4zQuOSuPDKKjzoaJosmKVtTwRBQj-GY9EgA@mail.gmail.com>

Hi all,

thanks for all your answers!

I think I found the solution:
all bridge parameters must go into the first iface stanza.
Subsequent stanzas configure IPs and/or DHCP.
Using allow-hotplug instead of auto, the bridge is not bought up
at boot and can be started asynchrously by some script.

Yesterday I was sure that I tested this as one of the options,
even at the very beginning; obviously I made a mistake, sorry.

Working Example:
  auto eth1.77
  iface eth1.77 inet manual

  auto eth2.78
  iface eth2.78 inet manual

  allow-hotplug br0
  iface br0 inet static
    bridge_ports eth0 eth1.77 eth2.78
    bridge_stp on
    bridge_waitport 0
    bridge_fd 3
    bridge_maxwait 0
    address 172.22.9.2
    netmask 255.255.0.0
  iface br0 inet static
    address 10.1.4.1
    netmask 255.255.255.248
  iface br0 inet dhcp

(works even without any eth0 stanza)

I reply any to Bzzz, Curt and Karl, but in one single mail
to keep list traffic lower. I hope this helps instead of just
adding confusion :)

On Wed, Jun 4, 2014 at 8:17 PM, Bzzz <lazyvirus@gmx.com> wrote:
> ifconfig br0:1 192.168.1.201

Yes, even when replacing this deprecated command by

$ ip addr 192.168.1.201/24 dev br0

it works
(this I meant with "configuring manually with `ip', `brctl' etc.").

On Wed, Jun 4, 2014 at 8:28 PM, Curt <curty@free.fr> wrote:
> You looked here already?
> https://wiki.debian.org/BridgeNetworkConnections

Yes, I did, similar as the man page, it contains a simple
single-IP example only.

On Wed, Jun 4, 2014 at 10:25 PM, <karl@jorgensen.org.uk> wrote:
>> otherwise no bridge can use it any only gives an error message
>> like "interface eth3.14 does not exist!".
>
> Hm. have you got the "vlan" package installed?

No, I don't have. I know that installing this package breaks VLAN
configuration on Debian 7 (in contrast to the documentation).

See also:
https://lists.debian.org/debian-user/2013/10/msg01069.html
https://lists.debian.org/debian-user/2013/10/msg01065.html

>>   auto eth3.10
>>   iface eth3.10 inet static
>>     address 10.72.9.17
>>     netmask 255.255.255.248
>>   iface eth3.10 inet static
>>     address 10.72.9.25
>>     netmask 255.255.255.248
>
> Hm.. it doesn't complain about having multiple stanzas with the name
> iface !?  (I'm surprised here, so I may well learn something)

No, it doesn't complain. I think this is the way to set multiple
IP address, am I wrong?

>> The same approach as for Ethernet does not work for Bridges:
>>
>>   iface br1 inet static
>>     address 10.1.1.1
>>     netmask 255.255.255.248
>>     bridge_ports eth3.10
>>     bridge_maxwait 0
>>   iface br1 inet static
>>     address 10.1.1.9
>>     netmask 255.255.255.248
>>     bridge_ports eth3.11
>>     bridge_ports eth3.12
>>     bridge_maxwait 0
>>
>> This adds all interfaces to br1, but only the IP address from the
>> last block.
>
> And you're bridging VLANs 10,11 and 12. Very unusual. If the VLANs
> should be bridged, this is usually done on the switch...

Yes, this example is artificial; better would be eth1.10, eth2.11, eth3.12.

Background:
  I think we can assume this box "is the switch".
  Later I'll need to bridge something like

    - br0: wlan1 eth2.1 eth3.1 eth4.1
    - ...
    - brN: wlanN eth2.N eth3.N eth4.N

  or such, each with several IP addresses.

  > Using a DHCP address on a bridge interface is .. unusual. But I guess
  > there must be use cases where it is valid.

  Some shall support DHCP to ease some maintenance/testing.
  Key factor is that DHCP support shall not get lost when using bridging.

> I'd suggest something like this:
>
> # ---8<-- cut here ---8<---
> auto br0
> iface br0 inet dhcp
>       bridge-ports eth3
>       post-up ip address add 10.1.1.1/24 dev br0
>       post-up ip address add 10.1.1.9/24 dev br0
> # ---8<-- cut here ---8<---

yeah, I so far I hesitated from "scripting inside configs", it looks
to "dangerous" (where does the scripting logs? what about error handling?),

and I think Debian supports multiple IP addresses (without writing an own
script calling ip addr ...).

> or alternatively:
> auto br0:

mmm... I'm afraid using deprecated features may lead into trouble in future?

(With vlan package I already met a few :))

> I assume you only want ONE IP address from DHCP :-)

yes, up to one per VLAN.

> In general, I suspect that you are confusing VLANs with IP aliasing:

Thanks for this nice summary. Yes, it is really easy to confuse that,
but here I hope it didn't happen.

Regards,
Steffen

Reply to:

References:
- bridges with multiple static IPs or DHPC - how to configure?
  - From: Steffen Dettmer <steffen.dettmer@gmail.com>

Prev by Date: unable to mount removable media with xfce4 version 4.10.1
Next by Date: Re: unable to mount removable media with xfce4 version 4.10.1
Previous by thread: Re: bridges with multiple static IPs or DHPC - how to configure?
Next by thread: High %wa, irregular blocking
Index(es):
- Date
- Thread