Linux – How to create a bridge / tun tap under linux inside /etc/network/interfaces

bridgelinuxlinux-networkingqemu

I need to create a network bridge for my qemu virtual machines under linux .

I'm reading manpages, official documentations and tutorials but I still find impossible to understand the steps.

For example ( from https://wiki.ubuntu.com/KvmWithBridge )

# The primary network interface
auto br0
iface br0 inet static
        address 192.168.0.101
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255
        gateway 192.168.0.1
        bridge_ports eth0
        bridge_stp off
        bridge_maxwait 5
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 192.168.0.4
        dns-search mydomain.net

this makes 0 sense to me :

why a bridge needs an IP ? why I can work with bridges and IPs at all since it should be just a datalink path
why I need to take down eth0 ? a bridge it's a connection between 2 physical devices, why it makes sense to take down an ethernet card to create an interconnection with said card ?
who or what is getting the IP here ? 192.168.0.101 is what exactly ?

This is a pattern that repeats itself with many tutorials, guides and documentation mixing words with no apparent meaning ( apparently a bridge is supposed to deal with IPs … ) .

So I'm asking : how do I create a bridge so my qemu instance can connect itself through my eth0 via a bridge ?
I would like to use iproute2 and /etc/network/interfaces and nothing else for simplicity sakes .

Best Answer

I'll try to answer your questions.

A bridge interface doesn't require an ip address to switch frames between ports. Sure, you can configure a bridge interface without an ip address. In this case your linux host will work as a simple L2 switch. When you assign an ip address on a bridge interface, you can consider your linux host as a advanced L3 switch.
You don't need disable the interface to add it into the bridge.
After ifup br0 in your linux system the br0 interface will be created. Address 192.168.0.101 will be assigned to it.
After running a qemu VM with appropriate options in your system an additional interface should be apprears. After that you can add it into the br0 interface manually with command

ip link set dev <tap-iface> master br0

You can write the short script to add new tap interface into the bridge. This script can be placed in special directory and will be executed after start of new qemu host.
If you prefer the iproute2, you can use it in the interfaces file, using inside pre-up, up, post-up and other statements.
If I've understood your correctly, you can add something like into /etc/network/interfaces file to bring up tap interface and add it into the bridge:

iface tap10 inet manual
    pre-up /sbin/tunctl -t $IFACE -u root || true
    pre-up /sbin/ip link set dev $IFACE master br0
    up /sbin/ip link set dev $IFACE up
    post-down /sbin/tunctl -d $IFACE || true

Newer versions of iproute2 has own support of tun/tap interfaces, so usage of the tunctl binary is unnecessary.

iface tap10 inet manual
  pre-up /sbin/ip tuntap add mode tap user root name $IFACE || true
  pre-up /sbin/ip link set dev $IFACE master br0
  up /sbin/ip link set dev $IFACE up
  post-down /sbin/ip link del dev $IFACE || true

In the qemu VM start command line you should use something like that:

-netdev tap,id=mynet0,ifname=tap10,script=no,downscript=no

Related Solutions

Debian network bridge configuration – /etc/network/interfaces

You seem to miss the most important line:

auto xenbr0
iface xenbr0 inet static
  bridge_ports eth0 eth4 eth7    # bridge traffic between these interfaces
  bridge_stp no
  address 10.0.0.1
  netmask 255.255.255.0
  network 10.0.0.0
  broadcast 10.0.0.255

man says: If you need to specify the interfaces more flexibly, you can use the following syntax (most useful on a Xen dom0):

     bridge_ports regex (eth|vif).*

This means to evaluate (as in egrep(1)) the expressions that follow after "regex".

Linux – Create and bridge virtual network interfaces in Linux

I think what you are needing to use here are TUN/TAP interfaces. Install tunctl (package for CentOS) and then you can start creating virtual network interfaces:

tunctl -t tap0
ifconfig tap0 up

More info here: http://backreference.org/2010/03/26/tuntap-interface-tutorial/

Tun/tap interfaces are a feature offered by Linux (and probably by other UNIX-like operating systems) that can do userspace networking, that is, allow userspace programs to see raw network traffic (at the ethernet or IP level) and do whatever they like with it. This document attempts to explain how tun/tap interfaces work under Linux, with some sample code to demonstrate their usage.

As I recall, when using the loopback interface, that doesn't work properly with PCAP libraries because it's not actually a "real" interface (or certainly not seen as a real one by the system). It doesn't even have a MAC address if you run ifconfig on it. But, TUN/TAP interfaces do, and for the purpose of what you're trying to do, it may just be the solution you're looking for (no creating extra virtual machines etc required).

I also suspect you'll be able to accomplish your task with just one tap interface (no bridging between 2 required). Simply have your first process bind onto the virtual interface and write the traffic, then have the secondary one bind onto it, reading the traffic.

Best Answer

Related Solutions

Debian network bridge configuration – /etc/network/interfaces

Linux – Create and bridge virtual network interfaces in Linux

Related Topic