Original: http://zhumeng8337797.blog.163.com/blog/static/1007689142011643834429/
First install the network card, even on the network cable, this is nonsense, needless to say.
and start!
Set up Linux let the bridge run Configure the bridge
We need to let Linux know the bridge, first tell it, we want a virtual Ethernet Bridge interface: (this will be performed on the host bridge, not a clear look at the test scenario)
[Email protected]:~> brctl ADDBR br0
Second, we don't need STP (spanning Tree Protocol) and so on. Because we have only one router, it is absolutely impossible to form a ring. We can turn this feature off. (This can also reduce packet contamination in the network environment):
[Email protected]:~> brctl STP br0 off
After these preparations, we can finally do something immediate. We add two (or more) Ethernet physical interfaces, meaning: we attach them to the newly generated logical (virtual) bridge interface Br0.
[Email protected]:~> brctl addif br0 eth0
[Email protected]:~> brctl addif br0 eth1
Now, our two Ethernet physical interfaces turned out to be two logical ports on the bridge. The two physical interfaces used to exist and the future will not disappear. If you don't believe me, go check it out. Now they are part of the logical bridge device, so the IP address is no longer required. Now let's release these IP addresses.
[Email protected]:~> ifconfig eth0 down
[Email protected]:~> ifconfig eth1 down
[Email protected]:~> ifconfig eth0 0.0.0.0 up
[Email protected]:~> ifconfig eth1 0.0.0.0 up
All right! We now have a box w/o with no IP address. OK, so if you want to configure your firewall or router with TP, you can only go through the local control port. You're not going to tell me you don't have a serial port on your machine, do you?
Note: The red part above is actually optional, in the experiment, I found that even if the original network card address is released, the bridge can also work! However, in order to be more normative, or to avoid any inexplicable problem, it is best to do as required, to carry out these four steps!
Finally, enable the Network Bridge [email protected]ge:~> ifconfig br0 up
Optional: We assign an IP address to this new bridge interface
[Email protected]:~> ifconfig br0 10.0.3.129
Or take the last two steps to synthesize one step:
[Email protected]:~> ifconfig br0 10.0.3.129 up
Just one more up!.
We're done here.
Close the bridge command
Brctl Delif Ena eth1;
Brctl Delif ena eth0;
Ifconfig ena down;
Brctl DELBR Ena;
Realization analysis and use of Alinux bridge http://www.ibm.com/developerworks/cn/linux/kernel/l-netbr/index.html
One, what is bridging
Bridge work in the OSI Network Reference Model of the second layer of data link layer, is a MAC address as a basis to judge the network into two different physical segments of the technology, which is widely used in the early computer network. As we all know, Ethernet is a kind of sharing network transmission media technology, in this technology, if a computer sends data, the computer on the same physical network media needs to receive, after receiving the analysis destination MAC address, If the destination MAC address and its own MAC address are the same, encapsulation is provided to the network layer, and if the destination MAC address is not your own MAC address, then the packet is discarded. Bridging works by separating the physical network segment (also known as the conflict domain) from the MAC address to determine the sending of packets to a computer that is connected to two physical network segments. Below, we give an example for you to explain: in the network structure, there are two hubs connected to more than one computer, we respectively set a hub and B hub as a conflict domain and b conflict domain. In such a network environment, if computer A sends a packet to computer C, hub A sends the packet over all the computers in the network (including Hub B), regardless of whether the packets need to be sent to another zone B.
Let's connect hub A and hub B separately to the two ports on the bridge, what happens if computer A then sends a packet to computer C? At this point, the hub A will also send packets across the network, when the bridge, the bridge will be the packet destination MAC address analysis, and then compare their learning to the MAC address table, if the table does not have this MAC address, the bridge will be on the two network segment of the sending packet, The MAC address of Computer A is also recorded in its own table. After many such records, the Bridge records all the MAC addresses and divides them into two segments. When computer A sends the packet to B again, because the two computers are in the same physical field, when the packet arrives at the bridge, the bridge compares the destination MAC address with its own table, and the computer A and computer B are not forwarded to zone B in the same segment. If you are not in the same physical segment, the bridge will allow the packet to pass through the bridge. From the above example, we learned that the bridge is actually a device that controls the traffic in the conflict domain. Bridges are rarely used now, except for the isolation of conflict domains, which can also enable the connection of different O-type networks (the connection between Token Ring and Ethernet) and the expansion of the Network (IEEE's 5.4.3 Connection rules) and so on.
Ii. What is ExchangeExchange also works in the OSI Network Reference Model of the second layer of data link layer, is also a MAC address as the basis for the decision to divide the network into two different segments of the technology, the difference is that the exchange of physical network segments divided into each port, a simple understanding is a multi-port bridge, It is actually an extension of bridging technology. In the previous understanding, we already know that bridging is a technology that connects two different physical network segments (conflict domains), which is connected to multiple physical segments, typically with multiple ports, each of which is actually a bridge, and when the computer that is connected to the switch port sends a packet, All ports will determine if the packet is being sent to itself, and if it is not, discard it, extending the concept of the conflict domain to each switch port. We also illustrate, in the following figure, we can see the computer A, b respectively connected to the different ports of the switch, when computer A to B send packets, assuming that a port is not learning to B Port MAC address, at this time, A port uses broadcasts to send packets to all ports except the a port (broadcast domain), when the other computer receives the packet and compares it to its MAC address, and then simply drops the packet, and when B receives the packet, it receives the packet by contrast and logs the source address. By repeating this learning, the switch constructs a forwarding database that is based on all ports and is stored in the contents addressable memory (CAM) of the switch.
After the switch learns all the port information, when computer A sends the packet to B again, it no longer broadcasts the address, but sends it directly to the B port corresponding to the forwarding database. With this learning, a differential segment is implemented on the switch, and each computer connected to the switch port can enjoy the bandwidth alone.
iii. What is routingRouting work in the third layer of the OSI Reference Model network layer, it is based on the third layer of IP address information as a basis for judging the network into different segments (IP subnet) technology, and bridging and exchange, routing is divided into separate logical network segments, each connected network segment has a separate network IP address information, Instead of using the MAC address as the basis for judging the path, the routing has the ability to isolate the broadcast, while the interchange and bridging are the physical network segments, which simply fragment the physical transport media. At the same time, routing has the function of path selection, according to different destination IP address to analyze the most appropriate path to the destination. In, we see three switches connected to the router, each divided into three different subnet address segments: 192.168.0.0, 192.168.1.0, 192.168.3.0. When computer A sends a packet to B, when the path to B is not known, switch A will broadcast the packet on its own segment, and when it arrives at the router, the router will no longer broadcast the packet, and according to the rules of the routing protocol, the arrival B should choose to forward it to that segment. The packet is then forwarded to the corresponding IP address segment instead of being broadcast to a C segment that does not require the packet. If there is no rule in the router that defines the path to the destination IP address, it discards the packet directly.
Routers mainly have path selection and data forwarding two basic functions, but in many scenarios, routers generally assume the role of the gateway. At home, we usually use PPPoE dialing or static route two ways to realize LAN sharing Internet. At this point, the main function of the router is to realize the protocol conversion between the LAN and the WAN, which is also the main purpose of the gateway.
the difference between four or three people
1. The number of layers in the reference model is differentIn the Open Systems Interconnection Reference Model, bridges and switches are located in the second layer of the Reference Model-the data link layer, while routers are located in a higher layer-network layer.
2, based on the path to determine the conditions are differentBecause the number of layers in the OSI reference model is different, the conditions for the two devices, such as switches and gateways, are not the same, and the bridge and the switch determine packet forwarding based on the MAC address of the port, and the router uses the IP address to judge.
3. Different ability to control broadcastingBridges and switches (except for layer three switches or VLAN-enabled features) both devices are not able to control the broadcast of the network, if there is a broadcast packet, will be forwarded to all the ports, so in a large network environment, must have a router to control the network broadcast.
4, the degree of intelligence is differentWhen judging the data, the bridge can only judge whether the same physical network segment, the switch can determine that the packet belongs to that port, but both devices do not have the ability to select the optimal path, and the router based on IP address to determine the path, so according to the IP address information to determine the optimal path to the destination.
different application scenarios and future development of five or three peopleIn the actual application environment, the Network Bridge has basically not been used, in the small and medium-sized LAN, the most commonly used networking equipment is the switch, whether the choice of routers according to the size and function of the network to decide, in large networks, routers are necessary to control the broadcast, but because of the continuous extension of technology, The switch is also integrated with the ability to determine the path based on the IP address and control the broadcast, so the router is now gradually being replaced by a routable switch. As mentioned earlier, routers in many scenarios have been used gateway, so, with the rapid development of broadband technology, at the last kilometer, a new device-broadband router will gradually replace the traditional router to achieve network access function. I believe that through the above introduction, we have a clearer understanding of the functions of bridges, switches, routes and gateways! Three, the use method of Brctl
There are five hosts. One host is equipped with Linux, a bridge module is installed, and four physical network cards are connected to other hosts on the same network segment. We want it to be a bridge that forwards packets between the other four hosts (IP 192.168.1.2,192.168.1.3,192.168.1.4,192.168.1.5). At the same time, in order to facilitate the management, I hope that the bridge can have an IP (192.168.1.1), so that the administrator can be in the 192.168.1.0/24 network segment of the host telnet to the bridge, configure it to achieve remote management.
As mentioned in the previous section, a network bridge forwards packets in the same logical segment. For the topology above, this logical network segment is the 192.168.1.0/24 network segment. We have a name for this logical network segment,br0. You first need to configure such a logical network segment.
# Brctl ADDBR Br0 (Establish a logical network segment named br0) # Brctl DELBR br0 |
In fact, we can think of logical segment 192.168.1.0/24 as a vlan, while Br0 is the name of the VLAN.
After establishing a logical network segment, we also need to assign a specific port to this segment. In Linux, a port is actually a physical network card. The name of each physical network card is eth0,eth1,eth2, Eth3, respectively. We need to connect each NIC one by one and Br0 as a port in the br0.
# Brctl AddIf br0 eth0 (Let eth0 be a port for br0 ) # Brctl AddIf br0 eth1 (Let eth1 be a port for br0 ) # Brctl AddIf br0 eth0 (Let eth2 be a port for br0 ) # Brctl AddIf br0 eth3 (Let eth3 be a port for br0 ) # brctl Delif br0 eth0 |
Each physical NIC of the bridge acts as a port, runs in promiscuous mode, and works at the link layer, so no IP is required .
# ifconfig Eth0 0.0.0.0 # ifconfig eth1 0.0.0.0 # ifconfig Eth2 0.0.0.0 # ifconfig Eth3 0.0.0.0 # ip addr Add 127.0.0.1/8 dev lo brd + (IP is a powerful network configuration tool within the IPROUTE2 package that can replace some traditional network management tools.) For example:ifconfig,route and so on. This manual will introduce the IP commands and their options in sub-chapters. ) |
Then configure IP for BR0 's virtual network card :192.168.1.1. That way, you can manage your network bridge remotely.
# ifconfig Br0 192.168.1.1 |
once the IP is configured for the BR0 , the Network Bridge will be able to work. hosts within the 192.168.1.0/24 network segment can telnet to the bridge to configure them.
The above configuration is a logical network segment, in fact, the Linux Bridge can also be configured as multiple logical network segments (equivalent to dividing multiple VLANs in the switch ).
iv. brctl Command detailed analysis
Increase the bridging process
(1) # Brctl ADDBR br0
(2) # Brctl addif br0 eth0
(3) # IP addr Add 172.16.12.43/8 dev br0 brd +
(4) # ifconfig br0 up
Remove Bridging process
( 1) # ip addr del 172.16.12.43/8 dev br0 brd +
( 2) # ifconfig br0 down
( 3) # brctl delif br0 eth0
( 4) # brctl delbr br0
Linux under Brctl Configuration Network Bridge