Setting up L2 Connectivity between NICTA and WINLAB¶
We used information from: http://blog.kovyrin.net/2006/04/05/connecting-two-remote-local-networks-with-transparent-bridging/
However, some of the info there are not correct anymore. So below is our version of that page.
1. Intro¶
Sometimes we need to connect two or more geographically distrubuted ethernet networks to one broadcast domain. There can be two different office networks of some company which uses smb protocol partially based on broadcast network messages. Another example of such situation is computer cafes: a couple of computer cafes can provide to users more convenient environment for playing multiplayer computer games without dedicated servers.
Both sample networks in this article need to have one *nix server for bridging. Our networks can be connected by any possible hardware that provides IP connection between them.
Short description: In described configuration we are connecting two remote LANs to make them appearing as one network with 10.40.x.x address space (however physically, presense of bridges in network configuration is not affecting IP protocol and is fully transparent for it, so you can freely select any address space). Both of the bridging servers has two network interfaces: one (as eth0 in our example) connested to the LAN, and second (eth1) is being used as transport to connect networks. When ethernet tunnel between gateways in both networks will be bringed up we will connect tunnel interfaces with appropriate LAN interfaces with bridge interfaces. Schematically this configuration can be following:
Here we use the 10.40.x.y subnet
NICTA WINLAB
(norbit) (landing1)
(10.40.0.252) (10.40.0.253 / external: 128.6.192.147)
+-------+ +-------+
| br0 | | br0 |
+-------+ +-------+
| | | |
Network 1 | | | | Network 2
(Testbed) | | | | (Testbed)
(10.40.x.y) | | | | (10.40.x.y)
| | | |
------------eth1 tap0---................---tap0 eth3---------------
2. Installing the Bridging Servers¶
We did not have to do that as Rodney already did that step earlier...
In case you need to start from scratch the info are here
3. Setting up the Bridging Servers¶
When vtun will be installed, we will need to select one of the bridging servers as master and second server will be slave and appropriately change the vtun configuration files in /etc/ on both servers.
3.1. Complete config files for MASTER are following:¶
/etc/default/vtun
RUN_SERVER=yes SERVER_ARGS="-P 5000"
/etc/vtund.conf
options {
port 5000; # Listen on this port.
# Syslog facility
syslog daemon;
# Path to various programs
ifconfig /sbin/ifconfig;
route /sbin/route;
firewall /sbin/iptables;
ip /sbin/ip;
}
default {
compress no;
encrypt no;
speed 0;
}
landing1 {
passwd Pa$$Wd;
type ether;
proto udp;
keepalive yes;
compress no;
encrypt no;
up {
# Connection is Up
ifconfig "%% up";
program "brctl addif br0 %%";
};
down {
# Connection is Down
ifconfig "%% down";
};
}
3.2. Complete config files for SLAVE are following:¶
/etc/default/vtun
# Should the standalone server be started? RUN_SERVER=yes # Client sessions to start. Up to ten instances can be configured. # # Session name CLIENT0_NAME=landing1 # # Destination host landing1.orbit-lab.org (but DNS trouble?? so put real IP) CLIENT0_HOST=128.6.192.147
/etc/vtund.conf
options {
# Path to various programs
ifconfig /sbin/ifconfig;
route /sbin/route;
firewall /sbin/iptables;
}
landing1 {
passwd Pa$$Wd; # Password
type ether; # Ethernet tunnel
up {
# Connection is Up
ifconfig "%% up";
program "brctl addif br0 %%";
};
down {
# Connection is Down
ifconfig "%% down";
};
}
3.3. Configuring Bridge interfaces on both MASTER and SLAVE¶
To bring up bridge between LAN ethernet interface and our newly created tunnel interface we need to create bridge interface. To complete this task we will add br0 interface description to /etc/network/interfaces files:
/etc/network/interfaces (MASTER side)
auto br0
iface br0 inet static
address 10.40.0.253
netmask 255.255.0.0
bridge_ports eth3
/etc/network/interfaces (SLAVE side)
auto br0
iface br0 inet static
address 10.40.0.252
netmask 255.255.0.0
bridge_ports eth1
Notice: IP-addresses on both sides of our bridge must be unique in both networks. eth0 is LAN interface.
4. Starting all¶
We first need to start bridging on the MASTER side, then on the SLAVE side. You can see useful information by monitoring /var/log/syslog
We need to bring the br0 interface up:
# ifup br0
When br0 interface is created, we can start vtun.
# /etc/init.d/vtun restart
If everything is working fine, you should see the following on the MASTER side:
root@landing1:~# ifconfig br0
br0 Link encap:Ethernet HWaddr 00:04:23:9e:e5:07
inet addr:10.40.0.253 Bcast:10.40.255.255 Mask:255.255.0.0
inet6 addr: fe80::204:23ff:fe9e:e507/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6907 errors:0 dropped:0 overruns:0 frame:0
TX packets:114 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:366728 (358.1 KiB) TX bytes:13668 (13.3 KiB)
root@landing1:~# ifconfig tap0
tap0 Link encap:Ethernet HWaddr 00:ff:fc:ef:f6:63
inet6 addr: fe80::2ff:fcff:feef:f663/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4664 errors:0 dropped:0 overruns:0 frame:0
TX packets:1653 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:283120 (276.4 KiB) TX bytes:133771 (130.6 KiB)
root@landing1:~# ifconfig eth3
eth3 Link encap:Ethernet HWaddr 00:04:23:9e:e5:07
inet6 addr: fe80::204:23ff:fe9e:e507/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2812 errors:0 dropped:0 overruns:0 frame:0
TX packets:4670 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:215888 (210.8 KiB) TX bytes:286551 (279.8 KiB)
root@landing1:~# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.0004239ee507 no eth3
tap0
And you should see the following on the SLAVE side:
[root@norbit ~]$ ifconfig br0
br0 Link encap:Ethernet HWaddr 00:13:72:fc:b6:b9
inet addr:10.40.0.252 Bcast:10.40.255.255 Mask:255.255.0.0
inet6 addr: fe80::213:72ff:fefc:b6b9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6056 errors:0 dropped:0 overruns:0 frame:0
TX packets:43 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:309380 (309.3 KB) TX bytes:5387 (5.3 KB)
[root@norbit ~]$ ifconfig tap0
tap0 Link encap:Ethernet HWaddr 06:2a:75:e2:2e:51
inet6 addr: fe80::42a:75ff:fee2:2e51/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1690 errors:0 dropped:0 overruns:0 frame:0
TX packets:4833 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:136685 (136.6 KB) TX bytes:293260 (293.2 KB)
[root@norbit ~]$ ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:13:72:fc:b6:b9
inet6 addr: fe80::213:72ff:fefc:b6b9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7473 errors:0 dropped:0 overruns:0 frame:0
TX packets:459 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:576368 (576.3 KB) TX bytes:64423 (64.4 KB)
Interrupt:17
[root@norbit ~]$ brctl show
bridge name bridge id STP enabled interfaces
br0 8000.001372fcb6b9 no eth1
tap0
Also the /var/log/syslog files on both MASTER and SERVER sides should show you things like:
MASTER Side
Jul 13 22:37:53 landing1 vtund[3222]: VTUN server ver 3.X 02/16/2009 (stand) Jul 13 22:40:01 landing1 vtund[3243]: Use SSL-aware challenge/response Jul 13 22:40:01 landing1 vtund[3243]: Session landing1[203.143.174.94:46055] opened Jul 13 22:40:01 landing1 kernel: [ 1890.096699] tun: Universal TUN/TAP device driver, 1.6 Jul 13 22:40:01 landing1 kernel: [ 1890.096699] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com> Jul 13 22:40:01 landing1 vtund[3243]: UDP connection initialized Jul 13 22:40:01 landing1 kernel: [ 1891.056631] device tap0 entered promiscuous mode Jul 13 22:40:01 landing1 kernel: [ 1891.056712] br0: port 2(tap0) entering learning state ...
SLAVE Side
Jul 14 12:40:00 norbit vtund[31179]: VTun client ver 3.X 02/09/2009 started Jul 14 12:40:00 norbit vtund[31179]: Connecting to 128.6.192.147 Jul 14 12:40:00 norbit vtund[31179]: Use SSL-aware challenge/response Jul 14 12:40:01 norbit vtund[31179]: Remote Server sends <UeK> . Jul 14 12:40:01 norbit vtund[31179]: Session landing1[128.6.192.147] opened Jul 14 12:40:01 norbit vtund[31179]: UDP connection initialized Jul 14 12:40:01 norbit kernel: [83537.540572] device tap0 entered promiscuous mode Jul 14 12:40:01 norbit kernel: [83537.540606] br0: port 2(tap0) entering learning state ...
Also, you should be able to ping machines (including the tunnel end-points, norbit and landing1) on both sides of the L2 link.
Final notes:¶
For the GEC5 Demo:¶
To be able to access the WiMax nodes at Winlab (located in the 10.42.100.X network), we need to add the additional routes to our setup. The following route commands assume that the WiMax gateway is reachable on the NICTA-Winlab LAN at the address 10.40.0.20.- On NORBIT:
route add -net 10.42.0.0 gw 10.40.0.20 netmask 255.255.0.0 dev br0
- On any nodes in our testbed (i.e. nodes with IP 10.40.2.X):
route add -net 10.42.0.0 gw 10.40.0.20 netmask 255.255.0.0 dev eth1