Linux bridge network influenced by route table
I was doing an experiment about linux bridge and my network topology is like:
As you can see, there are two hosts located in a LAN, Host1(10.74.68.58) and Host2(10.74.68.47). On Host1, I created a bridge br0 and assigned an IP for it (192.168.3.101). Then I attached eth0 to the bridge:
[root@10.74.68.58:~] # bridge link
2: eth0 state UP : <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 2
I set the default route as br0 and it is ok to ping 10.74.68.47:
[root@10.74.68.58:~] # ip r
default dev br0 scope link
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.42.1
192.168.3.0/24 dev br0 proto kernel scope link src 192.168.3.101
But things became unexplainable when I set default route to eth0 :
[root@10.74.68.58:~] # ip r
default dev eth0 scope link
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.42.1
192.168.3.0/24 dev br0 proto kernel scope link src 192.168.3.101
When eth0 is the default route interface, I try to ping host2 in two different ways:
1, ping 10.74.68.47
Failed. After I checked tcpdump file (captured on interface br0), I found that br0 only received ARP response. So there is no ARP info on interface eth0, thus it can not get the mac of host2. I think this is the right behaviour, is my understanding right?
2, Then I tried ping -I br0 10.74.68.47
I wanted to use -I option to steer clear of default route, but also failed. After I check the tcpdump file (captured on interface br0), I found there is already a pair of icmp echo request and echo reply packet. This confused me a lot. Now that br0 have received echo reply, why can't I ping to host2 successfully?
[root@10.74.68.58:~] # ping -I br0 10.74.68.47
2 packets transmitted, 0 received, 100% packet loss, time 1006ms
Can you guys give me some pointers?
linux networking routing ping bridge
asked Jun 14 '17 at 14:38
ruanhao
13019
add a comment |
I was doing an experiment about linux bridge and my network topology is like:
As you can see, there are two hosts located in a LAN, Host1(10.74.68.58) and Host2(10.74.68.47). On Host1, I created a bridge br0 and assigned an IP for it (192.168.3.101). Then I attached eth0 to the bridge:
[root@10.74.68.58:~] # bridge link
2: eth0 state UP : <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 2
I set the default route as br0 and it is ok to ping 10.74.68.47:
[root@10.74.68.58:~] # ip r
default dev br0 scope link
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.42.1
192.168.3.0/24 dev br0 proto kernel scope link src 192.168.3.101
But things became unexplainable when I set default route to eth0 :
[root@10.74.68.58:~] # ip r
default dev eth0 scope link
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.42.1
192.168.3.0/24 dev br0 proto kernel scope link src 192.168.3.101
When eth0 is the default route interface, I try to ping host2 in two different ways:
1, ping 10.74.68.47
Failed. After I checked tcpdump file (captured on interface br0), I found that br0 only received ARP response. So there is no ARP info on interface eth0, thus it can not get the mac of host2. I think this is the right behaviour, is my understanding right?
2, Then I tried ping -I br0 10.74.68.47
I wanted to use -I option to steer clear of default route, but also failed. After I check the tcpdump file (captured on interface br0), I found there is already a pair of icmp echo request and echo reply packet. This confused me a lot. Now that br0 have received echo reply, why can't I ping to host2 successfully?
[root@10.74.68.58:~] # ping -I br0 10.74.68.47
2 packets transmitted, 0 received, 100% packet loss, time 1006ms
Can you guys give me some pointers?
linux networking routing ping bridge
asked Jun 14 '17 at 14:38
ruanhao
13019
add a comment |
I was doing an experiment about linux bridge and my network topology is like:
As you can see, there are two hosts located in a LAN, Host1(10.74.68.58) and Host2(10.74.68.47). On Host1, I created a bridge br0 and assigned an IP for it (192.168.3.101). Then I attached eth0 to the bridge:
[root@10.74.68.58:~] # bridge link
2: eth0 state UP : <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 2
I set the default route as br0 and it is ok to ping 10.74.68.47:
[root@10.74.68.58:~] # ip r
default dev br0 scope link
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.42.1
192.168.3.0/24 dev br0 proto kernel scope link src 192.168.3.101
But things became unexplainable when I set default route to eth0 :
[root@10.74.68.58:~] # ip r
default dev eth0 scope link
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.42.1
192.168.3.0/24 dev br0 proto kernel scope link src 192.168.3.101
When eth0 is the default route interface, I try to ping host2 in two different ways:
1, ping 10.74.68.47
Failed. After I checked tcpdump file (captured on interface br0), I found that br0 only received ARP response. So there is no ARP info on interface eth0, thus it can not get the mac of host2. I think this is the right behaviour, is my understanding right?
2, Then I tried ping -I br0 10.74.68.47
I wanted to use -I option to steer clear of default route, but also failed. After I check the tcpdump file (captured on interface br0), I found there is already a pair of icmp echo request and echo reply packet. This confused me a lot. Now that br0 have received echo reply, why can't I ping to host2 successfully?
[root@10.74.68.58:~] # ping -I br0 10.74.68.47
2 packets transmitted, 0 received, 100% packet loss, time 1006ms
Can you guys give me some pointers?
linux networking routing ping bridge
asked Jun 14 '17 at 14:38
ruanhao
13019
I was doing an experiment about linux bridge and my network topology is like:
As you can see, there are two hosts located in a LAN, Host1(10.74.68.58) and Host2(10.74.68.47). On Host1, I created a bridge br0 and assigned an IP for it (192.168.3.101). Then I attached eth0 to the bridge:
[root@10.74.68.58:~] # bridge link
2: eth0 state UP : <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 2
I set the default route as br0 and it is ok to ping 10.74.68.47:
[root@10.74.68.58:~] # ip r
default dev br0 scope link
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.42.1
192.168.3.0/24 dev br0 proto kernel scope link src 192.168.3.101
But things became unexplainable when I set default route to eth0 :
[root@10.74.68.58:~] # ip r
default dev eth0 scope link
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.42.1
192.168.3.0/24 dev br0 proto kernel scope link src 192.168.3.101
When eth0 is the default route interface, I try to ping host2 in two different ways:
1, ping 10.74.68.47
Failed. After I checked tcpdump file (captured on interface br0), I found that br0 only received ARP response. So there is no ARP info on interface eth0, thus it can not get the mac of host2. I think this is the right behaviour, is my understanding right?
2, Then I tried ping -I br0 10.74.68.47
I wanted to use -I option to steer clear of default route, but also failed. After I check the tcpdump file (captured on interface br0), I found there is already a pair of icmp echo request and echo reply packet. This confused me a lot. Now that br0 have received echo reply, why can't I ping to host2 successfully?
[root@10.74.68.58:~] # ping -I br0 10.74.68.47
2 packets transmitted, 0 received, 100% packet loss, time 1006ms
Can you guys give me some pointers?
linux networking routing ping bridge
linux networking routing ping bridge
asked Jun 14 '17 at 14:38
ruanhao
13019
asked Jun 14 '17 at 14:38
ruanhao
13019
asked Jun 14 '17 at 14:38
ruanhao
13019
asked Jun 14 '17 at 14:38
ruanhao
13019
asked Jun 14 '17 at 14:38
ruanhao
13019
13019
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
Bridging doesn't work the way you think it works. :-)
A bridge is only concerned with OSI level 2 (Ethernet frames). On this level, IP addresses etc. don't exist. Conceptually, you can think of a bridge as a collection of ethernet interfaces. Each interface is called a port, and a packet that goes into one port comes out on all other ports. (Actually, in the Linux implementation, there's an optimization that keeps a table of seen MAC addresses, but conceptually, it doesn't matter).
So a bridge can connect ("bridge") several ethernet segments into one big segment.
Then what does it mean to "give a Linux bridge an IP address"? In the Linux implementation, the bridge is not a separate hardware device (like they originally were), it's also accessible from the host itself. That means it acts like a kind of "super-ethernet interface" with many ports, but packets that go into the kernel or out from this kernel to or from any of these ports reach the Linux OS under a single IP address.
So as soon as you make an ethernet interface a slave (port) of a bridge, it ceases to have its own address. The only thing that counts is the IP address of the bridge.
In other words, making a bridge with only a single port makes no sense (you could have used the interface by itself). Trying to route packets to a port of a bridge makes no sense (as far as the kernel is concerned, the bridge is a single device).
If you want to play around with a bridge, you need a structure like this:
10.0.2.1/23 10.0.2.2/23 10.0.3.254/23 10.0.3.1/23 10.0.3.2/23
............ ............ ............... ............ ............
. Host A . . Host B . . Host X . . Host C . . Host D .
. . . . . <-- br0 --> . . . . .
. eth0 . . eth0 . . eth0 eth1 . . eth0 . . eth0 .
.....|...... .....|...... ...|......|.... .....|...... .....|......
| | | | | |
-----+--------------+------------+ +------------+--------------+------
<-------- left Segment ---------> <------- right Segment ----------->
Here the left segment with hosts A and B is bridged by host X to the right segment with hosts C and D, and each host is accessible by a single IP address (which is assigned to interfaces or the bridge as a whole).
answered Jun 15 '17 at 9:28
dirkt
9,04231121
thank you very much for your instruction. You're right, my topology here is not the proper practice for linux bridge. I set up this weird topology in order to find out how packet flows when there exists a bridge. But after I read up some material about linux kernel, I found my question has something to do with 'rp_filter' option. And though this is a very very strange topology, it may happen to be an experiment environment to test 'rp_filter' function :)
– ruanhao
Jun 15 '17 at 13:45
AFAIK,rp_filteris "reverse path filtering" and works on level 3 (IP packets, routing), not on level 2 (ethernet frames, bridging), so I don't think there's a connection. If you want to test Linux kernel routing, you need to set it up as a router, not a bridge.
– dirkt
Jun 15 '17 at 15:25
1
Thank you! This is a fantastic answer that cleared up some misconceptions I had about network bridging.
– gcarvelli
Jan 30 at 15:50
add a comment |
When you ping -I br0 10.74.68.47, Protocol stack find that the ip(10.74.68.47) isn't in the same LAN with br0, so it sends ARP through eth0. But eth0 attached br0, it can't connect protocol stack, eth0 will send ARP response to br0, then br0 find mac does not match, so it drop it. so protocol stack does not get ARP response.
You can change the ip of br0 to 10.74.68.x/24. it will be ok.
answered Dec 6 at 12:45
Panpan Zhang
1
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1219223%2flinux-bridge-network-influenced-by-route-table%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
Bridging doesn't work the way you think it works. :-)
A bridge is only concerned with OSI level 2 (Ethernet frames). On this level, IP addresses etc. don't exist. Conceptually, you can think of a bridge as a collection of ethernet interfaces. Each interface is called a port, and a packet that goes into one port comes out on all other ports. (Actually, in the Linux implementation, there's an optimization that keeps a table of seen MAC addresses, but conceptually, it doesn't matter).
So a bridge can connect ("bridge") several ethernet segments into one big segment.
Then what does it mean to "give a Linux bridge an IP address"? In the Linux implementation, the bridge is not a separate hardware device (like they originally were), it's also accessible from the host itself. That means it acts like a kind of "super-ethernet interface" with many ports, but packets that go into the kernel or out from this kernel to or from any of these ports reach the Linux OS under a single IP address.
So as soon as you make an ethernet interface a slave (port) of a bridge, it ceases to have its own address. The only thing that counts is the IP address of the bridge.
In other words, making a bridge with only a single port makes no sense (you could have used the interface by itself). Trying to route packets to a port of a bridge makes no sense (as far as the kernel is concerned, the bridge is a single device).
If you want to play around with a bridge, you need a structure like this:
10.0.2.1/23 10.0.2.2/23 10.0.3.254/23 10.0.3.1/23 10.0.3.2/23
............ ............ ............... ............ ............
. Host A . . Host B . . Host X . . Host C . . Host D .
. . . . . <-- br0 --> . . . . .
. eth0 . . eth0 . . eth0 eth1 . . eth0 . . eth0 .
.....|...... .....|...... ...|......|.... .....|...... .....|......
| | | | | |
-----+--------------+------------+ +------------+--------------+------
<-------- left Segment ---------> <------- right Segment ----------->
Here the left segment with hosts A and B is bridged by host X to the right segment with hosts C and D, and each host is accessible by a single IP address (which is assigned to interfaces or the bridge as a whole).
answered Jun 15 '17 at 9:28
dirkt
9,04231121
thank you very much for your instruction. You're right, my topology here is not the proper practice for linux bridge. I set up this weird topology in order to find out how packet flows when there exists a bridge. But after I read up some material about linux kernel, I found my question has something to do with 'rp_filter' option. And though this is a very very strange topology, it may happen to be an experiment environment to test 'rp_filter' function :)
– ruanhao
Jun 15 '17 at 13:45
AFAIK,rp_filteris "reverse path filtering" and works on level 3 (IP packets, routing), not on level 2 (ethernet frames, bridging), so I don't think there's a connection. If you want to test Linux kernel routing, you need to set it up as a router, not a bridge.
– dirkt
Jun 15 '17 at 15:25
1
Thank you! This is a fantastic answer that cleared up some misconceptions I had about network bridging.
– gcarvelli
Jan 30 at 15:50
add a comment |
Bridging doesn't work the way you think it works. :-)
A bridge is only concerned with OSI level 2 (Ethernet frames). On this level, IP addresses etc. don't exist. Conceptually, you can think of a bridge as a collection of ethernet interfaces. Each interface is called a port, and a packet that goes into one port comes out on all other ports. (Actually, in the Linux implementation, there's an optimization that keeps a table of seen MAC addresses, but conceptually, it doesn't matter).
So a bridge can connect ("bridge") several ethernet segments into one big segment.
Then what does it mean to "give a Linux bridge an IP address"? In the Linux implementation, the bridge is not a separate hardware device (like they originally were), it's also accessible from the host itself. That means it acts like a kind of "super-ethernet interface" with many ports, but packets that go into the kernel or out from this kernel to or from any of these ports reach the Linux OS under a single IP address.
So as soon as you make an ethernet interface a slave (port) of a bridge, it ceases to have its own address. The only thing that counts is the IP address of the bridge.
In other words, making a bridge with only a single port makes no sense (you could have used the interface by itself). Trying to route packets to a port of a bridge makes no sense (as far as the kernel is concerned, the bridge is a single device).
If you want to play around with a bridge, you need a structure like this:
10.0.2.1/23 10.0.2.2/23 10.0.3.254/23 10.0.3.1/23 10.0.3.2/23
............ ............ ............... ............ ............
. Host A . . Host B . . Host X . . Host C . . Host D .
. . . . . <-- br0 --> . . . . .
. eth0 . . eth0 . . eth0 eth1 . . eth0 . . eth0 .
.....|...... .....|...... ...|......|.... .....|...... .....|......
| | | | | |
-----+--------------+------------+ +------------+--------------+------
<-------- left Segment ---------> <------- right Segment ----------->
Here the left segment with hosts A and B is bridged by host X to the right segment with hosts C and D, and each host is accessible by a single IP address (which is assigned to interfaces or the bridge as a whole).
answered Jun 15 '17 at 9:28
dirkt
9,04231121
thank you very much for your instruction. You're right, my topology here is not the proper practice for linux bridge. I set up this weird topology in order to find out how packet flows when there exists a bridge. But after I read up some material about linux kernel, I found my question has something to do with 'rp_filter' option. And though this is a very very strange topology, it may happen to be an experiment environment to test 'rp_filter' function :)
– ruanhao
Jun 15 '17 at 13:45
AFAIK,rp_filteris "reverse path filtering" and works on level 3 (IP packets, routing), not on level 2 (ethernet frames, bridging), so I don't think there's a connection. If you want to test Linux kernel routing, you need to set it up as a router, not a bridge.
– dirkt
Jun 15 '17 at 15:25
1
Thank you! This is a fantastic answer that cleared up some misconceptions I had about network bridging.
– gcarvelli
Jan 30 at 15:50
add a comment |
Bridging doesn't work the way you think it works. :-)
A bridge is only concerned with OSI level 2 (Ethernet frames). On this level, IP addresses etc. don't exist. Conceptually, you can think of a bridge as a collection of ethernet interfaces. Each interface is called a port, and a packet that goes into one port comes out on all other ports. (Actually, in the Linux implementation, there's an optimization that keeps a table of seen MAC addresses, but conceptually, it doesn't matter).
So a bridge can connect ("bridge") several ethernet segments into one big segment.
Then what does it mean to "give a Linux bridge an IP address"? In the Linux implementation, the bridge is not a separate hardware device (like they originally were), it's also accessible from the host itself. That means it acts like a kind of "super-ethernet interface" with many ports, but packets that go into the kernel or out from this kernel to or from any of these ports reach the Linux OS under a single IP address.
So as soon as you make an ethernet interface a slave (port) of a bridge, it ceases to have its own address. The only thing that counts is the IP address of the bridge.
In other words, making a bridge with only a single port makes no sense (you could have used the interface by itself). Trying to route packets to a port of a bridge makes no sense (as far as the kernel is concerned, the bridge is a single device).
If you want to play around with a bridge, you need a structure like this:
10.0.2.1/23 10.0.2.2/23 10.0.3.254/23 10.0.3.1/23 10.0.3.2/23
............ ............ ............... ............ ............
. Host A . . Host B . . Host X . . Host C . . Host D .
. . . . . <-- br0 --> . . . . .
. eth0 . . eth0 . . eth0 eth1 . . eth0 . . eth0 .
.....|...... .....|...... ...|......|.... .....|...... .....|......
| | | | | |
-----+--------------+------------+ +------------+--------------+------
<-------- left Segment ---------> <------- right Segment ----------->
Here the left segment with hosts A and B is bridged by host X to the right segment with hosts C and D, and each host is accessible by a single IP address (which is assigned to interfaces or the bridge as a whole).
answered Jun 15 '17 at 9:28
dirkt
9,04231121
Bridging doesn't work the way you think it works. :-)
A bridge is only concerned with OSI level 2 (Ethernet frames). On this level, IP addresses etc. don't exist. Conceptually, you can think of a bridge as a collection of ethernet interfaces. Each interface is called a port, and a packet that goes into one port comes out on all other ports. (Actually, in the Linux implementation, there's an optimization that keeps a table of seen MAC addresses, but conceptually, it doesn't matter).
So a bridge can connect ("bridge") several ethernet segments into one big segment.
Then what does it mean to "give a Linux bridge an IP address"? In the Linux implementation, the bridge is not a separate hardware device (like they originally were), it's also accessible from the host itself. That means it acts like a kind of "super-ethernet interface" with many ports, but packets that go into the kernel or out from this kernel to or from any of these ports reach the Linux OS under a single IP address.
So as soon as you make an ethernet interface a slave (port) of a bridge, it ceases to have its own address. The only thing that counts is the IP address of the bridge.
In other words, making a bridge with only a single port makes no sense (you could have used the interface by itself). Trying to route packets to a port of a bridge makes no sense (as far as the kernel is concerned, the bridge is a single device).
If you want to play around with a bridge, you need a structure like this:
10.0.2.1/23 10.0.2.2/23 10.0.3.254/23 10.0.3.1/23 10.0.3.2/23
............ ............ ............... ............ ............
. Host A . . Host B . . Host X . . Host C . . Host D .
. . . . . <-- br0 --> . . . . .
. eth0 . . eth0 . . eth0 eth1 . . eth0 . . eth0 .
.....|...... .....|...... ...|......|.... .....|...... .....|......
| | | | | |
-----+--------------+------------+ +------------+--------------+------
<-------- left Segment ---------> <------- right Segment ----------->
Here the left segment with hosts A and B is bridged by host X to the right segment with hosts C and D, and each host is accessible by a single IP address (which is assigned to interfaces or the bridge as a whole).
answered Jun 15 '17 at 9:28
dirkt
9,04231121
answered Jun 15 '17 at 9:28
dirkt
9,04231121
answered Jun 15 '17 at 9:28
dirkt
9,04231121
answered Jun 15 '17 at 9:28
dirkt
9,04231121
9,04231121
thank you very much for your instruction. You're right, my topology here is not the proper practice for linux bridge. I set up this weird topology in order to find out how packet flows when there exists a bridge. But after I read up some material about linux kernel, I found my question has something to do with 'rp_filter' option. And though this is a very very strange topology, it may happen to be an experiment environment to test 'rp_filter' function :)
– ruanhao
Jun 15 '17 at 13:45
AFAIK,rp_filteris "reverse path filtering" and works on level 3 (IP packets, routing), not on level 2 (ethernet frames, bridging), so I don't think there's a connection. If you want to test Linux kernel routing, you need to set it up as a router, not a bridge.
– dirkt
Jun 15 '17 at 15:25
1
Thank you! This is a fantastic answer that cleared up some misconceptions I had about network bridging.
– gcarvelli
Jan 30 at 15:50
add a comment |
thank you very much for your instruction. You're right, my topology here is not the proper practice for linux bridge. I set up this weird topology in order to find out how packet flows when there exists a bridge. But after I read up some material about linux kernel, I found my question has something to do with 'rp_filter' option. And though this is a very very strange topology, it may happen to be an experiment environment to test 'rp_filter' function :)
– ruanhao
Jun 15 '17 at 13:45
AFAIK,rp_filteris "reverse path filtering" and works on level 3 (IP packets, routing), not on level 2 (ethernet frames, bridging), so I don't think there's a connection. If you want to test Linux kernel routing, you need to set it up as a router, not a bridge.
– dirkt
Jun 15 '17 at 15:25
1
Thank you! This is a fantastic answer that cleared up some misconceptions I had about network bridging.
– gcarvelli
Jan 30 at 15:50
thank you very much for your instruction. You're right, my topology here is not the proper practice for linux bridge. I set up this weird topology in order to find out how packet flows when there exists a bridge. But after I read up some material about linux kernel, I found my question has something to do with 'rp_filter' option. And though this is a very very strange topology, it may happen to be an experiment environment to test 'rp_filter' function :)
– ruanhao
Jun 15 '17 at 13:45
thank you very much for your instruction. You're right, my topology here is not the proper practice for linux bridge. I set up this weird topology in order to find out how packet flows when there exists a bridge. But after I read up some material about linux kernel, I found my question has something to do with 'rp_filter' option. And though this is a very very strange topology, it may happen to be an experiment environment to test 'rp_filter' function :)
– ruanhao
Jun 15 '17 at 13:45
AFAIK,
rp_filter is "reverse path filtering" and works on level 3 (IP packets, routing), not on level 2 (ethernet frames, bridging), so I don't think there's a connection. If you want to test Linux kernel routing, you need to set it up as a router, not a bridge.– dirkt
Jun 15 '17 at 15:25
AFAIK,
rp_filter is "reverse path filtering" and works on level 3 (IP packets, routing), not on level 2 (ethernet frames, bridging), so I don't think there's a connection. If you want to test Linux kernel routing, you need to set it up as a router, not a bridge.– dirkt
Jun 15 '17 at 15:25
1
1
Thank you! This is a fantastic answer that cleared up some misconceptions I had about network bridging.
– gcarvelli
Jan 30 at 15:50
Thank you! This is a fantastic answer that cleared up some misconceptions I had about network bridging.
– gcarvelli
Jan 30 at 15:50
add a comment |
When you ping -I br0 10.74.68.47, Protocol stack find that the ip(10.74.68.47) isn't in the same LAN with br0, so it sends ARP through eth0. But eth0 attached br0, it can't connect protocol stack, eth0 will send ARP response to br0, then br0 find mac does not match, so it drop it. so protocol stack does not get ARP response.
You can change the ip of br0 to 10.74.68.x/24. it will be ok.
answered Dec 6 at 12:45
Panpan Zhang
1
add a comment |
When you ping -I br0 10.74.68.47, Protocol stack find that the ip(10.74.68.47) isn't in the same LAN with br0, so it sends ARP through eth0. But eth0 attached br0, it can't connect protocol stack, eth0 will send ARP response to br0, then br0 find mac does not match, so it drop it. so protocol stack does not get ARP response.
You can change the ip of br0 to 10.74.68.x/24. it will be ok.
answered Dec 6 at 12:45
Panpan Zhang
1
add a comment |
When you ping -I br0 10.74.68.47, Protocol stack find that the ip(10.74.68.47) isn't in the same LAN with br0, so it sends ARP through eth0. But eth0 attached br0, it can't connect protocol stack, eth0 will send ARP response to br0, then br0 find mac does not match, so it drop it. so protocol stack does not get ARP response.
You can change the ip of br0 to 10.74.68.x/24. it will be ok.
answered Dec 6 at 12:45
Panpan Zhang
1
When you ping -I br0 10.74.68.47, Protocol stack find that the ip(10.74.68.47) isn't in the same LAN with br0, so it sends ARP through eth0. But eth0 attached br0, it can't connect protocol stack, eth0 will send ARP response to br0, then br0 find mac does not match, so it drop it. so protocol stack does not get ARP response.
You can change the ip of br0 to 10.74.68.x/24. it will be ok.
answered Dec 6 at 12:45
Panpan Zhang
1
answered Dec 6 at 12:45
Panpan Zhang
1
answered Dec 6 at 12:45
Panpan Zhang
1
answered Dec 6 at 12:45
Panpan Zhang
1
1
add a comment |
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1219223%2flinux-bridge-network-influenced-by-route-table%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
