[Bridge] Linux Dynamic Bridging Support

Nicolas de Pesloüan nicolas.2p.debian at free.fr
Thu Oct 15 12:36:05 PDT 2009 

Philipp Gühring a écrit :
> Hi,
> 
> The scenario I have is that I have a computer with one network interface
> eth0, that is receiving it's configuration through DHCP, and uses
> complex firewalling rules for eth0.
> 
> Now I want to add a virtual machine on that computer
> 
> According to the usual recipies, I have to do the following:
> 
> ifconfig eth0 0.0.0.0
> brctl addbr br0
> brctl addif br0 eth0
> dhclient br0
> 
> Afterwards I can add interfaces to the bridge:
> brctl addif br0 tun0
> 
> This has several disadvantages:
> * It causes a network outage for up to a few seconds (mostly due to the
> unnecessary DHCP)
> * It does not migrate the firewall rules to br0
> * It breaks all firewall-rules that were written for eth0
> * If I use eth0 in the office today, wlan0 at home, and ppp0 when I am
> outside, then I would need lots of different scripts for all the
> different bridging combinations.
> 
> Now the idea is to add migration support to Linux Bridging.
> 
> It could look like this:
> 
> brctl addbr br0
> brctl takeif br0 eth0
> 
> take-interface would migrate the IP address, and routing entries from
> the eth0 interface to the bridge, in a more-or-less atomic fashion, and
> add eth0 as interface to the brige. It would also adapt iptables-rules
> that were written for eth0 to be pointing to br0 now.
> 
> To release the bridge again, it could be done like this:
> brctl releaseif br0 eth0
> brctl delbr br0
> 
> Since all that is a bit complex, I still have an alternative proposal:
> What if we bridge-enable all normal interfaces?
> It could look like this:
> 
> brctl enablebr eth0
> 
> This would enable bridging mode for the eth0 interface. It automatically
> is able to use the DHCP ip address it was given, the firewalling, ...
> I can then easily add additional interfaces to the bridge-enabled
> interface like this:
> 
> brctl addif eth0 tun0
> 
> And I don't need to worry about DHCP, firewalls, ... anymore.
> 
> So my question now is:
> Which way should we go? Migrating interface configuration into bridges,
> or bridge-enabling interfaces?

So you expect some changes in the kernel to reduce the complexity of the scripts that manage your 
different network setup... I'm not sure that adding complexity into the kernel to reduce a script 
complexity is about to happen at some time... :-)

If building a generic script for your network setup is really too complex, you can try and 
dynamically rename your interfaces... For example, you arrange for ppp0, eth0 or br0 to be named 
myinterface0, based on your current needs, then setup myinterface0, with the setup you expect.

HTH.

	Nicolas.

More information about the Bridge mailing list