Bridge management with iproute2

You can do simple management tasks on linux virtual bridges using iproute2.

While you can’t set STP or showmacs, you can create/delete bridges and add/remove interfaces.

The following commands are the same.

* add bridge

#brctl addbr ipbr0
#ip l a ipbr0 type bridge

* add interface to bridge

#brctl addif ipbr0 eth0
#ip l s eth0 master ipbr0

* remove interface from bridge

#brctl delif ipbr0 eth0
#ip l s eth0 nomaster

* remove bridge

#brctl delbr ipbr0
#ip l d ipbr0 

VIP loves privacy…with arptables!

If you want to hide your cluster vip for some time, you can play with

#ip link set eth3 arp off

But if your vip is on a virtual interface or a secondary ip, #ip link; can’t help you.

You can just

#sudo yum -y install arptables_jf
#arptables  -A IN -d $YOURVIP -j DROP

The syntax mimics iptables, so

#arptables-save ; # list rules
#arptables -F ; # flush rules

ip route cheatsheet – tunnel with assigned interfaces

When creating an ip tunnel (see ip route cheatsheet) you may let linux to find the right routing path between the nodes.

To create a tunnel between two exact ips (eg. one node has more of one ip on the same network) you have to use the `local` options.

ex. with the following configuration

# host1
# host2

Just force host1 to use one of the source ip.

ip tun add tun0 mode ipip remote local
# host2
ip tun add tun0 mode ipip remote local

routes made easy

The legacy routes configuration on RH-like was ugly and error prone. You had to compile files like the following:

# route-eth0

You had to preserve enumeration and evaluate netmasks. This was probably due to the usage of route script, which synopsis is

route add -net $ADDRESS0 netmask $NETMASK0 gw $GATEWAY0

The “new” iproute2 suite allows a new format of route files, compatible with the route dumping.

#route-eth0 via dev eth0 via dev eth0

At this point it’s easy to create our route-ethX files starting from the #ip route; output.

#ip route list scope global | grep -- eth0 | grep -v 'default' > route-eth0

In this case we filtered out two kind of entries:
* the default gateway, that could be managed via DHCP or other means like /etc/sysconfig/network:GATEWAY
* non global scope routes, like the ones set by #ip; when assigning addresses.

#man ip |less +/rt_scope


#ip -4 -o a list eth2; # show the ip
8: eth2    inet brd scope global eth2

#ip route | grep eth2 # show all eth2-related routes dev eth2  proto kernel  scope link  src    #scope link! via dev eth2 

ip route cheatsheet – link, address, tunnel

ip route is the new Linux ip and routing management suite.

ip l # list devices
ip l l eth0 # list only one
ip l s eth0 [down|up] # set link status
ip l s eth0 multicast [on|off] # set multicast status

ip a l # list addresses
ip -4 -o a # list just ipv4 addresses
ip a a dev eth0 # set an ip
ip a d dev eth0 # remove an ip
ip a f dev eth0 # remove all ips from eth0

ip r # list routes
ip r l m # show the route for the given ip

ip ne # list arp table (ipv4 neighbour table)

# create a tunnel between two host
host1: ip tun add tunnel0 mode ipip remote
host1: ip a a dev tunnel0
host1: ip l s tunnel0 up
host2: ip tun add tunnel0 mode ipip remote
host1: ip a a dev tunnel0
host2: ip l s tunnel0 up