Bridge management with iproute2

You can do simple management tasks on linux virtual bridges using iproute2.

While you can’t set STP or showmacs, you can create/delete bridges and add/remove interfaces.

The following commands are the same.

* add bridge

#brctl addbr ipbr0
#ip l a ipbr0 type bridge

* add interface to bridge

#brctl addif ipbr0 eth0
#ip l s eth0 master ipbr0

* remove interface from bridge

#brctl delif ipbr0 eth0
#ip l s eth0 nomaster

* remove bridge

#brctl delbr ipbr0
#ip l d ipbr0 

VIP loves privacy…with arptables!

If you want to hide your cluster vip for some time, you can play with

#ip link set eth3 arp off

But if your vip is on a virtual interface or a secondary ip, #ip link; can’t help you.

You can just

#sudo yum -y install arptables_jf
#arptables  -A IN -d $YOURVIP -j DROP

The syntax mimics iptables, so

#arptables-save ; # list rules
#arptables -F ; # flush rules

ip route cheatsheet – tunnel with assigned interfaces

When creating an ip tunnel (see ip route cheatsheet) you may let linux to find the right routing path between the nodes.

To create a tunnel between two exact ips (eg. one node has more of one ip on the same network) you have to use the `local` options.

ex. with the following configuration

# host1
eth0: 192.168.0.1/16, 192.168.1.1/16
# host2
eth2: 192.168.0.2/16

Just force host1 to use one of the source ip.

#host1
ip tun add tun0 mode ipip remote 192.168.0.2 local 192.168.1.1
# host2
ip tun add tun0 mode ipip remote 192.168.0.1 local 192.168.0.2

routes made easy

The legacy routes configuration on RH-like was ugly and error prone. You had to compile files like the following:

# route-eth0
ADDRESS0=10.10.10.0
NETMASK0=255.255.255.0
GATEWAY0=192.168.0.253
ADDRESS1=172.16.1.0
NETMASK1=255.255.255.0
GATEWAY1=192.168.0.254

You had to preserve enumeration and evaluate netmasks. This was probably due to the usage of route script, which synopsis is

route add -net $ADDRESS0 netmask $NETMASK0 gw $GATEWAY0

The “new” iproute2 suite allows a new format of route files, compatible with the route dumping.

#route-eth0
10.10.10.0/24 via 192.168.0.253 dev eth0
172.16.1.0/26 via 192.168.0.254 dev eth0

At this point it’s easy to create our route-ethX files starting from the #ip route; output.

#ip route list scope global | grep -- eth0 | grep -v 'default' > route-eth0

In this case we filtered out two kind of entries:
* the default gateway, that could be managed via DHCP or other means like /etc/sysconfig/network:GATEWAY
* non global scope routes, like the ones set by #ip; when assigning addresses.
Check

#man ip |less +/rt_scope

Eg.

#ip -4 -o a list eth2; # show the ip
8: eth2    inet 192.168.0.40/26 brd 192.168.0.63 scope global eth2

#ip route | grep eth2 # show all eth2-related routes
192.168.0.0/26 dev eth2  proto kernel  scope link  src 192.168.0.40    #scope link!
10.0.10.0/24 via 192.168.0.1 dev eth2 

ip route cheatsheet – link, address, tunnel

ip route is the new Linux ip and routing management suite.

ip l # list devices
ip l l eth0 # list only one
ip l s eth0 [down|up] # set link status
ip l s eth0 multicast [on|off] # set multicast status

ip a l # list addresses
ip -4 -o a # list just ipv4 addresses
ip a a 192.168.0.1/24 dev eth0 # set an ip
ip a d 192.168.0.1/32 dev eth0 # remove an ip
ip a f dev eth0 # remove all ips from eth0

ip r # list routes
ip r l m 172.23.0.4 # show the route for the given ip

ip ne # list arp table (ipv4 neighbour table)

# create a tunnel between two host
host1: ip tun add tunnel0 mode ipip remote 192.168.0.2
host1: ip a a 10.0.0.1/24 dev tunnel0
host1: ip l s tunnel0 up
host2: ip tun add tunnel0 mode ipip remote 192.168.0.1
host1: ip a a 10.0.0.2/24 dev tunnel0
host2: ip l s tunnel0 up