Re: transparent bridging ?

To:	Joseph Mack <mack.joseph@xxxxxxx>
Subject:	Re: transparent bridging ?
Cc:	lvs-users@xxxxxxxxxxxxxxxxxxxxxx, "John P. Looney" <john@xxxxxxxxxxxxx>
From:	Julian Anastasov <ja@xxxxxx>
Date:	Mon, 22 Apr 2002 16:36:34 +0000 (GMT)

        Hello,

On Mon, 22 Apr 2002, Joseph Mack wrote:

> In Linux, bridging is implemented by proxy-arp and called pseudo bridging

        This is a 2nd solution which works only for IPv4. There is
layer 2 software under CONFIG_BRIDGE option (the currently discussed
solution):

http://bridge.sourceforge.net

> Packets passed by earlier implementations of proxy-arp are not seen by 
> iptables and
> can't be filtered.
>
> ->(Does this help for the director?)

        iptables should see packets when proxy ARP is used. Can
you explain what you mean?

> The difference between bridging with Linux and bridging with dedicated layer-2
> hardware is that Linux acts at the IP and higher layers.

        With the Linux Bridging Linux is fully functional Layer 2 Switch.

> Initially I thought that bridging could be used to send packets through the
> director to 0/0 from a realserver in LVS-DR, thus solving the
> <ref id="martian" name="martian problem">. Julian told me that
> the packets would still be seen by the upper layers and the packets
> would still be seen as martians.

        Joe, can you send me reference to this (date?), I remember
something similar we talked but don't remember the context. It is
true only for proxy ARP or for Bridging when DIP is used as GW IP,
see below:

        With Bridging the real servers can send packets to the
uplink router through the director's layer 2 bridge. So, yes, the
packets are handled from director but do not reach routing. The
trick is that if the packets are destined to the director's MAC (which
is always true for proxy ARP) then in both solutions the IP
packet reaches routing. So, the director's IP should not be used
as gateway. But director can run Linux Bridging and to stay betwen
the real server(s) and the client(s)/uplink router. In this case
the real servers don't know that when talking to the uplink
router's MAC their packets go through director's layer 2.

> <item>Linux IP does not accept packets destined to foreign lladdr
>
> ->Julian, is the lladdr==MAC for ethernet?

        Yes, lladdr is link layer address

Regards

--
Julian Anastasov <ja@xxxxxx>

<Prev in Thread]	Current Thread	[Next in Thread>
transparent bridging ?, John P. Looney Re: transparent bridging ?, mack@xxxxxxxxxxxx Re: transparent bridging ?, John P. Looney Re: transparent bridging ?, Joseph Mack Re: transparent bridging ?, John P. Looney Re: transparent bridging ?, Joseph Mack Re: transparent bridging ?, John P. Looney Re: transparent bridging ?, Julian Anastasov Re: transparent bridging ?, Joseph Mack Re: transparent bridging ?, Julian Anastasov <= Re: transparent bridging ?, Joseph Mack Whats this Spam Score? Was: [Spam Score 20%] Re: transparent bridging ?, Joseph Mack Re: Whats this Spam Score? Was: [Spam Score 20%] Re: transparent bridging ?, Joe Cooper Re: transparent bridging ?, Julian Anastasov Re: transparent bridging ?, Joseph Mack Re: transparent bridging ?, Julian Anastasov Re: transparent bridging ?, Joe Cooper Re: transparent bridging ?, Joseph Mack Re: transparent bridging ?, Horms

Previous by Date:	Re: Re: LVS-Tun question / help!!!, sme sme
Next by Date:	Re: transparent bridging ?, Joe Cooper
Previous by Thread:	Re: transparent bridging ?, Joseph Mack
Next by Thread:	Re: transparent bridging ?, Joseph Mack
Indexes:	[Date] [Thread] [Top] [All Lists]