I'm currently have this:
br0: connected to bridge-br0
"br0"
bridge, 02:81:A4:CF:CE:9F, sw, mtu 1500
ip4 default
inet4 192.168.1.10/24
route4 192.168.1.0/24
route4 0.0.0.0/0
inet6 fe80::b274:abc7:1ff9:ecc5/64
route6 fe80::/64
route6 ff00::/8
eth0: connected to bridge-slave-eth0
"eth0"
ethernet (dwmac-sun8i), 02:81:A4:CF:CE:9F, hw, mtu 1500
master br0
route6 ff00::/8
lo: unmanaged
"lo"
loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536
I'm trying to create a tap interface and add it to br0:
# sudo -sE
# nmcli con add type tun ifname tap0 mode tap ip4 10.10.10.10/24
Connection 'tun-tap0' (02a77364-3dc1-4bed-8b46-e8be91fcbb93) successfully added.
# nmcli con add type bridge-slave ifname tap0 master br0
Connection 'bridge-slave-tap0' (831d750b-3d86-40dd-8ab5-da4bdccc5f9e) successfully added.
# nmcli c
NAME UUID TYPE DEVICE
bridge-br0 4dfb2c88-b861-49c4-aee0-9449a9b33b9d bridge br0
tun-tap0 02a77364-3dc1-4bed-8b46-e8be91fcbb93 tun tap0
bridge-slave-eth0 e0a65d4f-d062-4959-8343-1aa11a72dff8 ethernet eth0
bridge-slave-tap0 831d750b-3d86-40dd-8ab5-da4bdccc5f9e ethernet --
wire a4c2b672-2617-3f07-bc25-53b3e415dba5 ethernet --
I'm getting an error when trying to enable it
# nmcli con up bridge-slave-tap0
Error: Connection activation failed: No suitable device found for this connection (device eth0 not available because profile is not compatible with device (mismatching interface name)).
Am I doing something wrong?
ok, spent like 2 days and was about to give up on NetworkManager
The following command is redundant nmcli con add type tun ifname tap0 mode tap ip4 10.10.10.10/24
Then instead of nmcli con add type bridge-slave ifname tap0 master br0 it should be nmcli con add type tun mode tap ifname tap0 master br0 since bridge-slave is an alias to ethernet profile
Created a bridge
ovs-vsctl add-br br0
Added a port of type vxlan in bridge br0
ovs-vsctl add-port br0 tun1 \
-- set Interface tun1 type=vxlan \
options:remote_ip=10.2.3.204 options:key=10 options:df_default=False
Added an internal port in bridge br0
ovs-vsctl add-port br0 iface1 \
-- set Interface iface1 type=internal options:df_default=False
Set the interfaces up
ip link set vxlan_sys_4789 up
ip link set iface1 up
I am receiving traffic in interface iface1 and I am expecting the same traffic encapsulated with the given tunnel.
I send packets with frame size 1472 bytes, I receive the same with the encapsulation done at the remote host (10.2.3.204). But when the frame size exceeds 1472 bytes, the packets get fragmented in interface iface1 and all the fragmented packets pass through the flow. But, I receive in remote host (10.2.3.204) only the last fragment of the traffic where more fragment bit is not set.
On further debugging, I found that in the tunnel interface, vxlan_sys_4789, I see that only the last fragment of the traffic is received, while others are dropped.
Is there any explicit condition in ovs to drop these packets?
Despite fragment flag is set true, why are the fragments not passing through the tunnel?
By default Open vSwitch overrides the internal interfaces (e.g. br0) MTU. If you have just an internal interface (e.g. br0) and a physical interface (e.g. eth0), then every change in MTU to eth0 will be reflected to br0. Any manual MTU configuration using ip on internal interfaces is going to be overridden by Open vSwitch to match the current bridge minimum.
Sometimes this behavior is not desirable, for example with tunnels. The MTU of an internal interface can be explicitly set using the following command:
ovs-vsctl set int br0 mtu_request=1450
After this, Open vSwitch will configure br0 MTU to 1450. Since this setting is in the database it will be persistent (compared to what happens with ip).
The MTU configuration can be removed to restore the default behavior with:
$ ovs-vsctl set int br0 mtu_request=[]
The mtu_request column can be used to configure MTU even for physical interfaces (e.g. eth0).
I'd like to test out UDP broadcast on a very simple network: an old wifi router (WRT54GS) that's not connected to the internet at all, an android tablet, and my macbook:
[Tablet] <\/\/\/\/\/> [Wifi Router] <\/\/\/\/\/> [Macbook]
where the wavy lines indicate wireless connections.
The Macbook has IP address 192.168.1.101, the tablet has IP address 192.168.1.102. The router is 192.168.1.1.
To avoid too much low-level detail, I wanted to use netcat to do my testing. I decided to use port 11011 because it was easy to type.
As a first step, I thought I'd try just making this work from the macbook back to itself. In two terminal windows, I ran these programs
Window 1: % nc -ul 11011
which I started up first, and then:
Window 2: % echo 'foo' | nc -v -u 255.255.255.255 11011
Nothing showed up in Window 1. The result in Window 2 was this:
found 0 associations
found 1 connections:
1: flags=82<CONNECTED,PREFERRED>
outif (null)
src 192.168.1.2 port 61985
dst 255.255.255.255 port 11011
rank info not available
I'm fairly certain I'm missing something obvious here. Can someone familiar with nc spot my obvious error?
This is a multi-part answer, gleaned from other SO and SuperUser answers and a bit of guesswork.
Mac-to-mac communication via UDP broadcast over wifi
The first thing is that the mac version of netcat (nc) as of Oct 2018 doesn't support broadcast, so you have to switch to "socat", which is far more general and powerful in what it can send. As for the listening side, what worked for me, eventually, was
Terminal 1: % nc -l -u 11011
What about the sending side? Well, it turns out I needed more information. For instance, trying this with the localhost doesn't work at all, because that particular "interface" (gosh, I hate the overloading of words in CS; as a mathematician, I'd hope that CS people might have learned from our experience what a bad idea this is...) doesn't support broadcast. And how did I learn that? Via ifconfig, a tool that shows how your network is configured. In my case, the output was this:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 98:01:a7:8a:6b:35
inet 192.168.1.101 netmask 0xffffff00 broadcast 192.168.1.255
media: autoselect
status: active
en1: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 4a:00:05:f3:ac:30
media: autoselect <full-duplex>
status: inactive
en2: flags=963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX> mtu 1500
options=60<TSO4,TSO6>
ether 4a:00:05:f3:ac:31
media: autoselect <full-duplex>
status: inactive
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
options=63<RXCSUM,TXCSUM,TSO4,TSO6>
ether 4a:00:05:f3:ac:30
Configuration:
id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
ipfilter disabled flags 0x2
member: en1 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 5 priority 0 path cost 0
member: en2 flags=3<LEARNING,DISCOVER>
ifmaxaddr 0 port 6 priority 0 path cost 0
media: <unknown type>
status: inactive
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0a:01:a7:8a:6b:35
media: autoselect
status: inactive
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1484
ether 7e:00:76:6d:5c:09
inet6 fe80::7c00:76ff:fe6d:5c09%awdl0 prefixlen 64 scopeid 0x9
nd6 options=201<PERFORMNUD,DAD>
media: autoselect
status: active
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
inet6 fe80::773a:6d9e:1d47:7502%utun0 prefixlen 64 scopeid 0xa
nd6 options=201<PERFORMNUD,DAD>
most of which means nothing to me. But look at "en0", the ethernet connection to the wireless network (192.168). The data there really tells you something. The flags tell you that it supports broadcast and multicast. Two lines late, the word broadcast appears again, followed by 192.168.1.255, which suggested to me that this might be the right address to which to send broadcast packets.
With that in mind, I tried this:
Terminal 2: % echo -n "TEST" | socat - udp-datagram:192.168.1.255:11011,broadcast
with the result that in Terminal 1, the word TEST appeared!
When I retyped the same command in Terminal 2, nothing more appeared in Terminal 1; it seems that the "listen" is listening for a single message, for reasons I do not understand. But hey, at least it's getting me somewhere!
Mac to tablet communication
First, on the tablet, I tried to mimic the listening side of the mac version above. The termux version of nc didn't support the -u flag, so I had to do something else. I decided to use socat. As a first step, I got it working mac-to-mac (via the wifi router of course). It turns out that to listen for UDP packets, you have to use udp-listen rather than udp-datagram, but otherwise it was pretty simple. In the end, it looked like this:
Terminal 1: % socat udp-listen:11011 -
meaning "listen for stuff on port 11011 and copy to standard output", and
Terminal 2: % echo -n "TEST" | socat - udp-datagram:192.168.1.255:11011,broadcast
Together, this got data from Terminal 2 to Terminal 1.
Then I tried it on the tablet. As I mentioned, nc on the tablet was feeble. But socat was missing entirely.
I tried it, found it wasn't installed, and installed it.
Once I'd done that, on the Tablet I typed
Tablet: % socat udp-listen:11011 -
and on the mac, in Terminal 2, I once again typed
Terminal 2: echo -n "TEST" | socat - udp-datagram:192.168.1.255:11011,broadcast
and sure enough, the word TEST appeared on the tablet!
Even better, by reading the docs I found I could use
socat udp:recv:11011 -
which not only listens, but continues to listen, and hence will report multiple UDP packets, one after another. (udp-listen, by contrast, seems to wait for one packet and then try to communicate back with the sender of that packet, which isn't what I wanted at all.)
I'm using OpenStack to help me virtualize my infrastructure.
You can see how my topology looks like --> My Topology in Openstack
I face issues in configuring the 2 switches.
Here is what I have done (I'm in sudo mode) :
1) Installing openvswitch paquets :
apt-get install openvswitch-switch
2) Creating a bridge named br0 :
ovs-vsctl add-br br0
3) Turn up mybridge interface :
ifconfig br0 up
4) Add the physical interface ens4 to the bridge (I'm connecting through the switch via SSH using the interface ens3) :
ovs-vsctl add-port br0 ens4
5) Remove ens4's IP addressing :
ifconfig ens4 0
6) Add to br0 the former ens4's IP adressing (I take the switch 1 for instance) :
ifconfig br0 192.168.1.18
7) Add a default gateway in the routing table :
route add default gw 192.168.1.1 br0
Unfortunately, after all those steps, I'm still unable to ping from Host_1 (whose IP address is 192.168.1.12) to my Switch_1 (whose IP address is 192.168.1.18, the IP address 192.168.0.30 is used for configuring the Switch via SSH connection) and vice-versa.
Any ideas ?
Thank you in advance
P.S. : If the image is not readable, please tell me, I'll make a new one.
I'm assuming those switches represent VMs, basically because in OpenStack you can't create switches.
That being said, due to ARP reasons, you have to change the MAC addresses. Try giving the bridge the same MAC address as ens4 and change the MAC address of ens4. The script should look like this:
NIC="ens4"
MAC=$(ifconfig $NIC | grep "HWaddr\b" | awk '{print $5}')
ovs-vsctl add-br br0 -- set bridge br0 other-config:hwaddr=$MAC
ovs-vsctl add-port br0 $NIC > /dev/null 2>&1
ifconfig $NIC 0.0.0.0
LAST_MAC_CHAR=${MAC:(-1)}
AUX="${MAC:0:${#MAC}-1}"
if [ "$LAST_MAC_CHAR" -eq "$LAST_MAC_CHAR" ] 2>/dev/null; then
NL="a"
else
NL="1"
fi
NEW_MAC="$AUX$NL"
ifconfig $NIC hw ether $NEW_MAC
Also, check you allow ICMP traffic in the security groups of the VMs.
I want to record net traffic everytime on debian8.
Here is my way.
sudo vim /etc/systemd/system/graphical.target.wants/Ktraffic.service
[Unit]
Description=Record net traffic
[Service]
Type=oneshot
ExecStart=/bin/bash /etc/init.d/K01trafficLog.sh
[Install]
WantedBy=poweroff.target
sudo vim /etc/init.d/K011trafficLog.sh
#!/bin/bash
trafficlog="/var/log/traffic.log"
echo `date "+%Y-%m-%d %H:%M:%S "` >> $trafficlog
iptables -v -L INPUT |grep Chain >> $trafficlog
systemctl enable ktraffic.service
To check the traffic log file when to reboot.
sudo cat /var/log/traffic.log
2017-02-05 10:49:31Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
2017-02-05 11:40:25Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
no packets number recorded in /var/log/traffic.log.
Network connection was closed before execution of /etc/init.d/K011trafficLog.sh,how to make it execute before network connection colsed?
Which service closed network connection during poweroff?
systemctl |grep net - vim
(standard input):sys-devices-pci0000:00-0000:00:1c.2-0000:03:00.0-net-eth0.device loaded active plugged RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
(standard input):sys-subsystem-net-devices-eth0.device loaded active plugged RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
(standard input):netfilter-persistent.service loaded active exited netfilter persistent configuration
(standard input):network-online.target loaded active active Network is Online
(standard input):network.target loaded active active Network
vim:sys-devices-pci0000:00-0000:00:1c.2-0000:03:00.0-net-eth0.device loaded active plugged RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
vim:sys-subsystem-net-devices-eth0.device loaded active plugged RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller
vim:netfilter-persistent.service loaded active exited netfilter persistent configuration
vim:network-online.target loaded active active Network is Online
vim:network.target loaded active active Network
Is the network.service to close my network when poweroff?
sudo vim /etc/systemd/system/graphical.target.wants/Ktraffic.service
[Unit]
Description=Record net traffic
Before=networking.service
[Service]
Type=oneshot
ExecStart=/bin/bash /etc/init.d/K01trafficLog.sh
[Install]
WantedBy=poweroff.target
To reboot to test it, my issue remains.
I set a flag in /var/log/syslog.
echo "it is a flag here to get output info of poweroff " | sudo tee -a /var/log/syslog
To reboot and get syslog as following.
[![enter image description here][1]][1]
Which service result in info Starting Synchronise Hardware Clock to System Clock?
Thank to Ferenc Wágner .
solution to Execute simple script before shutdown and reboot
It is right fromat to record network traffic on my eth0.
[Unit]
Description=Record net traffic
Before=shutdown.target reboot.target halt.target poweroff.target
[Service]
Type=oneshot
RemainAfterExit=true
ExecStart=/bin/bash
ExecStop=/bin/bash /etc/init.d/K01trafficLog.sh
[Install]
WantedBy=poweroff.target shutdown.target reboot.target halt.target