[kwlug-disc] Virtual nic flowing out regular nic.

Sat Feb 20 17:39:58 EST 2016

Apparently macvlan / macvtap can't talk to its host, by design. Talks to everything else, but not its host.

And one has to remember that bridging is a layer 2 / ethernet thingie, so tap, while tun is layer 3 / IP and thus not bridging compatible. [Think plugging two computers into a switch == bridging / tap, vs routing == tun -within- those devices.] (Think of tee'ing off a garden water hose with a Y adapter as tap, and what goes through the hose as tun.)

Thus, apparent solution:

Assuming eth0 up and happy, and network is 192.168.0.0/24. (i.e. network is not 192.168.1.0/24, used below.)

brctl addbr br0
brctl addif br0 eth0

ip tuntap add dev tap0 mode tap
ifconfig tap0 192.168.1.1 up
brctl addif br0 tap0

Voila.

An app can bind to tap0, remain clueless about anything else in your net, while transiting / piggybacking on that net / network infrastructure.

----- Original Message -----
> From: B.S. <bs27975 at yahoo.ca>
> To: KWLUG Discussion <kwlug-disc at kwlug.org>
> Sent: Friday, February 19, 2016 2:50 PM
> Subject: [kwlug-disc] Virtual nic flowing out regular nic.
> 
> Assume regular computer / network connectivity. It happily connects / 
> communicates out eth0.
> 
> I am trying to bind an app to a different interface so it gets it's own 
> isolated ip address (not on the regular lan). It will not bind to an alias. 
> (ifconfig eth0:0 ... will not work) Call it fakeeth0 for our purposes here.
> 
> I expect fakeeth0 go out eth0 for all its connectivity, seamlessly.
> 
> I expect an arp 'who has' to find it. i.e. Layer 2 is bridging. (Even if 
> it doesn't, I can put routes in so things can find their way back.)
> 
> 
> 
> - this is no different than connecting a 2nd computer to the same switch with a 
> different IP address, and able to happily connect to other computers on the same 
> (different) net. (This is different nets on the same physical backbone.) Which 
> is to say, I see no point to a vlan. (ifconfig eth0.1 ... seems adding 
> unnecessary complexity. Security is not an issue.)
> 
> e.g. Physical:
> 
> Comp 1: 192.168.0.1/24 ('Lan' 1, == subnet 1)
> Comp 2: 192.168.1.1/24 ('Lan' 2, == subnet 2)
> Comp 3: 192.168.0.2/24 ('Lan' 1, == subnet 1)
> Comp 4: 192.168.1.2/24 ('Lan' 2, == subnet 2)
> - all on the same switch.
> 
> Comp 1 & 3 ('Lan' 1 == subnet 1) and 2 & 4 ('Lan' 2 == 
> subnet 2 ) will happily talk between themselves. (I can put a subnet 2 address 
> on a subnet 1 computer, enable forwarding, and they all will then talk to each 
> other).
> 
> 
> Now ... virtualize it.
> 
> [Comp 1: fakeeth0 -> eth0] -> [Comp 2: == eth0's gateway] -> 
> [internet]
> 
> I have tried various interfaces: tap0, macvlan0, macvtap0, br0, and I'm not 
> getting the expected layer 2 bridging and forwarding out the physical eth0.
> 
> What am I missing?
> 
> -----
> 
> Ultimate goal: {vbox1 - fakeeth0 (connected to nothing)[allowing the app to 
> bind to it], eth0 bridged to host} -> the world happily connected as usual.
> 
> Ultimate goal+: {vbox1 - fakeeth0 (connected to nothing)[allowing the app 
> to bind to it], eth0 hostonly to host} -> the world happily connected as 
> usual.
> (This, however, means adding a default route on vbox1, and a route back to 
> fakeeth0 via host, specified on the net. This is OK. But first things first.)
> 
> 
> At the moment, even using physical machines, with one having a fakeeth0, 
> fakeeth0 is not automagically going out eth0. What am I missing?
> 
> <arrgghh!!>