I am trying to setup an isolated virtual network on Linux with 2 virtual devices connected through bridge (running in ubuntu linux on wsl2).
My end goal is educational: to learn more about layer3 networking. Right now I'm trying to write C code that operates on raw sockets: I want to have 1 application that sends out packets and another receiving it. Before I'm running my own C code that I don't know if written correctly I want to have a proof that my linux virtual devices are setup correctly by using tcpdump
and ping -I test_eth1 -b
(broadcast ping on ethernet socket -I test_eth1). My assumption is that ping
command will put a packet on test_eth1
and tcpdump
should receive it on test_eth0
because test_eth0
and test_eth1
are connected with virtual switch.
I have created 2 tap devices (test_eth0, test_eth1) connected through bridge (test_switch) like so:
ip tuntap add dev test_eth0 mode tap
ip tuntap add dev test_eth1 mode tap
ip link set dev test_eth0 address 00:11:22:33:44:55
ip link set dev test_eth1 address 00:11:22:33:44:56
ip link add name test_switch type bridge
ip link set dev test_eth0 master test_switch
ip link set dev test_eth1 master test_switch
ip link set dev test_eth0 up
ip link set dev test_eth1 up
ip link set dev test_switch up
To test this setup I've started tcpdump on test_eth0
tcpdump -i test_eth0 -p -e -A -vv
and running ping broadcast on test_eth1
ping -I test_eth1 -b 255.255.255.255
I would expect tcpdump to be able to see ping packets. But tcpdump doesn't capture anything.
brctl show test_switch output shows
bridge name bridge id STP enabled interfaces
test_switch 8000.001122334455 no test_eth0
test_eth1
appears that switch has enabled=no, but why?
Output for brctl showstp test_swtich:
$ sudo brctl showstp test_switch
test_switch
bridge id 8000.001122334455
designated root 8000.001122334455
root port 0 path cost 0
max age 20.00 bridge max age 20.00
hello time 2.00 bridge hello time 2.00
forward delay 0.00 bridge forward delay 0.00
ageing time 300.00
hello timer 0.00 tcn timer 0.00
topology change timer 0.00 gc timer 146.05
flags
test_eth0 (1)
port id 8001 state disabled
designated root 8000.001122334455 path cost 100
designated bridge 8000.001122334455 message age timer 0.00
designated port 8001 forward delay timer 0.00
designated cost 0 hold timer 0.00
flags
test_eth1 (2)
port id 8002 state disabled
designated root 8000.001122334455 path cost 100
designated bridge 8000.001122334455 message age timer 0.00
designated port 8002 forward delay timer 0.00
designated cost 0 hold timer 0.00
flags
Bridged networking
. The latter refers to a setup in which you enslave a physical NIC to a bridge. When it isn't bridged networking, whether the virtual BD is isolated in any sense depends on L3 forwarding and so on. Don't spread FUDs before you stop mixing up things.ping
with-I
). I don't know the rationale behind but in that case you can use netns additonally. (And without-I
and netns it would just take the loopback path, which you may already know.)