http://ask.xmodulo.com/disable-mac-learning-linux-bridge.html
Like a hardware Ethernet bridge, a Linux bridge comes with MAC address learning capability built-in. so that it knows how (i.e., to which port) to forward a network packet.
Suppose you would like to disable MAC address learning in a Linux bridge for whatever reason. For example, you want to "inject" artificial traffic into the bridge for experimental purposes. Or your network is under attack; a large amount of packets with different source MAC addresses are filling up the MAC learning table. Or you want to manage MAC forwarding table on your own, without relying on the default learning table.
This post describes who to disable MAC address learning in a Linux bridge.
Note: Once MAC learning is turned off, a Linux bridge will flood every incoming packet to the rest of the ports. Understand this implication before proceeding.
If you want to disable MAC address learning in a Linux bridge, you need to set the "ageing time" to 0. Let's find out how you can actually do it.
To view the current ageing time of a bridge, run:
To turn off the bridge's MAC address learning, set its ageing time to 0 as follows.
Once MAC learning is deactivated, the bridge's MAC learning table will no longer contain any non-local MAC address.
Note that any change made with the brctl command (including MAC learning deactivation) does not survive reboots. If you want to turn off MAC learning permanently, read on.
Question: I am troubleshooting Ethernet
bridging which I set up with a Linux bridge, and I would like to disable
MAC learning on the Linux bridge. How can I do that?
An Ethernet bridge is a network component which interconnects
multiple Ethernet networks by forwarding packets from one network to
another. Linux has a software implementation of the Ethernet bridge
(called "Linux bridge") incorporated into the kernel since 2.6. A Linux
bridge is often used to set up a transparent proxy/firewall, or to work
as a virtual switch which interconnects multiple virtual machines and
containers created on a host.Like a hardware Ethernet bridge, a Linux bridge comes with MAC address learning capability built-in. so that it knows how (i.e., to which port) to forward a network packet.
Suppose you would like to disable MAC address learning in a Linux bridge for whatever reason. For example, you want to "inject" artificial traffic into the bridge for experimental purposes. Or your network is under attack; a large amount of packets with different source MAC addresses are filling up the MAC learning table. Or you want to manage MAC forwarding table on your own, without relying on the default learning table.
This post describes who to disable MAC address learning in a Linux bridge.
Note: Once MAC learning is turned off, a Linux bridge will flood every incoming packet to the rest of the ports. Understand this implication before proceeding.
MAC Address Learning vs. Ageing Time
When a Linux bridge receives a packet with a new source MAC address from a particular bridge port, it stores the MAC address along with the port number in its MAC learning table. A timer is associated with each entry in the table, so that the entry expires after a certain period (so-called "ageing time"), unless it is refreshed before then. By default the ageing time in a Linux bridge is set to 300 seconds.If you want to disable MAC address learning in a Linux bridge, you need to set the "ageing time" to 0. Let's find out how you can actually do it.
Disable MAC Address Learning in a Linux Bridge from the Command Line
Without disabling MAC learning, a Linux bridge will learn and store one or more "non-local" MAC addresses in the MAC learning table. To check the current MAC learning table:
$ sudo brctl showmacs
To view the current ageing time of a bridge, run:
$ brctl showstp
To turn off the bridge's MAC address learning, set its ageing time to 0 as follows.
$ sudo brctl setageing 0
Once MAC learning is deactivated, the bridge's MAC learning table will no longer contain any non-local MAC address.
Note that any change made with the brctl command (including MAC learning deactivation) does not survive reboots. If you want to turn off MAC learning permanently, read on.
Disable MAC Address Learning in a Linux Bridge Permanently
If you define a Linux bridge in /etc/network/interfaces (e.g., on Debian-based system), add "bridge_ageing 0" under the bridge configuration. For example:auto br0 iface br0 inet static bridge_ports eth0 eth1 bridge_ageing 0 address 192.168.1.100 netmask 255.255.255.0 gateway 192.168.1.1If you configure a Linux bridge with Network Manager, set "Aging time" to 0 in the bridge editing menu.
No comments:
Post a Comment