0

I have 3 interfaces: eth0 eth1 eth2:

  1. eth0 is directly connected to the Internet.
  2. eth1 and eth2 are connected to an external switch with no Internet connectivity.

My goal was to connect eth1 and eth2 through the external switch and forward traffic between the two interface through the swith. So I created two namespaces ns1 and ns2 and assigned eth1 and eth2 to each respectively.

Each interface has its own IPv4 network assigned to it.eth1 has 10.1.0.10/24 and eth2 has 10.2.0.10/24 and I can forward traffic between these two interfaces through the switch with no problem.

Now I want to forward traffic received on eth2 to the Internet, such that applications in ns1 can reach the Internet through the switch (note that only eth1 and eth2 are connected to the switch and the switch has no Internet connectivity and the only Internet connectivity is through eth0 (which is currently not part of any namespace).

There is probably a way to use veth or TUN interface pairs to forward traffic from ns2 to eth0, but I'm wondering if there is an easier way to achieve this.

Here's how my setup looks like:

 .--------.eth1        .--------.        eth2.--------.
 | ns1    |------------| switch |------------|   ns2  |
 '--------'            '--------'            '--------'
 .--------.eth0        .--------.
 | default|------------|Internet|
 '--------'            '--------'
Human
  • 141
  • 1
  • 7
  • your topology looks unnecessarily complex. simple routing (and maybe NAT) can provide internet access, if that is all you want, or it needs more explanation. – MTG Apr 11 '18 at 05:09
  • You mean routing between eth2 and eth0? – Human Apr 11 '18 at 05:40
  • yes, if that Linux is a router (packet forwarding enabled) – MTG Apr 11 '18 at 05:41
  • I have to add, I need the switch between `eth1` and `eth2` because my setup is to actually test the switch. – Human Apr 11 '18 at 05:41
  • @MTG maybe my understanding of how namespaces work is limited. Is it possible to route traffic between interfaces even if they're assigned to different namespaces? – Human Apr 11 '18 at 05:42
  • I had to add, connecting 2 NIC's of the same system to the same switch is unwise. Technically speaking, you can use one interface to do both tasks (unless you are virtualizing, which is a whole different story). The challenge is the system itself. You want it to be both source and destination of some traffic and act like multiple gateways at the same time. Deploying such logic needs a lot of routing policy. You better put 2 independent PC's to test the switch or implementing required polices on one single Linux box will kill you before any switch tests. OR tell us more about your setup. – MTG Apr 11 '18 at 05:47
  • I agree that it's not an ideal setup. So this a testbed with a high speed NIC (100Gbps) and the goal is to test the functionality of the switch. I'm working under time constraint and I only have one dual port NIC, hence the setup with `eth1` and `eth2`. Now, the switch functionality test is complete and I just want to see if I can use the switch as a middlebox that performs a certain function on packets and forwards them and see if I can use `eth1` to connect to Internet over the switch with the help of the interface that's already connected to the Internet (`eth0`) – Human Apr 11 '18 at 05:56
  • I suggest you use ip route and ip rule to define one table for eth1 and one for eth2, set default gateway of table nc1 to other interface and vice versa, and check traffic by changing source address to either of interfaces. – MTG Apr 11 '18 at 10:36

0 Answers0