vlan + normal traffic on single ethernet interface and single ip address
by guy_sarav from LinuxQuestions.org on (#5JGR8)
Background info:
1.Embedded platform having two different processors (A & B)
2.Each of these processors have a single ethernet interface (eth0)
3.These processors are interconnected by an onboard BCM switch (L2 switch)
4. Both processors run linux
5.Ethernet interface between these two processors are working fine. (ssh, scp, ping, socket communication)
Requirement - VLAN:
Apart from normal ethernet packets, vlan to be supported as for socket communication as described below:
1.vlan id 2 eth interfaces to be created on both processors
2.vlan id 2 interface (eth0.2) will be used by processor A, to bind a server TCP socket (port xxyy)
3.vlan id 2 interface (eth0.2) will be used by processor B, to create a client socket and try to connect to server
We are able to meet the above requirement by:
1.creating vlan interfaces using ip link command (eth0.2 interface)
2.assign a different ip address for this eth0.2 interface
3.setting up static arp entries for these ip address
4.server socket program (running on processor A) will bind to ip address of eth0.2
5.client socket program (running on processor B) will connect to ip address of eth0.2 of processor A
6. tcpdump shows that vlan packets are properly sent and received
In addition to above requirement, we also have to ensure that processor A uses a single public ip address for eth0 as well vlan interface(eth0.2)
To meet this requirement, tried DNAT as below on processor A:
iptables -t nat -A PREROUTING -p tcp --dport xxyy -j DNAT --to-destination aaa.bbb.ccc.ddd:xxyy
iptables -t nat -A POSTROUTING -j MASQUERADE
aaa.bbb.ccc.ddd -> eth0.2 ip address
xxyy -> server tcp port
From processor B, tried connecting the client program to Processor A server program to public ip address of processor A.
This is not working.
Description of server socket program (processor A):
1.create socket
2.set serveraddr as eth0.2 ip address
3.bind socket to this ip address
4.listen on socket
5.accept on socket
Description of client socket program (processor B):
1.create socket
2.set serveraddr as "public" ip address of processor A
3.connect to serveraddr
In summary:
Requirement is to have a single physical interface, single public ip address on Processor A.
Processor A should be able to process normal packets, and vlan tagged packets.
vlan tagged packets will be consumed/generated by normal tcp sockets.
Note:
In above trials processor B, was just used to simulate the test cases. (to act as a vlan client socket program)
Any inputs will be much appreciated.
1.Embedded platform having two different processors (A & B)
2.Each of these processors have a single ethernet interface (eth0)
3.These processors are interconnected by an onboard BCM switch (L2 switch)
4. Both processors run linux
5.Ethernet interface between these two processors are working fine. (ssh, scp, ping, socket communication)
Requirement - VLAN:
Apart from normal ethernet packets, vlan to be supported as for socket communication as described below:
1.vlan id 2 eth interfaces to be created on both processors
2.vlan id 2 interface (eth0.2) will be used by processor A, to bind a server TCP socket (port xxyy)
3.vlan id 2 interface (eth0.2) will be used by processor B, to create a client socket and try to connect to server
We are able to meet the above requirement by:
1.creating vlan interfaces using ip link command (eth0.2 interface)
2.assign a different ip address for this eth0.2 interface
3.setting up static arp entries for these ip address
4.server socket program (running on processor A) will bind to ip address of eth0.2
5.client socket program (running on processor B) will connect to ip address of eth0.2 of processor A
6. tcpdump shows that vlan packets are properly sent and received
In addition to above requirement, we also have to ensure that processor A uses a single public ip address for eth0 as well vlan interface(eth0.2)
To meet this requirement, tried DNAT as below on processor A:
iptables -t nat -A PREROUTING -p tcp --dport xxyy -j DNAT --to-destination aaa.bbb.ccc.ddd:xxyy
iptables -t nat -A POSTROUTING -j MASQUERADE
aaa.bbb.ccc.ddd -> eth0.2 ip address
xxyy -> server tcp port
From processor B, tried connecting the client program to Processor A server program to public ip address of processor A.
This is not working.
Description of server socket program (processor A):
1.create socket
2.set serveraddr as eth0.2 ip address
3.bind socket to this ip address
4.listen on socket
5.accept on socket
Description of client socket program (processor B):
1.create socket
2.set serveraddr as "public" ip address of processor A
3.connect to serveraddr
In summary:
Requirement is to have a single physical interface, single public ip address on Processor A.
Processor A should be able to process normal packets, and vlan tagged packets.
vlan tagged packets will be consumed/generated by normal tcp sockets.
Note:
In above trials processor B, was just used to simulate the test cases. (to act as a vlan client socket program)
Any inputs will be much appreciated.