Virtual Hosting Concepts – Bridges as Switches
The virtual networking we will focus on here will all be Linux based as we only use Linux for virtualization at HOSTAFRICA. Virtual networking or Software Defined Networking (SDN) is the way we set up networks in cloud environments. SDN is a method to provide the same functionality in a virtual environment as you can build in an actual physical infrastructure.
To enable virtual networks, we need virtual switches. While there are very complex software switches available as Virtual Images, the fastest and most efficient method is to use Linux Bridging. A Linux bridge is really a virtual switch. The Bridge module is a Linux kernel module first introduced in kernel version 2.2 around 2000. We use the brctl (bridge control) command to administer the Linux bridge.
How does this work?
A few basic concepts are needed first:
- Every bridge (VSwitch) must be associated or bound to a physical interface. This is how virtual traffic is routed to physical networks. As you can only ever bind ONE bridge to ONE interface and you often need many more bridges than interfaces, this can be an issue. For this, we have a solution (discussed later).
- Multiple virtual interfaces are bound to a single bridge by IP Pools (each IP pool is bound to a bridge).
- Different bridges cannot communicate with each other unless the traffic is routed. Public IP’s are usually routed, but Private IP ranges usually need a virtual router to communicate with other Private IP ranges. A routing entry on the Linux host can also allow this.
- Each bridge is in effect a VLAN (Virtual Lan) and thus an isolated switch.
- Bridges on separate hosts need to meet two requirements to communicate:
- They must share the same name and thus be bound to the same IP pool
- Each bridge must have an IP that is part of the IP pool it belongs to.
The Bridge – Physical interface bond
As we usually need many bridges that route over the same physical interface, and we can only bond on a one to one ratio, we need a solution. Luckily Linux has the perfect solution – virtual interfaces. The main/physical interfaces usually get a base number i.e eth0, eth1, eth2 or eno0, eno1, eno2. Virtual interfaces reference this base number but add a tag i.e eth0.100 or eth0.0.
Using this, we usually create a virtual interface with a name relating to the bridge bonded to it i.e eth0.123 is bonded to br_123. This helps keep thing clearer for the other sysadmins who need to maintain the system.
The Bridge – VPS Interface
To each bridge, all the VPS’s that need to see each other or need to connect to the same REALM (i.e internet) have an interface bound to the specific bridge. One can see this if you run the command “brctl show” on the host system.
In summary, The basics of virtual networking are not really complicated. All that is needed is the same care in planning that you would use with any decent network build.
Iptables is a firewall utility in Linux that lets you define granular IP packet filter rules for your server. Using these rules, you can effectively control access to your server. […]