www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

Proxy ARP and pseudo-bridges

Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Networking
View previous topic :: View next topic  
Author Message

Joined: 25 Jan 2008
Posts: 5

PostPosted: Fri Jan 25, 2008 12:54 am    Post subject: Proxy ARP and pseudo-bridges Reply with quote

Fulvio: Zeroshell is very nicely put together. Thank you for sharing your hard work with us all!

I am using Zeroshell in a reasonably large network of managed switches. I want to apply transparent Zeroshell QoS to selected switch ports. I have done this so far by changing the switch ports of the hosts that should have rate control applied to a different VLAN (I'll call it the QoS VLAN). I followed the traffic shaping bridge directions on the Zeroshell website to set up a Zeroshell bridge between the QoS VLAN and the normal VLAN.

Of course the managed switches' uplink ports are on both the normal and QoS VLANs. To avoid the Zeroshell bridge passing ARP for the switches' management IPs, I added two ebtables lines into the startup script to drop all ARP traffic going to or coming from the switches' IP range.

However this still leaves a situation in which all other hosts' gratuitous ARP broadcasts are seen on both VLANs. This means that the switches in the LAN have many more entries in the MAC<->port databases: one for each of the normal and QoS VLANs.

Although this hasn't posed any problems, I suspect the thing to do is to avoid using the Linux bridging code, and to instead set up a "pseudo bridge" using Proxy ARP and routing.

Has anyone used Zeroshell in this way? I would hope that enabling proxy_arp and setting the interfaces to the same IP address (and the routing etc) wouldn't break too much of Zeroshell's lovely interface even if I need to do my hacks with a startup script. I'm very keen to maintain web-based control of QoS parameters... but since they're on the ETH.. interfaces guess this would work fine. I'm interested in the pros and cons, but for one thing am only intending to pass IP traffic so don't need the non-IP potential of a Linux bridge.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> Networking All times are GMT
Page 1 of 1

Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB © 2001, 2005 phpBB Group