Hello Folks,
I am looking for ideas on how to create 1000 DOT1X sessions generated from
a Linux BOX. DOT1X is a name for EAP packets that travel in an Ethernet
environment and is used to transport authentication information before a PC
will get access to the network, it is based on RFC-3748. Having this in
mind a virtual interface will need a MAC address and an eventually IP (I
want to stress out that for EAP over LAN, DOT1X, there is need for L2
virtual interface).
One DOT1X session can be easily generated using network manager (nmcli) on
a physical NIC. For network manager this is a session that may include many
parameters used to form the connection, in my case used for DOT1X
authentication.
I am looking for a solution on how to create 1000 DOT1X
sessions/connections using Linux virtual interfaces and one physical NIC.
An idea would be to use a virtual bridge and attach to it a physical
interface. After that, create virtual interfaces that will be connected to
the bridge. In this case the bridge will relay packets between physical and
virtual interfaces.
Looking on this alias I understood from Michal Privoznik that above is
feasible.
Questions
1.Is it possible to create virtual interfaces that will be further managed
by the NETWORK MANAGER ?
2.What would be the exact steps and commands to generate these interfaces
having fresh OS installed ?
I have tried creating vNICs using "virsh" using bellow syntax but it will
not start it and I am still not sure if in the end can be managed by the
NETWORK MANAGER:
virsh iface-define XML_LOCATION
virsh iface-list ---> this will list interfaces created
virsh iface-start INTERFACE_DEFINED_ABOVE
Thanks in advance.
Best Regards
Ion Ermurachi
Hello Folks,
I am looking for ideas on how to create 1000 DOT1X sessions generated from a
Linux BOX. DOT1X is a name for EAP packets that travel in an Ethernet
environment and is used to transport authentication information before a PC
will get access to the network, it is based on RFC-3748. Having this in mind a
virtual interface will need a MAC address and an eventualy IP (I want to stress
out that for EAP over LAN, DOT1X, there is need for L2 virtual interface).
One DOT1X session can be easily generated using network manager (nmcli) on a
physical NIC. For network manager this is a session that may include many
parameters used to form the connection, in my case used for DOT1X
authentication.
I am looking for a solution on how to create 1000 DOT1X sessions/connections
using Linux virtual interfaces and one physical NIC.
An idea would be to use a virtual bridge and attach to it a physical interface.
After that, create virtual interfaces that will be connected to the bridge. In
this case the bridge will relay packets between physical and virtual interfaces.
Looking on this alias I understood from Michal Privoznik that above is feasible.
See bellow topology
+---------------------------------------+
| Red Hat Linux |
| |
| +-----------------------------------+ |
| | NET MANAGER CONTROLING CONNECTIONS| | ---> for example nmcli can be used
on the CLI
| +---+--------+-------+-------+------+ |
| | | | | |
| +-++--+ +-----+ +-----+ +------+ |
| |IP-1 | |IP-2 | |IP-3 | |IP-X | | ---> Virtual interface to be
created and controlled by kernel/network-manager/nmcli
| |MAC-1| |MAC-2| |MAC-3| |MAC-X | |
| |vNIC | |vNIC | |vNIC | |vNIC |
| +--+-+ +---+--+ +--+--+ +--+---+ |
| +---+-------+-------+-------+-----+ |
| | BRIDGE | | ---> A bridge sitting between
bellow physical interface and above virtual interfaces
+--+----------+---------+------------+--+
|physical |
|interface| ---> Physical ethernet interface
[it can be PCI or USB-to-Ethernet-card adapters]
+----+----+
|
| ---> EAPoL/DOT1X packets
|
+------------+------------+
| AUTHENTICATOR |
| |
| Cisco Catalyst Switch |
+-------------------------+
Looking on this alias I understood from Michal Privoznik that above is feasable.
Questions
1.Is it possible to create virtual interfaces that will be further managed by
the NETWORK MANAGER ?
2.What would be the exact steps and commands to generate these interfaces
having fresh OS installed ?
I have tried creating vNICs using virsh using bellow syntax but it will not
start it and I am still not sure if in the end can be managed by the NETWORK
MANAGER:
virsh iface-define XML_LOCATION
virsh iface-list ---> this will list interfaces created
virsh iface-start INTERFACE_DEFINED_ABOVE
Note: There is no concern about resources consumed._______________________________________________
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users
