Hello Folks,
I am looking for ideas on how to create 1000 DOT1X sessions generated from a Linux BOX. DOT1X is a name for EAP packets that travel in an Ethernet environment and is used to transport authentication information before a PC will get access to the network, it is based on RFC-3748. Having this in mind a virtual interface will need a MAC address and an eventually IP (I want to stress out that for EAP over LAN, DOT1X, there is need for L2 virtual interface).
One DOT1X session can be easily generated using network manager (nmcli) on a physical NIC. For network manager this is a session that may include many parameters used to form the connection, in my case used for DOT1X authentication.
I am looking for a solution on how to create 1000 DOT1X sessions/connections using Linux virtual interfaces and one physical NIC.
An idea would be to use a virtual bridge and attach to it a physical interface. After that, create virtual interfaces that will be connected to the bridge. In this case the bridge will relay packets between physical and virtual interfaces.
Looking on this alias I understood from Michal Privoznik that above is feasible.
Questions
1.Is it possible to create virtual interfaces that will be further managed by the NETWORK MANAGER ?
2.What would be the exact steps and commands to generate these interfaces having fresh OS installed ?
I have tried creating vNICs using "virsh" using bellow syntax but it will not start it and I am still not sure if in the end can be managed by the NETWORK MANAGER:
virsh iface-define XML_LOCATION
virsh iface-list ---> this will list interfaces created
virsh iface-start INTERFACE_DEFINED_ABOVE
Thanks in advance.I am looking for ideas on how to create 1000 DOT1X sessions generated from a Linux BOX. DOT1X is a name for EAP packets that travel in an Ethernet environment and is used to transport authentication information before a PC will get access to the network, it is based on RFC-3748. Having this in mind a virtual interface will need a MAC address and an eventually IP (I want to stress out that for EAP over LAN, DOT1X, there is need for L2 virtual interface).
One DOT1X session can be easily generated using network manager (nmcli) on a physical NIC. For network manager this is a session that may include many parameters used to form the connection, in my case used for DOT1X authentication.
I am looking for a solution on how to create 1000 DOT1X sessions/connections using Linux virtual interfaces and one physical NIC.
An idea would be to use a virtual bridge and attach to it a physical interface. After that, create virtual interfaces that will be connected to the bridge. In this case the bridge will relay packets between physical and virtual interfaces.
Looking on this alias I understood from Michal Privoznik that above is feasible.
Questions
1.Is it possible to create virtual interfaces that will be further managed by the NETWORK MANAGER ?
2.What would be the exact steps and commands to generate these interfaces having fresh OS installed ?
I have tried creating vNICs using "virsh" using bellow syntax but it will not start it and I am still not sure if in the end can be managed by the NETWORK MANAGER:
virsh iface-define XML_LOCATION
virsh iface-list ---> this will list interfaces created
virsh iface-start INTERFACE_DEFINED_ABOVE
Hello Folks,
I am looking for ideas on how to create 1000 DOT1X sessions generated from a Linux BOX. DOT1X is a name for EAP packets that travel in an Ethernet environment and is used to transport authentication information before a PC will get access to the network, it is based on RFC-3748. Having this in mind a virtual interface will need a MAC address and an eventualy IP (I want to stress out that for EAP over LAN, DOT1X, there is need for L2 virtual interface).
One DOT1X session can be easily generated using network manager (nmcli) on a physical NIC. For network manager this is a session that may include many parameters used to form the connection, in my case used for DOT1X authentication.
I am looking for a solution on how to create 1000 DOT1X sessions/connections using Linux virtual interfaces and one physical NIC.
An idea would be to use a virtual bridge and attach to it a physical interface. After that, create virtual interfaces that will be connected to the bridge. In this case the bridge will relay packets between physical and virtual interfaces.
Looking on this alias I understood from Michal Privoznik that above is feasible.
See bellow topology
+---------------------------------------+
| Red Hat Linux |
| |
| +-----------------------------------+ |
| | NET MANAGER CONTROLING CONNECTIONS| | ---> for example nmcli can be used on the CLI
| +---+--------+-------+-------+------+ |
| | | | | |
| +-++--+ +-----+ +-----+ +------+ |
| |IP-1 | |IP-2 | |IP-3 | |IP-X | | ---> Virtual interface to be created and controlled by kernel/network-manager/nmcli
| |MAC-1| |MAC-2| |MAC-3| |MAC-X | |
| |vNIC | |vNIC | |vNIC | |vNIC |
| +--+-+ +---+--+ +--+--+ +--+---+ |
| +---+-------+-------+-------+-----+ |
| | BRIDGE | | ---> A bridge sitting between bellow physical interface and above virtual interfaces
+--+----------+---------+------------+--+
|physical |
|interface| ---> Physical ethernet interface [it can be PCI or USB-to-Ethernet-card adapters]
+----+----+
|
| ---> EAPoL/DOT1X packets
|
+------------+------------+
| AUTHENTICATOR |
| |
| Cisco Catalyst Switch |
+-------------------------+
Looking on this alias I understood from Michal Privoznik that above is feasable.
Questions
1.Is it possible to create virtual interfaces that will be further managed by the NETWORK MANAGER ?
2.What would be the exact steps and commands to generate these interfaces having fresh OS installed ?
I have tried creating vNICs using virsh using bellow syntax but it will not start it and I am still not sure if in the end can be managed by the NETWORK MANAGER:
virsh iface-define XML_LOCATION
virsh iface-list ---> this will list interfaces created
virsh iface-start INTERFACE_DEFINED_ABOVE
Note: There is no concern about resources consumed._______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
