Configuring External Connector Bridges¶
Before a newly-created bridge intended for use as External Connector nodes’ target device can be used, there is one additional configuration step recommended to help lab users identify the correct bridges satisfying their needs.
Configuring new External Connector Bridges¶
Registration of new External Connectors is performed automatically each time the CML services start on the CML server. New entries will get a default configuration, which may or may not be desirable; this procedure can also be applied to customize such auto-generated configuration.
Procedure
Log into the CML UI as a user with administrator privileges.
Click the menu item.
On the System Administration page, click External Connectors.
The External Connectors page is shown with a table of all current entries.
Find the row for each of the managed bridges by the bridge’s Device Name.
Click on the Label column entry for the found row, and edit the label to give the bridge a distinctive human-readable name. Click Save to apply.
(Optional) Click on the Snooped and Protected toggles to put them in the desired position of enabled or disabled.
Repeat these steps for all External Connector rows you wish to configure.
IP Snooping¶
The IP addresses received by lab nodes from externally-managed DHCP servers, or those configured manually, are not generally knowable beforehand. Users may log into the nodes to find the assigned addresses, but this is cumbersome for automated scripting.
For each External Connector bridge, there exists an option, enabled by default, where traffic is monitored on the bridge for all DHCPv4, ARP and ICMPv6 packets, and all seen packets where a MAC address can be directly mapped to an IPv4 or IPv6 address, the MAC address and all associated addresses are recorded.
In the Lab Nodes API, there exists a call to retrieve Node Layer 3 Addresses. This matches the snooped addresses for those MAC addresses which have been assigned to the node’s interfaces (whether directly to an External Connector node, or through any switches).
Note
This functionality is currently only available through API. It can only retrieve those addresses which have matched against MAC addresses generated by the controller software. It does not return addresses for an arbitrary MAC address. If a lab node’s OS procedures or configuration chooses to override burn-in MAC addresses of its interfaces, then no match can occur and the resulting list is empty.
The assigned IP address entries are subject to expiration, and are provided as lists containing all recently-associated IP addresses. Typically, if there are multiple entries, then the last item is current, and previous addresses are invalid.
Bridge Protection¶
As mentioned in the External Connectivity section of the User’s Guide, some nodes’ default configuration can severely interfere with the network segment of an L2 bridge External Connector. For this reason, all bridge and vlan External Connectors enable bridge protection mode for them by default, while other bridges can be set to also be protected in this manner.
When enabled, all traffic except IPv4, IPv6 and ARP is blocked at the CML server’s bridge. If this is unwanted, and other L2 traffic is required to be passed, disable the Protected attribute of the External Connector. This is discouraged, especially for the System Bridge device bridge0.