[libvirt-users] create 1000 vNICs and attach to them DOT1X profiles

Ion Ermurachi ermurachi at gmail.com
Thu Jan 15 23:38:29 UTC 2015 

Hello Folks,

I am looking for ideas on how to create 1000 DOT1X sessions generated from
a Linux BOX. DOT1X is a name for EAP packets that travel in an Ethernet
environment and is used to transport authentication information before a PC
will get access to the network, it is based on RFC-3748. Having this in
mind a virtual interface will need a MAC address and an eventually IP (I
want to stress out that for EAP over LAN, DOT1X, there is need for L2
virtual interface).

One DOT1X session can be easily generated using network manager (nmcli) on
a physical NIC. For network manager this is a session that may include many
parameters used to form the connection, in my case used for DOT1X
authentication.
I am looking for a solution on how to create 1000 DOT1X
sessions/connections using Linux virtual interfaces and one physical NIC.

An idea would be to use a virtual bridge and attach to it a physical
interface. After that, create virtual interfaces that will be connected to
the bridge. In this case the bridge will relay packets between physical and
virtual interfaces.

Looking on this alias I understood from Michal Privoznik that above is
feasible.

Questions
1.Is it possible to create virtual interfaces that will be further managed
by the NETWORK MANAGER ?
2.What would be the exact steps and commands to generate these interfaces
having fresh OS installed ?

I have tried creating vNICs using "virsh" using bellow syntax but it will
not start it and I am still not sure if in the end can be managed by the
NETWORK MANAGER:
virsh iface-define   XML_LOCATION
virsh iface-list    ---> this will list interfaces created
virsh iface-start    INTERFACE_DEFINED_ABOVE


Thanks in advance.

Best Regards
Ion Ermurachi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20150116/501901b5/attachment.htm>
-------------- next part --------------
Hello Folks,

I am looking for ideas on how to create 1000 DOT1X sessions generated from a Linux BOX. DOT1X is a name for EAP packets that travel in an Ethernet environment and is used to transport authentication information before a PC will get access to the network, it is based on RFC-3748. Having this in mind a virtual interface will need a MAC address and an eventualy IP (I want to stress out that for EAP over LAN, DOT1X, there is need for L2 virtual interface).

One DOT1X session can be easily generated using network manager (nmcli) on a physical NIC. For network manager this is a session that may include many parameters used to form the connection, in my case used for DOT1X authentication.
I am looking for a solution on how to create 1000 DOT1X sessions/connections using Linux virtual interfaces and one physical NIC.

An idea would be to use a virtual bridge and attach to it a physical interface. After that, create virtual interfaces that will be connected to the bridge. In this case the bridge will relay packets between physical and virtual interfaces.


Looking on this alias I understood from Michal Privoznik that above is feasible.

See bellow topology
+---------------------------------------+
| Red Hat Linux                         |
|                                       |
| +-----------------------------------+ |
| | NET MANAGER CONTROLING CONNECTIONS| |    ---> for example nmcli can be used on the CLI
| +---+--------+-------+-------+------+ |
|     |        |       |       |        |
|   +-++--+ +-----+ +-----+ +------+    |
|   |IP-1 | |IP-2 | |IP-3 | |IP-X  |    |    ---> Virtual interface to be created and controlled by kernel/network-manager/nmcli
|   |MAC-1| |MAC-2| |MAC-3| |MAC-X |    |
|   |vNIC | |vNIC | |vNIC | |vNIC  |
|   +--+-+ +---+--+ +--+--+ +--+---+    |
|  +---+-------+-------+-------+-----+  |
|  |           BRIDGE                |  |    ---> A bridge sitting between bellow physical interface and above virtual interfaces
+--+----------+---------+------------+--+
              |physical |                
              |interface|                    ---> Physical ethernet interface [it can be PCI or USB-to-Ethernet-card adapters]
              +----+----+                
                   |                                     
                   |   ---> EAPoL/DOT1X packets
                   |                     
      +------------+------------+        
      |      AUTHENTICATOR      |        
      |                         |
      |  Cisco Catalyst Switch  |        
      +-------------------------+        


Looking on this alias I understood from Michal Privoznik that above is feasable.


Questions
1.Is it possible to create virtual interfaces that will be further managed by the NETWORK MANAGER ?
2.What would be the exact steps and commands to generate these interfaces having fresh OS installed ?

I have tried creating vNICs using virsh using bellow syntax but it will not start it and I am still not sure if in the end can be managed by the NETWORK MANAGER:
virsh iface-define   XML_LOCATION
virsh iface-list    ---> this will list interfaces created
virsh iface-start    INTERFACE_DEFINED_ABOVE


Note: There is no concern about resources consumed.

More information about the libvirt-users mailing list