This topic contains guidelines for using the target platform as a network bridge between two networks.
To make a target platform act as a network bridge between two networks:
The target platform must have at least two network interfaces (either wired or wireless).
The Linux kernel image of the target platform must support network bridging. By default, the Linux kernel compiled with Digi Embedded Yocto already supports bridging.
There are two methods for connecting a pair of networks:
Bridging: The platform device acts like a tunnel that connects the two networks (or two network segments), forming one big subnet that allows devices to connect to each other without the need for routers.
IP forwarding: The platform device translates the address of a packet to a new destination according to a routing table.
The following instructions explain the bridging method.
Access point bridging
This chapter illustrates how to configure a target platform to act as a network bridge. Consider the following scenario:
A target platform embedded device acts as the bridge.
The target is connected through one wired Ethernet interface to a wired LAN that has access to the Internet.
There are three Wi-Fi devices to connect by bridge.
There is no Wi-Fi AP, so the Wi-Fi devices cannot access the LAN.
By configuring the platform as a bridge, you can connect the three Wi-Fi devices to the LAN and gain access to the Internet.
|A network bridge can be established between two network interfaces of any kind: two wired Ethernets, a wired Ethernet and a USB-Ethernet gadget, a USB-Ethernet gadget and a Wi-Fi interface, and so on.|
This topic demonstrates how to establish a network bridge between a wired Ethernet (eth0) and a Wi-Fi interface in AP mode (wlan0), including how to configure the Wi-Fi interface. You can follow similar steps to create the bridge between arbitrary network interfaces as long as you configure each interface properly.
|Digi programs one MAC address for the Wi-Fi interface during manufacturing of the SOM. This is the MAC address used for the wlan0 interface. The Wi-Fi chip supports up to three other virtual MAC addresses that you need to program before using (otherwise they have default values). See Environment variables for instructions.|
Network bridging support on the kernel
Network bridging support on the kernel requires the following options:
Networking support --> Networking options --> [*] 802.1d Ethernet Bridging (CONFIG_BRIDGE) [*] IGMP MLD snooping (CONFIG_BRIDGE_IGMP_SNOOPING)
|These options are enabled by default on Digi Embedded Yocto kernel configuration.|
For the bridge to work, you must prevent the Network Manager daemon from managing the network interfaces involved in the bridge.
Add the relevant network interfaces (in the example eth0 and wlan1) to the list of unmanaged-devices in /etc/NetworkManager/NetworkManager.conf.
[main] plugins=ifupdown,keyfile no-auto-default=type:ethernet rc-manager=file [ifupdown] managed=false [keyfile] unmanaged-devices=interface-name:p2p*;interface-name:wlan1;interface-name:eth0 [device] wifi.scan-rand-mac-address=no
Restart the Network Manager daemon to use the new configuration:
~# systemctl restart NetworkManager.service
Wired network interface
Make sure the wired network interface is connected to the network and bring it up:
~# ifconfig eth0 up
Wireless network interface
Bring the Wi-Fi interface down to reconfigure it:
~# ifdown wlan1
Configuration as SoftAP
Configure the Wi-Fi interface as SoftAP. Edit the file /etc/network/interfaces and type the following for the Wi-Fi interface:
auto wlan1 iface wlan1 inet manual post-up systemctl start firstname.lastname@example.org pre-down systemctl stop email@example.com
Sets the Wi-Fi interface as manual so that it doesn’t get an IP when it is brought up.
Calls the systemd service firstname.lastname@example.org that runs the hostapd daemon.
Configure the connection settings of your wireless interface at file /etc/hostapd_<iface>.conf on your target’s root filesystem. The following example shows a configuration that uses WPA-PSK/AES authentication with SSID my-bridge-ap:
ctrl_interface=/var/run/hostapd ctrl_interface_group=0 interface=wlan1 driver=nl80211 # WPA2-AES encryption ssid=my-brigde-ap auth_algs=1 wpa=2 wpa_key_mgmt=WPA-PSK wpa_pairwise=CCMP wpa_passphrase=password-wpa2aes # IEEE 802.11ac hw_mode=a channel=36 ieee80211ac=1 ieee80211n=1
Start the Wi-Fi interface as SoftAP
Bring the interface up with the new SoftAP configuration:
~# ifup wlan1
Create the bridge interface br0:
~# brctl addbr br0
Remove the IP addresses of the two network interfaces that the bridge will join (in this example eth0 and wlan1).
~# ifconfig eth0 0.0.0.0 ~# ifconfig wlan1 0.0.0.0
Add each network interface to the br0 bridge:
~# brctl addif br0 eth0 ~# brctl addif br0 wlan1
Verify the bridge lists the two interfaces:
~# brctl show bridge name bridge id STP enabled interfaces br0 8000.0004f3280000 no eth0 wlan1
If the interfaces are not correctly listed as associated to the bridge, delete the bridge and recreate it. To remove the bridge and restart the procedure, do the following:
Assign a static or dynamic IP address to the bridge.
This step is optional but recommended if you want to reach the bridge (the target platform) in the network.
~# ifconfig br0 192.168.1.5 netmask 255.255.0.0
Bring the bridge up:
~# ifconfig br0 up
Configuration is complete. Your Wi-Fi devices should now be able to connect to the target platform (acting as SoftAP), and reach any device in the LAN network, or the Internet (if the LAN has access to it).
Create the bridge interface automatically at boot time
To automatically create the bridge interface at startup, edit /etc/network/interface and add the following lines at the end of the file:
auto br0 iface br0 inet static bridge_ports eth0 wlan1 address 192.168.1.5 netmask 255.255.0.0
|The bridge must appear as the last item in the file to make sure the involved interfaces exist when the bridge is created.|
Client side bridging (Wi-Fi extender)
For a Wi-Fi extender configuration both the AP and the client sides needs to be bridged. This configuration allows to extend a wireless LAN across a Wi-Fi direct bridge, effectively extending the LAN.
802.11 4 address mode
The 802.11 standard uses three fields on the MAC frame to carry layer 2 MAC address information. This 3 address model does not support client side bridging as the source MAC address is dropped on the frames transmitted between AP and station. To overcome this limitation, 802.11 defines an optional 4 address mode. The 802.11 standard only provisions the extra field without providing implementation details.
Several OEMs use this 4 address mode to implement Wi-Fi extender features, for example for Wireless Distribution Service (WDS). These implementations are non-standard and require matching hardware and software on all devices, and usually require softMAC chipsets, that is, chipsets that use the mac80211 layer on the Linux kernel. This softMAC devices usually suffer from a performance penalty compared to devices that implement their own MAC layer in hardware (hard MAC).
The QCA6574 chipset is a hard MAC device and 4 address mode is not currently supported.
Wi-Fi extender with BATMAN layer 2 protocol
However, Wi-Fi extender can be implemented by using a layer 2 routing protocol to provide the source address resolution missing from the 3 address 802.11 mode.
The setup below uses the BATMAN (Better Approach to Mobile Adhoc Networking) layer 2 protocol implemented as a driver in the Linux kernel:
Configure the Linux kernel with support for BATMAN advanced.
Networking support --> Networking options --> [*] B.A.T.M.A.N Advanced Meshing Protocol (CONFIG_BATMAN_ADV)
|These options are enabled by default on Digi Embedded Yocto kernel configuration.|
Set up a Wi-Fi direct link, for example using the Negotiated GO method described at Wi-Fi Direct.
Add the P2P interface to the BATMAN interface at both ends:
~# batctl if add p2p-p2p0-0 ~# ip link set up dev bat0
Bridge the wired Ethernet and BATMAN interface at both ends:
~# ifconfig eth0 0.0.0.0 ~# ifconfig bat0 0.0.0.0 ~# brctl addbr br0 ~# brctl addif br0 eth0 ~# brctl addif br0 bat0 ~# ifconfig br0 up
The network will take up to 30 seconds to be established as the nodes need to discover each other. Devices at both sides of the bridge should now be configured on the same subnet and will be able to ping each other.
Automatic Wi-Fi extender setup
To automatically establish a Wi-Fi extender link between p2p0 and eth0, configure NetworkManager as follows:
Edit the /etc/NetworkManager/NetworkManager.conf file specify the unmanaged interfaces involved in the bridge:/etc/NetworkManager/NetworkManager.conf
Add a new br0 connection with a p2p-bridge connection ID to /etc/NetworkManager/system-connections/:
~# nmcli con add type bridge ifname br0 con-name p2p-bridge ip4 <local_bridge_IP>/24
Replace the <local_bridge_IP> above with the IP address you want to assign to the local bridge.
That command will create the file shown next:/etc/NetworkManager/system-connections/p2p-bridge.nmconnection
[connection] id=p2p-bridge type=bridge interface-name=br0 [ipv4] address1=<local_bridge_IP>/24 dns-search= method=manual [ipv6] addr-gen-mode=stable-privacy dns-search= method=auto
Edit the /etc/network/interfaces file to add the P2P peer MAC address to the p2p0 interface:/etc/network/interfaces
Use the MAC address associated with the p2p0 interface. For example, for the following device:
~# iw dev phy#0 Interface p2p0 ifindex 7 wdev 0x2 addr 02:04:f3:8d:40:03 type managed txpower 0.00 dBm Interface wlan0 ifindex 6 wdev 0x1 addr 00:04:f3:8d:40:03 type managed txpower 0.00 dBm
|If you want to use interfaces other than p2p0 and eth0 modifications in the script source are required.|