Quickstart

RBridge securely connects two distinct Ethernet LANs as they were connected by plugging a very long cable between two switches over the distance.

The instructions below guide you through the overall process. If there are any problems, difficulties or questions don’t hesitate to contact us at support@inlab.de .

1. Preparations and Planning

  • Identify or setup two machines where the RBridge endpoints will be installed.
  • Each RBridge on each side needs an interface (NIC) connected to the Ethernet LAN that will be forwarded and bidirectionally connected to the other side.
  • Both RBridges need some way to talk to each other. This may be a public Internet connection with or without NAT, or internal routing (if your RBridge installation remains within your datacenter). The IP connection between both RBridge endpoints may go over the same NIC that is being forwarded.
  • Make yourself familiar with the IP address spaces being connected. IP address conflicts need to be avoided since two Ethernets will be connected as with a network cable between switches.
  • Define a unique MAC (message authentication code) secret being used for authentication (we’ll use “MY-OWN-MACSECRET” as a placeholder in this document).
  • Define an encryption key being used for encryption (we’ll use “MY-OWN-ENCRYPTION-KEY” as a placeholder in this document).
  • Define a registry link name being used for registry communication (we’ll use “MY-OWN-LINKNAME” as a placeholder in this document).

2. Download

Download the RBridge packages for your two RBridge endpoints here: RBridge Download. You may freely choose the platform for each side.

3. Install

The complete installation instructions for all available platforms are here: Installation of RBridge.

4. Configure

Here’s a more complete set of RBridge Configuration Examples: RBridge Configuration Examples . The configuration parameters are kept in /etc/rbridge.conf per default.

If you wish to dig deeper into all configuration details look here: rbridge.conf Reference.

For this “Quickstart” instructions we distinguish the following two different cases:

Case 1: At least one RBridge endpoint is reachable at a fixed address

In this case RBridge endpoint B is reachable at a fixed IPv4 address (being ::ffff:10.3.4.1 in this example). Thus, only RBridge endpoint A needs to have the parameter remote_address set (RBridge endpoint B will automatically learn the communication parameters from RBridge endpoint A).

/etc/rbridge.conf on endpoint A

interface=        eth0
macsecret=        "MY-OWN-MACSECRET"
key=              "MY-OWN-ENCRYPTION-KEY"
remote_address=   ::ffff:10.3.4.11

/etc/rbridge.conf on endpoint B

interface=        eth0
macsecret=        "MY-OWN-MACSECRET"
key=              "MY-OWN-ENCRYPTION-KEY"

Case 2: Both RBridge endpoints do not know how to contact the peer

In this case the public RBridge registry r.inlab.net is consulted to determine the mutual communication parameters. This is done without revealing any authentication or encryption information.

/etc/rbridge.conf on endpoint A

interface=         eth0
macsecret=         "MY-OWN-MACSECRET"
key=               "MY-OWN-ENCRYPTION-KEY"
registry_linkname= "MY-OWN-LINKNAME"

/etc/rbridge.conf on endpoint B

interface=         eth0
macsecret=         "MY-OWN-MACSECRET"
key=               "MY-OWN-ENCRYPTION-KEY"
registry_linkname= "MY-OWN-LINKNAME"

5. Run

To start RBridge just enter “rbridge start” with root permissions on both sides. The complete rbridge command overview is here: The “rbridge” Shell Command, Usage and Options.

6. Test

For testing your configuration we recommend the following:

Use the command “status” in the “rbridge control” CLI. As soon as you see a “link ESTABLISHED to nodeid xx.yy.zz.xx.yy.zz” status you are all set. Take also a close look at the counters: Both, remote and local counter should be counting upwards.

If you are running RBridge in a VMware VM take a look at this: Operating RBridge on a VMware Virtual Machine . Last but not least try to connect from one side to the other.

7. Licensing

If you are done with testing and wish to license RBridge, these are the steps:

Licensing for the Raspberry Pi platform is free, you find the credentials directly on the RBridge License Keyfactory page.

Purchase the desired number of licenses here: RBridge License Shop

As soon as you have received your credentials, you can generate your license keys here: RBridge License Keyfactory

8. Warning

RBridge may theoretically be abused by an attacker by secretly running it in a network providing unwanted external Layer 2 access.

To identify potentially unwanted RBridge installations, RBridge is able to scan Ethernet LANs and report back all listening RBridges.

This scanning mode requires no licensing and should be included in existing internal security scan procedures.

For more information about this scanning mode see the “rbridge -s” command here: The “rbridge” Shell Command, Usage and Options