What is a Linux Bridge? How to Configure it?

As per Redhat’s definition of Linux Bridge:

“A network bridge is a link-layer device which forwards traffic between networks based on MAC addresses. It makes forwarding decisions based on a table of MAC addresses which it builds by listening to network traffic and thereby learning what hosts are connected to each network. A software bridge can be used within a Linux host in order to emulate a hardware bridge, for example in virtualization applications for sharing a NIC with one or more virtual NICs.”

It is also possible that Linux Bridge can be setup to bond multiple Ethernet Devices together and present them as a single interface. In some cases, this might be useful to load balance and high availability of networks. In this article we will learn about configuring a Bridge. There are multiple ways to achieve the goal, but, we will use brctl command provided by bridge-utils package.

The brctl Command

brctl stands for Bridge Control. A quick help on brctl show number of useful options to add, delete and set parameters on Linux Bridge.

[vagrant@server ~]$ brctl -h
Usage: brctl [commands]
commands:
addbr <bridge> add bridge
delbr <bridge> delete bridge
addif <bridge> <device> add interface to bridge
delif <bridge> <device> delete interface from bridge
setageing <bridge> <time> set ageing time
setbridgeprio <bridge> <prio> set bridge priority
setfd <bridge> <time> set bridge forward delay
sethello <bridge> <time> set hello time
setmaxage <bridge> <time> set max message age
sethashel <bridge> <int> set hash elasticity
sethashmax <bridge> <int> set hash max
setmclmc <bridge> <int> set multicast last member count
setmcrouter <bridge> <int> set multicast router
setmcsnoop <bridge> <int> set multicast snooping
setmcsqc <bridge> <int> set multicast startup query count
setmclmi <bridge> <time> set multicast last member interval
setmcmi <bridge> <time> set multicast membership interval
setmcqpi <bridge> <time> set multicast querier interval
setmcqi <bridge> <time> set multicast query interval
setmcqri <bridge> <time> set multicast query response interval
setmcqri <bridge> <time> set multicast startup query interval
setpathcost <bridge> <port> <cost> set path cost
setportprio <bridge> <port> <prio> set port priority
setportmcrouter <bridge> <port> <int> set port multicast router
show [ <bridge> ] show a list of bridges
showmacs <bridge> show a list of mac addrs
showstp <bridge> show bridge stp info
stp <bridge> {on|off} turn stp on/off

Setting up a Linux Bridge

You can setup a new bridge using addbr option along with brctl command.

brctl addbr br0

In order to View the current bridges in system,  add show option to brctl

[vagrant@server ~]$ brctl show
bridge name    bridge id          STP enabled   interfaces
br0            8000.000c298f0307  no

Assign an Interface to Linux Bridge

From an output above, you can see that there is br0 bridge configured, however, no interface is connected to it. In order to assign a physical/virtual NIC, you can issue the following command.

 brctl addif br0 eth3

Verify using brctl show command.

[vagrant@server ~]$ brctl show
bridge name    bridge id          STP enabled   interfaces
br0            8000.000c298f0307  no            eth3

Enable Networking

You can bind an existing virtual/physical NIC to the Bridge. The configuration file (in Centos 6-7) resides in /etc/sysconfig/network-scripts/ifcfg-<interfaceNumber> for Physical interface and /etc/sysconfig/network-scripts/br-<bridgeName> for Bridge interface. In order to enable the networking, two files need to be edited.  Also, a point to be noted is that IP Address is assigned to the Bridged Interface instead of the Physical/Virtual Nic itself.

Samle Output of ip link command

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
 link/ether 00:0c:29:8f:03:fd brd ff:ff:ff:ff:ff:ff
3: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
 link/ether 00:0c:29:8f:03:07 brd ff:ff:ff:ff:ff:ff
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
 link/ether 00:0c:29:8f:03:07 brd ff:ff:ff:ff:ff:ff
A typical configuration file for br0 interface will look like this
[root@server vagrant]# cat /etc/sysconfig/network-scripts/ifcfg-br0
 DEVICE="br0"
 TYPE="bridge"
 IPADDR=192.168.145.136
 NETMASK=255.255.255.0
 GATEWAY=192.168.145.2
 ONBOOT=yes
 BOOTPROTO="static"
 NM_CONTROLLED=no
 DELAY=0

Note:  IP Address is assigned to br0 interface instead of the eth3. Type should be bridge

Interface Configuration file should be configured as below
[root@server vagrant]# cat /etc/sysconfig/network-scripts/ifcfg-eth3
DEVICE=eth3
BOOTPROTO=none
ONBOOT=yes
NM_CONTROLLED=no
BRIDGE=br0

And finally, restart the Network Service

sudo service network restart

Sample output of ip a  command

[root@server vagrant]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo
 inet6 ::1/128 scope host
 valid_lft forever preferred_lft forever
2: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
 link/ether 00:0c:29:8f:03:fd brd ff:ff:ff:ff:ff:ff
 inet 192.168.145.129/24 brd 192.168.145.255 scope global eth2
 inet6 fe80::20c:29ff:fe8f:3fd/64 scope link
 valid_lft forever preferred_lft forever
3: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
 link/ether 00:0c:29:8f:03:07 brd ff:ff:ff:ff:ff:ff
 inet6 fe80::20c:29ff:fe8f:307/64 scope link
 valid_lft forever preferred_lft forever
6: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN
 link/ether 00:0c:29:8f:03:07 brd ff:ff:ff:ff:ff:ff
 inet 192.168.145.136/24 brd 192.168.145.255 scope global br0
 inet6 fe80::20c:29ff:fe8f:307/64 scope link
 valid_lft forever preferred_lft forever

As you can see from the output above, we have an IP Address assigned to our bridge. This bridge will be presented to the applications as such a physical NIC is answering there call. And, that’s all about What is a Linux Bridge? How to Configure it?

Share your thoughts

*