Chapter 16. Configuring a network bridge

A network bridge is a link-layer device which forwards traffic between networks based on MAC addresses. The bridge device decides on forwarding packets based on a table of MAC addresses. The bridge builds the MAC addresses table by listening to network traffic and thereby learning what hosts are connected to each network.

For example, you can use a software bridge on a Red Hat Enterprise Linux 8 host:

  • To emulate a hardware bridge
  • In virtualization environments, to integrate virtual machines (VM) to the same network as the host

Due to the IEEE 802.11 standard which specifies the use of 3-address frames in Wi-Fi for the efficient use of airtime, you cannot configure a bridge over Wi-Fi networks operating in Ad-Hoc or Infrastructure modes.

16.1. Configuring a network bridge using nmcli commands

This section explains how to configure a network bridge using the nmcli utility.

Prerequisites

  • Two or more physical or virtual network devices are installed in the server.
  • You are logged in as the root user.

Procedure

  1. Create a bridge interface. For example, to create the bridge interface named bridge0, enter: 

    # nmcli connection add type bridge con-name bridge0 ifname bridge0

  2. Configure the IPv4 settings. For example, to set a static IPv4 address, network mask, default gateway, DNS server, and DNS search domain of the bridge0 connection, enter: 

    # nmcli connection modify bridge0 ipv4.addresses '192.0.2.1/24'
# nmcli connection modify bridge0 ipv4.gateway '192.0.2.254'
# nmcli connection modify bridge0 ipv4.dns '192.0.2.253'
# nmcli connection modify bridge0 ipv4.dns-search 'example.com'
# nmcli connection modify bridge0 ipv4.method manual

  3. Configure the IPv6 settings. For example, to set a static IPv6 address, network mask, default gateway, DNS server, and DNS search domain of the bridge0 connection, enter: 

    # nmcli connection modify bridge0 ipv6.addresses '2001:db8:1::1/64'
# nmcli connection modify bridge0 ipv6.gateway '2001:db8:1::fffe'
# nmcli connection modify bridge0 ipv6.dns '2001:db8:1::fffd'
# nmcli connection modify bridge0 ipv6.dns-search 'example.com'
# nmcli connection modify bridge0 ipv6.method manual

  4. Optionally, configure further properties of the bridge. For example, to set the Spanning Tree Protocol (STP) priority of bridge0 to 16384, enter: 

    # nmcli connection modify bridge0 bridge.priority '16384'

    By default, STP is enabled.

  5. Optionally, display the network interfaces, and note the names of the interfaces you want to add to the bridge as a slave in the next step: 

    # nmcli device
DEVICE  TYPE      STATE         CONNECTION
enp1s0  ethernet  connected     enp1s0
enp7s0  ethernet  disconnected  --
enp8s0  ethernet  disconnected  --
lo      loopback  unmanaged     --

  6. Assign the port interfaces to the bridge’s connection. For example, to add the interfaces named enp7s0 and enp8s0 to the bridge0 connection, enter: 

    # nmcli connection add type ethernet slave-type bridge con-name bridge0-port1 ifname enp7s0 master bridge0
# nmcli connection add type ethernet slave-type bridge con-name bridge0-port2 ifname enp8s0 master bridge0

  7. Activate the connection. For example, to activate the bridge0 connection, enter: 

    # nmcli connection up bridge0

  8. Verify that the slave devices are connected, and the CONNECTION column displays the slave’s connection name: 

    # nmcli  device
DEVICE   TYPE      STATE      CONNECTION
...
enp7s0   ethernet  connected  bridge0-port1
enp8s0   ethernet  connected  bridge0-port2

    Red Hat Enterprise Linux activates master and slave devices when the system boots. By activating any slave connection, the master is also activated. However, in this case, only one slave connection is activated. By default, activating the master does not automatically activate the slaves. However, you can enable this behavior by setting:

    1. Enable the connection.autoconnect-slaves parameter of the bridge connection: 

      # nmcli connection modify bridge0 connection.autoconnect-slaves 1

    2. Reactivate the bridge: 

      # nmcli connection up bridge0

Verification steps

  • Display the link status of Ethernet devices that are slaves of a specific bridge: 

    # ip link show master bridge0
3: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bridge0 state UP mode DEFAULT group default qlen 1000
    link/ether 52:54:00:62:61:0e brd ff:ff:ff:ff:ff:ff
4: enp8s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bridge0 state UP mode DEFAULT group default qlen 1000
    link/ether 52:54:00:9e:f1:ce brd ff:ff:ff:ff:ff:ff

  • Display the status of Ethernet devices that are slaves to any bridge device: 

    # bridge link show
3: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master bridge0 state forwarding priority 32 cost 100
4: enp8s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master bridge0 state listening priority 32 cost 100
5: enp9s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master bridge1 state forwarding priority 32 cost 100
6: enp11s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master bridge1 state blocking priority 32 cost 100
...

    To display the status for a specific Ethernet device, use the bridge link show dev ethernet_device_name command.

Additional resources

  • For more information on testing connections, see Chapter 33, Testing basic network settings.
  • For nmcli examples, see the nmcli-examples(7) man page.
  • For all bridge properties you can set, see the bridge settings section in the nm-settings(5) man page.
  • For all bridge port properties you can set, see the bridge-port settings section in the nm-settings(5) man page.
  • For details about the bridge utility, see the bridge(8) man page.
  • If the configuration on the disk does not match the configuration on the device, starting or restarting NetworkManager creates an in-memory connection that reflects the configuration of the device. For further details and how to avoid this problem, see NetworkManager duplicates a connection after restart of NetworkManager service.

16.2. Configuring a network bridge using nm-connection-editor

This section explains how to configure a network bridge using the nm-connection-editor application.

Prerequisites

  • Two or more physical or virtual network devices are installed in the server.

Procedure

  1. Open a terminal, and enter nm-connection-editor: 

    $ nm-connection-editor
  2. Click the + button to add a new connection.

  3. Select the Bridge connection type, and click Create.

    1. Optionally, set the name of the bridge interface in the Interface name field.

    2. Click the Add button to add a network interface as a slave to the bridge.

      1. Select the connection type of the interface. For example, select Ethernet for a wired connection.
      2. Optionally, set a connection name for the slave device.
      3. In the Device field on the Ethernet tab, select the network interface you want to add as a slave to the bridge.
      4. Click Save.

    3. Repeat the previous step for each interface you want to add to the bridge.

      add nic to bridge in nm connection editor

    4. Optionally, configure further bridge settings, such as Spanning Tree Protocol (STP) options.
  4. On the IPv4 Settings tab, configure the IPv4 settings. For example, set a static IPv4 address, network mask, default gateway, DNS server, and DNS search domain: bridge IPv4 settings nm connection editor
  5. On the IPv6 Settings tab, configure the IPv6 settings. For example, set a static IPv6 address, network mask, default gateway, DNS server, and DNS search domain: bridge IPv6 settings nm connection editor
  6. Save the bridge connection.
  7. Close nm-connection-editor.

Verification steps

  • Display the link status of Ethernet devices that are slaves of a specific bridge. 

    # ip link show master bridge0
3: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bridge0 state UP mode DEFAULT group default qlen 1000
    link/ether 52:54:00:62:61:0e brd ff:ff:ff:ff:ff:ff
4: enp8s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bridge0 state UP mode DEFAULT group default qlen 1000
    link/ether 52:54:00:9e:f1:ce brd ff:ff:ff:ff:ff:ff

  • Display the status of Ethernet devices that are slaves to any bridge device: 

    # bridge link show
3: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master bridge0 state forwarding priority 32 cost 100
4: enp8s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master bridge0 state listening priority 32 cost 100
5: enp9s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master bridge1 state forwarding priority 32 cost 100
6: enp11s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master bridge1 state blocking priority 32 cost 100
...

    To display the status for a specific Ethernet device, use the bridge link show dev ethernet_device_name command.

Additional resources