Red Hat Training

A Red Hat training course is available for RHEL 8

Chapter 12. Configuring a network bridge

A network bridge is a link-layer device which forwards traffic between networks based on a table of MAC addresses. The bridge builds the MAC addresses table by listening to network traffic and thereby learning what hosts are connected to each network. For example, you can use a software bridge on a Red Hat Enterprise Linux 8 host to emulate a hardware bridge or in virtualization environments, to integrate virtual machines (VM) to the same network as the host.

A bridge requires a network device in each network the bridge should connect. When you configure a bridge, the bridge is called controller and the devices it uses ports.

You can create bridges on different types of devices, such as:

  • Physical and virtual Ethernet devices
  • Network bonds
  • Network teams
  • VLAN devices

Due to the IEEE 802.11 standard which specifies the use of 3-address frames in Wi-Fi for the efficient use of airtime, you cannot configure a bridge over Wi-Fi networks operating in Ad-Hoc or Infrastructure modes.

12.1. Configuring a network bridge using nmcli commands

This section explains how to configure a network bridge using the nmcli utility.

Prerequisites

Procedure

  1. Create a bridge interface: 

    # nmcli connection add type bridge con-name bridge0 ifname bridge0

    This command creates a bridge named bridge0, enter:

  2. Display the network interfaces, and note the names of the interfaces you want to add to the bridge: 

    # nmcli device status
DEVICE  TYPE      STATE         CONNECTION
enp7s0  ethernet  disconnected  --
enp8s0  ethernet  disconnected  --
bond0   bond      connected     bond0
bond1   bond      connected     bond1
...

    In this example:

    • enp7s0 and enp8s0 are not configured. To use these devices as ports, add connection profiles in the next step.
    • bond0 and bond1 have existing connection profiles. To use these devices as ports, modify their profiles in the next step.

  3. Assign the interfaces to the bridge.

    1. If the interfaces you want to assign to the bridge are not configured, create new connection profiles for them: 

      # nmcli connection add type ethernet slave-type bridge con-name bridge0-port1 ifname enp7s0 master bridge0
# nmcli connection add type ethernet slave-type bridge con-name bridge0-port2 ifname enp8s0 master bridge0

      These commands create profiles for enp7s0 and enp8s0, and add them to the bridge0 connection.

    2. If you want to assign an existing connection profile to the bridge, set the master parameter of these connections to bridge0: 

      # nmcli connection modify bond0 master bridge0
# nmcli connection modify bond1 master bridge0

      These commands assign the existing connection profiles named bond0 and bond1 to the bridge0 connection.

  4. Configure the IP settings of the bridge. Skip this step if you want to use this bridge as a ports of other devices.

    1. Configure the IPv4 settings. For example, to set a static IPv4 address, network mask, default gateway, DNS server, and DNS search domain of the bridge0 connection, enter: 

      # nmcli connection modify bridge0 ipv4.addresses '192.0.2.1/24'
# nmcli connection modify bridge0 ipv4.gateway '192.0.2.254'
# nmcli connection modify bridge0 ipv4.dns '192.0.2.253'
# nmcli connection modify bridge0 ipv4.dns-search 'example.com'
# nmcli connection modify bridge0 ipv4.method manual

    2. Configure the IPv6 settings. For example, to set a static IPv6 address, network mask, default gateway, DNS server, and DNS search domain of the bridge0 connection, enter: 

      # nmcli connection modify bridge0 ipv6.addresses '2001:db8:1::1/64'
# nmcli connection modify bridge0 ipv6.gateway '2001:db8:1::fffe'
# nmcli connection modify bridge0 ipv6.dns '2001:db8:1::fffd'
# nmcli connection modify bridge0 ipv6.dns-search 'example.com'
# nmcli connection modify bridge0 ipv6.method manual

  5. Optional: Configure further properties of the bridge. For example, to set the Spanning Tree Protocol (STP) priority of bridge0 to 16384, enter: 

    # nmcli connection modify bridge0 bridge.priority '16384'

    By default, STP is enabled.

  6. Activate the connection: 

    # nmcli connection up bridge0

  7. Verify that the ports are connected, and the CONNECTION column displays the port’s connection name: 

    # nmcli device
DEVICE   TYPE      STATE      CONNECTION
...
enp7s0   ethernet  connected  bridge0-port1
enp8s0   ethernet  connected  bridge0-port2

    Red Hat Enterprise Linux activates controller and ports when the system boots. By activating any port connection, the controller is also activated. However, in this case, only one port connection is activated. By default, activating the controller does not automatically activate the ports. However, you can enable this behavior by setting:

    1. Enable the connection.autoconnect-slaves parameter of the bridge connection: 

      # nmcli connection modify bridge0 connection.autoconnect-slaves 1

    2. Reactivate the bridge: 

      # nmcli connection up bridge0

Verification steps

  • Display the link status of Ethernet devices that are ports of a specific bridge: 

    # ip link show master bridge0
3: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bridge0 state UP mode DEFAULT group default qlen 1000
    link/ether 52:54:00:62:61:0e brd ff:ff:ff:ff:ff:ff
4: enp8s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bridge0 state UP mode DEFAULT group default qlen 1000
    link/ether 52:54:00:9e:f1:ce brd ff:ff:ff:ff:ff:ff

  • Display the status of Ethernet devices that are ports of any bridge device: 

    # bridge link show
3: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master bridge0 state forwarding priority 32 cost 100
4: enp8s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master bridge0 state listening priority 32 cost 100
5: enp9s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master bridge1 state forwarding priority 32 cost 100
6: enp11s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master bridge1 state blocking priority 32 cost 100
...

    To display the status for a specific Ethernet device, use the bridge link show dev ethernet_device_name command.

Additional resources

12.2. Configuring a network bridge using nm-connection-editor

This section explains how to configure a network bridge using the nm-connection-editor application.

Note that nm-connection-editor can add only new ports to a bridge. To use an existing connection profile as a port, create the bridge using the nmcli utility as described in Configuring a network bridge using nmcli commands.

Prerequisites

  • Two or more physical or virtual network devices are installed on the server.
  • To use Ethernet devices as ports of the bridge, the physical or virtual Ethernet devices must be installed on the server.
  • To use team, bond, or VLAN devices as ports of the bridge, ensure that these devices are not already configured.

Procedure

  1. Open a terminal, and enter nm-connection-editor: 

    $ nm-connection-editor
  2. Click the + button to add a new connection.
  3. Select the Bridge connection type, and click Create.

  4. In the Bridge tab:

    1. Optional: Set the name of the bridge interface in the Interface name field.

    2. Click the Add button to create a new connection profile for a network interface and adding the profile as a port to the bridge.

      1. Select the connection type of the interface. For example, select Ethernet for a wired connection.
      2. Optionally, set a connection name for the port device.
      3. If you create a connection profile for an Ethernet device, open the Ethernet tab, and select in the Device field the network interface you want to add as a port to the bridge. If you selected a different device type, configure it accordingly.
      4. Click Save.

    3. Repeat the previous step for each interface you want to add to the bridge.

      add nic to bridge in nm connection editor

  5. Optional: Configure further bridge settings, such as Spanning Tree Protocol (STP) options.

  6. Configure the IP settings of the bridge. Skip this step if you want to use this bridge as a port of other devices.

    1. In the IPv4 Settings tab, configure the IPv4 settings. For example, set a static IPv4 address, network mask, default gateway, DNS server, and DNS search domain:

      bridge IPv4 settings nm connection editor

    2. In the IPv6 Settings tab, configure the IPv6 settings. For example, set a static IPv6 address, network mask, default gateway, DNS server, and DNS search domain:

      bridge IPv6 settings nm connection editor

  7. Save the bridge connection.
  8. Close nm-connection-editor.

Verification steps

  • Display the link status of Ethernet devices that are ports of a specific bridge. 

    # ip link show master bridge0
3: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bridge0 state UP mode DEFAULT group default qlen 1000
    link/ether 52:54:00:62:61:0e brd ff:ff:ff:ff:ff:ff
4: enp8s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bridge0 state UP mode DEFAULT group default qlen 1000
    link/ether 52:54:00:9e:f1:ce brd ff:ff:ff:ff:ff:ff

  • Display the status of Ethernet devices that are ports in any bridge device: 

    # bridge link show
3: enp7s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master bridge0 state forwarding priority 32 cost 100
4: enp8s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master bridge0 state listening priority 32 cost 100
5: enp9s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master bridge1 state forwarding priority 32 cost 100
6: enp11s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master bridge1 state blocking priority 32 cost 100
...

    To display the status for a specific Ethernet device, use the bridge link show dev ethernet_device_name command.

Additional resources

12.3. Configuring a network bridge using nmstatectl

This section describes how to use the nmstatectl utility to configure a Linux network bridge bridge0 with following settings:

  • Network interfaces in the bridge: enp1s0 and enp7s0
  • Spanning Tree Protocol (STP): Enabled
  • Static IPv4 address: 192.0.2.1 with the /24 subnet mask
  • Static IPv6 address: 2001:db8:1::1 with the /64 subnet mask
  • IPv4 default gateway: 192.0.2.254
  • IPv6 default gateway: 2001:db8:1::fffe
  • IPv4 DNS server: 192.0.2.200
  • IPv6 DNS server: 2001:db8:1::ffbb
  • DNS search domain: example.com

Prerequisites

  • Two or more physical or virtual network devices are installed on the server.
  • To use Ethernet devices as ports in the bridge, the physical or virtual Ethernet devices must be installed on the server.
  • To use team, bond, or VLAN devices as ports in the bridge, set the interface name in the port list, and define the corresponding interfaces.
  • The nmstate package is installed.

Procedure

  1. Create a YAML file, for example ~/create-bridge.yml, with the following contents: 

    ---
interfaces:
- name: bridge0
  type: linux-bridge
  state: up
  ipv4:
    enabled: true
    address:
    - ip: 192.0.2.1
      prefix-length: 24
    dhcp: false
  ipv6:
    enabled: true
    address:
    - ip: 2001:db8:1::1
      prefix-length: 64
    autoconf: false
    dhcp: false
  bridge:
    options:
      stp:
        enabled: true
    port:
      - name: enp1s0
      - name: enp7s0
- name: enp1s0
  type: ethernet
  state: up
- name: enp7s0
  type: ethernet
  state: up

routes:
  config:
  - destination: 0.0.0.0/0
    next-hop-address: 192.0.2.254
    next-hop-interface: bridge0
  - destination: ::/0
    next-hop-address: 2001:db8:1::fffe
    next-hop-interface: bridge0
dns-resolver:
  config:
    search:
    - example.com
    server:
    - 192.0.2.200
    - 2001:db8:1::ffbb

  2. Apply the settings to the system: 

    # nmstatectl set ~/create-bridge.yml

Verification steps

  1. Display the status of the devices and connections: 

    # nmcli device status
DEVICE      TYPE      STATE      CONNECTION
bridge0     bridge    connected  bridge0

  2. Display all settings of the connection profile: 

    # nmcli connection show bridge0
connection.id:              bridge0
connection.uuid:            e2cc9206-75a2-4622-89cf-1252926060a9
connection.stable-id:       --
connection.type:            bridge
connection.interface-name:  bridge0
...

Additional resources

  • For further details about nmstatectl, see the nmstatectl(8) man page.
  • For more configuration examples, see the /usr/share/doc/nmstate/examples/ directory.