I know how to create a bridge using brctl, but I have been advised not to use this anymore, and to use iproute2 or ip instead(since brctl is deprecated presumably). Assuming this is good advice, how do I create a bridge using ip? For instance, say I wanted to bridge eth0 and eth1.
-
2Look at the archwiki page wiki.archlinux.org/index.php/Network_bridgeDani_l– Dani_l2016-01-15 09:05:42 +00:00Commented Jan 15, 2016 at 9:05
Add a comment
|
3 Answers
You can use the bridge object ip the ip command, or the bridge command that makes part of the iproute2 package.
Basic link manipulation
To create a bridge named br0, that have eth0 and eth1 as members:
ip link add name br0 type bridge
ip link set dev br0 up
ip link set dev eth0 master br0
ip link set dev eth1 master br0
To remove an interface from the bridge:
ip link set dev eth0 nomaster
And finally, to destroy a bridge after no interface is member:
ip link del br0
Forwarding manipulation
To manipulate other aspects of the bridge like the FDB(Forwarding Database) I suggest you to take a look at the bridge(8) command. Examples:
Show forwarding database on br0
bridge fdb show dev br0
Disable a port(eth0) from processing BPDUs. This will make the interface filter any incoming bpdu
bridge link set dev eth0 guard on
Setting STP Cost to a port(eth1 for example):
bridge link set dev eth1 cost 4
To set root guard on eth1:
bridge link set dev eth1 root_block on
Cost is calculated using some factors, and the link speed is one of them. Using a fix cost and disabling the processing of BPDUs and enabling root_block is somehow simmilar to a guard-root feature from switches.
Other features like vepa, veb and hairpin mode can be found on bridge link sub-command list.
VLAN rules manipulation
The vlan object from the bridge command will allow you to create ingress/egress filters on bridges.
To show if there is any vlan ingress/egress filters:
bridge vlan show
To add rules to a given interface:
bridge vlan add dev eth1 <vid, pvid, untagged, self, master>
To remove rules. Use the same parameters as vlan add at the end of the command to delete a specific rule.
bridge vlan delete dev eth1
Related stuff:
-
There are a couple bridge parameters you can't set with the
bridgeutil, e.g.ip link set br0 type bridge stp_state 1, can see more withip link help bridgeCheetah– Cheetah2016-06-23 23:32:17 +00:00Commented Jun 23, 2016 at 23:32 -
I am trying to do the same on current Ubuntu 22.04 - but I still cannot ping hosts on ther sides of the bridge. Has anything changed since 2016?..Vasyl Demianov– Vasyl Demianov2022-11-11 10:38:25 +00:00Commented Nov 11, 2022 at 10:38
The equivalent of brctl show is bridge link.
You can show the bridge status per device with bridge link show dev eth0 but bridge looks at the network interface and tells you which bridge it belongs to - not which network interfaces belong to a certain bridge.
There doesn't seem to be a equivalent to brctl show br0.
You could get something similar by using grep, though:
ip link | grep "master br0"
As I'm point-low unable to comment on Dominik's post and contribute, today we have that command right there. It's:
ip link show master <bridge name>
HTH.
PS: Also discover beauty of "group" config. element to manipulate link group of interest.
