Build a network bridge with Fedora

Network switches are common these days. You can even find quite a few designed for home use. But you can also build a virtual switch using a network bridge in Fedora.

This is most commonly used to connect virtual guests to a network without being behind Network Address Translation (NAT) but can also be used to daisy chain systems together.

A bridge is a network connection that combines multiple network adapters. This way devices attached via the different adapters can talk to each other as if directly connected with a normal network switch. This software switch is the basis for more complicated technologies such as Open VSwitch.

Since the switch is purely software, it’s important to avoid accidentally creating a loop (physically or virtually) if Spanning Tree Protocol (STP) is disabled. Otherwise, the system is likely to bottleneck at 100% CPU use and be very slow to respond, if not grind to a halt.

Moving on from bridge-utils deprecation

Previously

brctl

from the

bridge-utils

package was used to create and manipulate the bridge virtual interfaces. However this was deprecated a while back and has been superseded by the

iproute2

suite of tools for most aspects.

To create a new bridge, use this command:

$ ip link add br0 type bridge

At this point,

ip link

will show the network interface that exists, but in a down state, as there’s no interfaces connected to it:

3: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
 link/ether 12:bb:3a:9c:02:33 brd ff:ff:ff:ff:ff:ff

You can then add physical network interfaces to the bridge. Be sure not to accidentally cut off a remote connection when doing so! These commands add the

eth0

and

eth1

interfaces to the bridge just created.

$ ip link set eth0 master br0
$ ip link set eth1 master br0

Now, you can create an IP address on the bridge host, so it can be addressed on the network:

$ ip address add 192.168.1.100/24 dev br0

If you’d like to see the configuration of the bridge, use this command:

$ ip -d link sh br0
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
 link/ether 52:54:00:4b:c5:95 brd ff:ff:ff:ff:ff:ff promiscuity 0 
 bridge forward_delay 1500 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32768 vlan_filtering 0 vlan_protocol 802.1Q addrgenmode eui64

To change the configuration of the bridge using

ip bridge link set

or

ip link set

can be used for most aspects. Some spanning tree configuration either needs to be changed via

brctl

or via the

proc

interface.

$ brctl show br0
bridge name bridge id STP enabled interfaces
br0 8000.5254004bc595 no ens3

echo 1 >  /sys/class/net/br0/bridge/stp_state

$ brctl show br0
bridge name bridge id STP enabled interfaces
br0 8000.5254004bc595 yes ens3

While these commands will properly set up a bridge, the network setup won’t be persistent. In other words, when you reboot the system, you’d have to set up the bridge again.

Persistent bridge configuration

Let’s assume one of the network adapters to be connected to the bridge is

eth0

. You may want to start by making a backup of the configuration file.

$ sudo cp /etc/sysconfig/network-scripts/ifcfg-eth0 /root/

Now, create a configuration file for the bridge

br0

with the following contents, as

 /etc/sysconfig/network-scripts/ifcfg-br0

:

DEVICE=br0
TYPE=Bridge
IPADDR=192.168.1.100
NETMASK=255.255.255.0
ONBOOT=yes
BOOTPROTO=none

Adjust the configuration of the

eth0

network adapter as follows, as

/etc/sysconfig/network-scripts/ifcfg-eth0

:

DEVICE=eth0
TYPE=Ethernet
HWADDR=AA:BB:CC:DD:EE:FF
BOOTPROTO=none
ONBOOT=yes
BRIDGE=br0

For each additional network adapter to be added to the bridge, adjust the configuration file accordingly. When reloading NetworkManager, the bridge will be created and the interface linked to it.

This can be scripted through the

nmcli

tool as well.

$ nmcli connection add ifname br0 type bridge con-name br0
$ nmcli connection add type bridge-slave ifname eth0 master br0

The

nmcli

tool persists the changes to disk when they are made and can be used to handle things like STP without switching to the deprecated command or venturing into

/proc

.

$ nmcli connection modify br0 bridge.stp no

Image courtesy Johnny Lam originally posted to Unsplash as Connect. Special thanks to Patrick Uiterwijk and James Hogarth for helping edit and review this article.

Fedora Project community

7 Comments

  1. James

    There’s a couple of things a little off here…

    Using brctl, whilst it does still work, is deprecated with ip and bridge (both from iproute2) replacing it.

    Disabling NetworkManager for a simple bridge doesn’t seem an optimal configuration given NM can handle bridges and nmcli is a very nice tool to do so…

    • Oscar

      Agree. This article is far from being actual

      • Hey all, thanks for pointing these things out. Some other members of the Magazine team have addressed these topics and the article should be a little more realistic now.

  2. Onuralp SEZER

    We can also use GUI for that purpose. But If you use Gnome in Fedora 22/23/24 well there is small problem. Default Network Manager interface didn’t have “share” options Nbut If you use “Network connection” which is in “/usr/share/applications/” you can share and create bridge in it. Just one click all we needed. If you use KDE just open Network manager you gonna see share options in it. For article I think It would be good to be add that options too for who like to use GUI too. Same for XFCE and LXDE too…

    Thank you.

  3. sf

    If this network bridging introduction is based on a live setup to, will be even better.

    Fedora Workstation as host with

    – a LAN port – eth0
    – a Wifi port – eth1

    Two VM guest running with BOX

    – a Linux Guest with single NIC, to be bridge to outside world and the Windows VM
    – a Windows Guest with single NIC, to be bridged to outside world, and Linux VM

    Objective:
    – Only one of the eth0, eth1 will be connected for access to Internet
    – IP address assignment will be via DHCP
    – No matter eth0 or eth1 is connected, both the Linux VM and the Windows VM can access Internet. Can they communicated with the Fedora Host as well?

    More advanced setup
    If neither eth0, eth1 are connected, can Linux VM / Windows VM / Fedora Host still communicated to each other?

    I need this setup, to introduce to Windows users who wants to try Fedora
    – the Windows VM allow them to be productive
    – I setup the Fedora Host for them, show them how to connect LAN/Wifi, so that the Windows VM will work
    – a Linux VM, to play with Linux

    I know I am asking for too much.

  4. Mike Schmidt

    There is also the systemd-network interface which is to me a good choice if we don’t want to use network manager (on a server, for example, where we don’t need support for plug-and-play network interfaces). See the man pages for systemd-network(8) and systemd.network(5).

Comments are Closed

The opinions expressed on this website are those of each author, not of the author's employer or of Red Hat. Fedora Magazine aspires to publish all content under a Creative Commons license but may not be able to do so in all cases. You are responsible for ensuring that you have the necessary permission to reuse any work on this site. The Fedora logo is a trademark of Red Hat, Inc. Terms and Conditions