Network switches are common these days. You can even find quite a few designed for home use. But you can also build a virtual switch using a network bridge in Fedora.

This is most commonly used to connect virtual guests to a network without being behind Network Address Translation (NAT) but can also be used to daisy chain systems together.

A bridge is a network connection that combines multiple network adapters. This way devices attached via the different adapters can talk to each other as if directly connected with a normal network switch. This software switch is the basis for more complicated technologies such as Open VSwitch.

Since the switch is purely software, it’s important to avoid accidentally creating a loop (physically or virtually) if Spanning Tree Protocol (STP) is disabled. Otherwise, the system is likely to bottleneck at 100% CPU use and be very slow to respond, if not grind to a halt.

Moving on from bridge-utils deprecation

Previously

brctl

from the

bridge-utils

package was used to create and manipulate the bridge virtual interfaces. However this was deprecated a while back and has been superseded by the

iproute2

suite of tools for most aspects.

To create a new bridge, use this command:

$ ip link add br0 type bridge

At this point,

ip link

will show the network interface that exists, but in a down state, as there’s no interfaces connected to it:

3: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 12:bb:3a:9c:02:33 brd ff:ff:ff:ff:ff:ff

You can then add physical network interfaces to the bridge. Be sure not to accidentally cut off a remote connection when doing so! These commands add the

eth0

and

eth1

interfaces to the bridge just created.

$ ip link set eth0 master br0 $ ip link set eth1 master br0

Now, you can create an IP address on the bridge host, so it can be addressed on the network:

$ ip address add 192.168.1.100/24 dev br0

If you’d like to see the configuration of the bridge, use this command:

$ ip -d link sh br0 3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000 link/ether 52:54:00:4b:c5:95 brd ff:ff:ff:ff:ff:ff promiscuity 0 bridge forward_delay 1500 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32768 vlan_filtering 0 vlan_protocol 802.1Q addrgenmode eui64

To change the configuration of the bridge using

ip bridge link set

or

ip link set

can be used for most aspects. Some spanning tree configuration either needs to be changed via

brctl

or via the

proc

interface.

$ brctl show br0 bridge name bridge id STP enabled interfaces br0 8000.5254004bc595 no ens3 echo 1 > /sys/class/net/br0/bridge/stp_state $ brctl show br0 bridge name bridge id STP enabled interfaces br0 8000.5254004bc595 yes ens3

While these commands will properly set up a bridge, the network setup won’t be persistent. In other words, when you reboot the system, you’d have to set up the bridge again.

Persistent bridge configuration

Let’s assume one of the network adapters to be connected to the bridge is

eth0

. You may want to start by making a backup of the configuration file.

$ sudo cp /etc/sysconfig/network-scripts/ifcfg-eth0 /root/

Now, create a configuration file for the bridge

br0

with the following contents, as

/etc/sysconfig/network-scripts/ifcfg-br0

:

DEVICE=br0 TYPE=Bridge IPADDR=192.168.1.100 NETMASK=255.255.255.0 ONBOOT=yes BOOTPROTO=none

Adjust the configuration of the

eth0

network adapter as follows, as

/etc/sysconfig/network-scripts/ifcfg-eth0

:

DEVICE=eth0 TYPE=Ethernet HWADDR=AA:BB:CC:DD:EE:FF BOOTPROTO=none ONBOOT=yes BRIDGE=br0

For each additional network adapter to be added to the bridge, adjust the configuration file accordingly. When reloading NetworkManager, the bridge will be created and the interface linked to it.

This can be scripted through the

nmcli

tool as well.

$ nmcli connection add ifname br0 type bridge con-name br0 $ nmcli connection add type bridge-slave ifname eth0 master br0

The

nmcli

tool persists the changes to disk when they are made and can be used to handle things like STP without switching to the deprecated command or venturing into

/proc

.

$ nmcli connection modify br0 bridge.stp no

Image courtesy Johnny Lam – originally posted to Unsplash as Connect. Special thanks to Patrick Uiterwijk and James Hogarth for helping edit and review this article.

