Skip to main content

Linux Bridge: Configuring Network Bridge with Linux

Published on:
.
12 min read
.
For German Version
.
Listen to this Article

Bridging network interfaces in Linux is a prevalent technique for combining two or more network interfaces into a single virtual interface. Bridging is advantageous for several purposes, including enhancing network performance, ensuring redundancy, and facilitating load balancing.

Linux network bridge enables you to share the internet connection of your system with other systems. Consider a situation in which system A (without an internet connection) wishes to connect to the internet connection of system B. Simply connect both systems using an Ethernet wire to form a bridge between them. To do this, though, you need two interfaces on system B. One interface will be linked to the internet and the other to system A.

A network bridge is a device that operates at the Link Layer and passes traffic across networks based on MAC addresses. As a result, a network bridge is also known as a device that operates at the Layer 2 level. It constructs tables of MAC addresses, using the information it gathers about what hosts are connected to each network, and bases its judgments about which packets to forward on those tables. A Linux host computer may make use of a hardware bridge in order to simulate the functionality of a software bridge.

Using a Linux-based standard network bridge might be an alternative to working with a NAT-based network.

The ANSI/IEEE 802.1d standard is only partially implemented by the code used for the Linux bridge. Lennert Buytenhek rewrote the Linux bridging code after it had been implemented in Linux 2.2. The bridging functionality's source code has been included in both the 2.4 and 2.6 kernel releases.

In this tutorial, we will give you the steps to configure a network bridge on various Linux distributions, such as Debian, Ubuntu, RHEL, and Centos. We will also explain how to use different tools, like brctl, iproute2, nmcli and netplan for network bridging.

How to Configure a Network Bridge on Debian or Ubuntu with brctl

You can easily configure the network bridge on your Debian or Ubuntu Linux server by following the steps below:

  1. Installing the Network Bridge Utilities on Debian / Ubuntu
  2. Creating a Bridge Interface
  3. Adding Devices to a Bridge
  4. Viewing interfaces in a Bridge
  5. Configuring permanent Bridging
Get Started with Zenarmor Today For Free

1. Installing the Network Bridge Utilities on Debian / Ubuntu

bridge-utils is the Linux software package you need to install to implement Linux bridging. The application that you will need is known as brctl, and it can be found in the bridge-utils package. You may install it by using this command, or you can look for it in Synaptic.

apt install bridge-utils

The bridge interface may be configured and used with the help of this program. The bridge interface will show up in ip link as a new interface, quite similar to eth0 or eth1 in appearance. It is a virtual interface that simply accepts the packets from one physical interface and transparently passes them to the other. It does not physically exist on your computer since it is a virtual interface and not a physical one.

warning

Before you begin, check that both of the network cards have been correctly installed and configured. Do not configure the IP address, and under no circumstances should the starting scripts be allowed to execute DHCP on any of the Ethernet ports. After the configuration of the bridge has been completed, the IP address should be established.

The ifconfig command should display both network cards, and both of them should be set to the DOWN state.

2. Creating a Bridge Interface

Execute the following command to initiate the process of creating the new bridge interface.

brctl addbr br0

The name br0 is at your discretion and may be anything.

The corresponding remove command to delete a bridge interface is:

brctl delbr br0

Now you must include the interfaces that will be bridged. You may verify the enumeration of your ethernet devices using (eth0, eth1, etc. is typical):

ip addr show

3. Adding Devices to a Bridge

To add interfaces to the newly added bridge device run the next command:

brctl addif br0 ens18 ens19

This will add the two interfaces ens18 and ens19 to bridge br0.

To remove an interface from a bridge device, you may run the following command:

brctl delif br0 ens18

4. Viewing interfaces in a Bridge

To view the summary of the overall bridge status run the next command shown below:

brctl show

The output should be similar to the below:

bridge name bridge id STP enabled interfaces

br549 8000.00004c9f0cc2 no ens18

ens19

To view the MAC addresses of traffic being forwarded and the bridge itself, you run the following command:

brctl showmacs br0

The output should be similar to the below:

port no mac addr is local? ageing timer
1 00:00:5c:9f:0b:ae no 16.82

1 00:00:5c:9f:0b:d2 yes 0.00

2 00:00:5c:9f:0b:d3 yes 0.00

1 00:00:55:1a:35:09 no 51.80

1 00:00:55:1a:82:87 no 21.33

5. Configuring permanent Bridging

To make your bridge more permanent, you must modify the /etc/network/interfaces file. If the bridge br0 is to be assigned an IP address by DHCP, the interface configuration file should be like this:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

  

# The loopback network interface

auto lo

iface lo inet loopback

  

# Set up interfaces manually, avoiding conflicts with, e.g., network manager

iface ens18 inet manual

  

iface ens19 inet manual

  

# Bridge setup

iface br0 inet dhcp

bridge_ports ens18 ens19

To bring up your bridge, run the next command.

ifup br0

This will bring up the other required interfaces without any mention of the bridged interfaces in your interfaces file.

You can also just add the static IP options under the br0 interface setup as given below:

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).


# The loopback network interface

auto lo br0

iface lo inet loopback

  

# Set up interfaces manually, avoiding conflicts with, e.g., network manager

iface ens18 inet manual

  

iface ens19 inet manual

  

# Bridge setup

iface br0 inet static

bridge_ports ens18 ens19

address 192.168.0.2

broadcast 192.168.0.255

netmask 255.255.255.0

gateway 192.168.0.1

Then restart the network service by running the following command:

systemctl restart networking

How to Configure a Network Bridge on RHEL, CentOS and AlmaLinux with brctl

You can easily configure the network bridge on your RHEL, CentOS or AlmaLinux server by following the steps below.

  1. Installing the Network Bridge Utilities on RHEL / CentOS / AlmaLinux
  2. Creating a Bridge interface
  3. Adding Interfaces to the Bridge
  4. Restarting Network Service

1. Installing the Network Bridge Utilities on RHEL / CentOS / AlmaLinux

The application that you will need is known as brctl, and it can be found in the bridge-utils package. You may install it by using the following command:

yum install bridge-utils

2. Creating a Bridge interface

To construct a network bridge, create a file named ifcfg-brN in the /etc/sysconfig/network-scripts/ directory, substituting N with the interface number, such as 0.

The file's contents are comparable to the interface type being bridged to, such as an Ethernet interface. The distinctions in this instance are as follows:

  • DEVICE: the DEVICE directive receives an interface name in the format brN, where N is substituted with the interface number.

  • TYPE: The Bridge argument is supplied to the TYPE directive. This directive identifies the kind of device, and its argument is case-sensitive.

  • The configuration file for the bridge interface now contains the IP address, whereas the physical interface has simply the MAC address.

  • DELAY=0 is provided as an additional directive to avoid the bridge from waiting as it analyzes traffic, learns where hosts are located, and generates a table of MAC addresses on which to base its filtering judgments. The default delay of 15 seconds is unnecessary if routing loops cannot occur.

  • The Ethernet interface should have NM_CONTROLLED=no added to prevent NetworkManager from modifying the file. Additionally, it may be added to the bridge configuration file if future NetworkManager versions enable bridge configuration.

The following is an example configuration file for a bridge interface with a static IP address:

DEVICE=br0

TYPE=Bridge

IPADDR=192.168.0.2

NETMASK=255.255.255.0

ONBOOT=yes

BOOTPROTO=none

NM_CONTROLLED=no

DELAY=0

3. Adding Interfaces to the Bridge

The following is an example configuration file for an Ethernet interface that points to a bridge interface. Configure your physical interface in /etc/sysconfig/network-scripts/ifcfg-ethX, where X is a distinct interface's unique identifier, as follows:

DEVICE=ethX

TYPE=Ethernet

HWADDR=AA:AA:AA:DD:DD:DD

BOOTPROTO=none

ONBOOT=yes

NM_CONTROLLED=no

BRIDGE=br0

4. Restarting Network Service

Restart the networking service for the modifications to take effect.

service network restart

How to Configure the Network Bridge on Linux with ip tool

In this section, we will explain how to manage a network bridge with the ip tool from the iproute2 package, which is needed by the basic meta-package.

Iproute2 is a collection of Linux applications for managing TCP/IP networking and network traffic. Currently, Stephen Hemminger is responsible for its maintenance. Alexey Kuznetsov, the original creator, is well-known for implementing QoS in the Linux kernel.

Most network setup guides still include ifconfig and route as the key network configuration tools, despite the fact that ifconfig is notoriously ineffective in current network situations. The majority of distributions continue to include them.

iproute2 is often distributed as part of a package named iproute or iproute2 and consists of many tools, the most essential of which being ip and tc. ip manages IPv4 and IPv6 settings, whereas tc regulates traffic. Both programs generate comprehensive use warnings and are supplemented by a collection of man pages.

You may configure the Linux Bridge with ip tool by following the next steps:

  1. Installing the ip tool
  2. Creating a Bridge interface with ip tool
  3. Adding Devices to a Bridge with ip tool
  4. Viewing interfaces in a Bridge with ip tool

1. Installing the ip tool

To install ip tool on RHEL/Centos/AlmaLinux, you may run the following command:

yum install iproute

To install ip tool on Debian/Ubuntu run the following command:

apt install iproute

2. Creating a Bridge interface with ip tool

To create a new bridge and change its state to up, you may run the next command:

ip link add name br0 type bridge

ip link set br0 up

This will create a new bridge device with a name br0.

To delete a bridge you may run the following command:

ip link delete br0 type bridge

3. Adding Devices to a Bridge with ip tool

To add the interface into the bridge by setting its master to br0, you may run the next command:

ip link set ens18 master br0

ip link set ens19 master br0

This will add the two interfaces ens18 and ens19 to bridge br0.

To remove an interface from a bridge device, you may run the following command:

ip link set ens18 nomaster

4. Viewing interfaces in a Bridge with ip tool

To view the summary of the overall bridge status run the next command shown below:

bridge link

How to Configure the Network Bridge on Linux with nmcli tool

In this section we will explain how to manage a network bridge with the nmcli tool. You may configure the Linux Bridge with nmcli tool by following the next steps:

  1. Creating a Bridge interface with nmcli tool
  2. Adding Devices to a Bridge with nmcli tool
  3. Setting Static IP address for network bridge interface
  4. Viewing interfaces in a Bridge with nmcli tool

1. Creating a Bridge interface with nmcli tool

To create a new bridge and change its state to up, you may run the next command:

nmcli connection add type bridge con-name bridge0 ifname br0

This will create a new bridge device with a name br0.

2. Adding Devices to a Bridge with nmcli tool

To add the interface into the bridge by setting its slave to br0, you may run the next command:

nmcli con add type ethernet slave-type bridge con-name bridge0-port0

ifname ens18 master br0

nmcli con add type ethernet slave-type bridge con-name bridge0-port1

ifname ens19 master br0

This will add the two interfaces ens18 and ens19 to bridge br0.
You may turn on br0 interface to get an IP via DHCP by running the following command:

sudo nmcli con up br0

3. Setting Static IP address for network bridge interface

You may configure static IP address for network bridge interface by running the following commands.

nmcli connection modify br0 ipv4.addresses 192.168.0.2/24

nmcli connection modify br0 ipv4.gateway 192.168.0.1

nmcli connection modify br0 ipv4.dns 192.168.0.254

nmcli connection modify br0 ipv4.dns-search my.company

nmcli connection modify br0 ipv4.method manual

You may activate br0 interface by running the following command:

nmcli con up br0

4. Viewing interfaces in a Bridge with nmcli tool

To view the summary of the overall bridge status run the next command shown below:

nmcli device show

Use the ip utility to display the link status of Ethernet devices that are ports of a specific bridge:

ip link show master bridge0

3: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bridge0 state UP mode DEFAULT group default qlen 1000

link/ether 52:54:00:62:61:0e brd ff:ff:ff:ff:ff:ff

4: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bridge0 state UP mode DEFAULT group default qlen 1000

link/ether 52:54:00:9e:f1:ce brd ff:ff:ff:ff:ff:ff

Use the bridge utility to display the status of Ethernet devices that are ports of any bridge device:

bridge link show
3: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master bridge0 state forwarding priority 32 cost 100

4: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master bridge0 state listening priority 32 cost 100
...

What is a Network Bridge in Linux?

A network bridge in Linux is a software component that connects multiple network segments, enabling them to function as a single physical network. It functions at the data link layer (Layer 2) of the OSI model, directing traffic according to MAC addresses. A network bridge is commonly utilized for integrating virtual machines or containers with the host's physical network, connecting two or more physical Ethernet interfaces, or establishing a transparent network segment. The primary attributes of a Linux Network Bridge are as follows.

  • Transparent: Devices across various segments perceive one another as part of the same network.
  • Layer 2 Operation: Forwards packets utilizing MAC addresses rather than IP addresses.
  • Facilitates Multiple Interfaces: Capable of integrating several network interfaces into a singular logical interface.

What is the Difference Between Linux Bridge and Switch?

A Linux bridge and a switch exhibit similar functions; nevertheless, significant distinctions exist in their implementation, use, and characteristics.

A Linux bridge is a software-defined Layer 2 device integrated into the Linux kernel, used to interconnect network segments by relaying frames based on MAC addresses. It is primarily utilized in virtualization, containerization, and small-scale network configurations. In contrast, a switch is a hardware-based Layer 2 networking device designed for connecting various devices within a Local Area Network (LAN) while directing frames using MAC addresses. Switches are specifically engineered for high-performance networking environments.

While a Linux bridge operates entirely in software within the Linux kernel and utilizes general-purpose CPU resources, a switch is a dedicated hardware device equipped with specialized Application-Specific Integrated Circuits (ASICs) that enhance performance, reduce latency, and increase throughput.

The scalability of a Linux bridge is limited, making it suitable for small to medium configurations. In contrast, switches are highly scalable and are well-suited for large networks and data centers.

The applications of a Linux bridge and a switch differ significantly. A Linux bridge is often used in virtualization platforms (such as KVM, Docker, and LXC) as well as in development and testing environments. On the other hand, switches are commonly employed in enterprise LAN networks, data center networks, and large-scale manufacturing settings.

One of the advantages of a Linux bridge is that it is free, open-source, and highly flexible. It can be easily configured and managed using Linux commands. However, deploying a switch requires a hardware investment. While switches offer limited flexibility compared to software solutions, they provide superior performance and reliability.

FeatureLinux BridgeSwitch (Hardware)
ImplementationSoftware-based (Linux kernel)Dedicated hardware (ASIC-based)
PerformanceModerate (CPU-dependent)High (hardware accelerated)
ScalabilityLimited (small-medium setups)High (large-scale enterprise use)
FeaturesBasic Layer 2 featuresAdvanced Layer 2 & Layer 3 features
Use CasesVirtualization, small setupsLarge networks, data centers
CostFree/Open-sourceHardware cost

Table 1. Linux Bridge vs Switch

Is there a Linux Bridge Default?

Linux does not come with a preconfigured network bridge by default. A Linux bridge must be deliberately established and configured by the system administrator or using network management tools.

Nonetheless, certain virtualization or containerization solutions (such as Docker, libvirt/KVM, or LXC) often generate their own bridges automatically during installation or activation. For instance, Docker establishes a default bridge designated as docker0, and libvirt/KVM often establishes a default bridge designated as virbr0.

How to Configure a Bridged Network for Virtual Machines?

Configuring a bridged network for virtual machines allows your VM to appear as a separate physical device on your network, sharing the host's network adapter. This configuration lets your VM obtain its own IP address from your router or DHCP server, making it accessible to and from other devices on your network.

Here's a step-by-step guide to configure a bridged network for virtual machines.

  1. Install Virtual Machine Software: Make sure your virtualization software is installed. Popular choices are VirtualBox, and KVM (Linux).

  2. Configure Bridged Network in Virtualization Software: Follow the next instructions for your specific virtualization software. You may follow the next steps to configure the bridged network on VirtualBox.

    1. Open VirtualBox.
    2. Select your VM and click Settings.
    3. Click on Network.
    4. Under Adapter 1, set "Attached to" as Bridged Adapter.
    5. Select the appropriate physical network adapter from the Name dropdown menu.
    6. Click OK to save.

    You may follow the next steps to configure the bridged network on KVM (Linux).

    1. Install necessary packages (Debian/Ubuntu):
    sudo apt install bridge-utils
    1. Edit your network configuration file (example: /etc/network/interfaces or use Netplan on Ubuntu). Example using /etc/network/interfaces.
    auto br0
    iface br0 inet dhcp
      bridge_ports eth0
    1. Restart networking or reboot the host.
    sudo systemctl restart networking
    1. When creating a VM, specify the bridge interface (br0) as the network source.

  3. Start Your Virtual Machine: Boot your VM. The VM should automatically receive an IP address from your router/DHCP server. Verify connectivity by checking the IP address inside your VM.

  4. Verify Network Connectivity: Confirm your VM has network access and is reachable from your local network.

How to Set Up a WiFi Network Bridge in Linux

You may easily set up a WiFi network bridge on your Linux machine by following these steps.

  1. Install the required package by running the following commands.

    sudo apt-get update
    sudo apt-get install bridge-utils

  2. To identify network interfaces,run the next command.

    ip addr show

    This will show your network interfaces. Note down the names of your WiFi interface (usually wlan0) and your other interface (ethernet eth0 or another WiFi interface).

  3. Create a bridge interface by running the next commands.

    sudo ip link add name br0 type bridge
    sudo ip link set br0 up

  4. To add interfaces to a bridge, run the next commands.

    sudo ip link set eth0 up
    sudo ip link set wlan0 up
    sudo ip link set eth0 master br0
    sudo ip link set wlan0 master br0

  5. Configure the IP address by running the following commands.

    ip addr add 192.168.1.2/24 dev br0

    Replace the IP address with one that matches your network configuration.

  6. To make changes permanent add the following lines to /etc/network/interfaces by replacing interface names (eth0, wlan0) with your actual interface names.

    auto br0
    iface br0 inet static
        bridge_ports eth0 wlan0
        address 192.168.1.2
        netmask 255.255.255.0
        gateway 192.168.1.1

How to Troubleshoot Network Bridge Issues in Linux?

Diagnosing network bridge problems in Linux entails many procedures. A systematic methodology to identify and address prevalent issues is given below. Systematically adhering to these methods should assist you in identifying and rectifying the majority of Linux network bridge problems.

  1. Confirm Bridge Configuration: Examine your bridge and interface setup by running the next command.

    brctl show

    This command displays the current bridges and their corresponding interfaces.

  2. Verify Interface Status: Ensure that your bridge and interfaces are operational by running the next command.

    ip link show

    To restore any downed interfaces or bridges, use the following command:

    sudo ip link set dev <interface-name> up
    sudo ip link set dev <bridge-name> up

  3. Verify IP Address Allocation: Verify that the bridge is allocated the appropriate IP address by running the next command.

    ip addr show <bridge-name>

    If no IP is allocated, assign one manually.

    sudo ip addr add 192.168.1.10/24 dev <bridge-name>

  4. Confirm Routing Table: Examine your routing table to verify accurate routing by running the next command.

    ip route show

    If required, include a default gateway or static routes.

    sudo ip route add default via 192.168.1.1 dev <bridge-name>

  5. Verify Firewall Configurations: Firewall regulations may obstruct traffic. Temporarily suspend firewall regulations for testing purposes.

    sudo iptables -L -n -v
    sudo ufw status verbose

    Temporarily deactivate the firewall for testing reasons (use caution):

    sudo ufw disable
    sudo systemctl stop firewalld

  6. Activate Forwarding: Verify that IP forwarding is on while bridging disparate networks.

    cat /proc/sys/net/ipv4/ip_forward

    If it returns 0, activate it temporarily by running the next command.

    sudo sysctl -w net.ipv4.ip_forward=1

    To activate permanently, modify /etc/sysctl.conf by adding or uncommenting the following line.

    net.ipv4.ip_forward = 1

    Subsequently implement modifications by running the next command.

    sudo sysctl -p

  7. Review Logs and dmesg: Examine logs for mistakes or discrepancies by running the next command.

    dmesg | grep -i bridge
    journalctl -xe | grep -i bridge

  8. Test Connectivity: Utilize ping to test connectivity by running the next command.

    ping -c 4 8.8.8.8
    ping -c 4 google.com

    In the event of DNS resolution failure, verify the DNS configurations in /etc/resolv.conf.

  9. Reinitiate Network Services: Restart network services to implement modifications (varies by distribution).

    sudo systemctl restart networking

  10. Verify SELinux or AppArmor (if relevant): SELinux or AppArmor may restrict network activity. Temporarily configure SELinux to permissive mode:

    sudo setenforce 0

    Verify the state of SELinux:

    getenforce

What Does a Network Bridge Do?

A network bridge connects two or more separate network segments, allowing them to communicate as if they were a single, unified network. It operates at the Data Link Layer (Layer 2) of the OSI model. The main functions of a Network Bridge are listed below.

  • Connects Network Segments: Bridges multiple segments or LANs, enabling devices across these segments to communicate seamlessly.
  • Frame Forwarding (MAC-based): Forwards network frames based on MAC addresses
  • Network Segmentation and Collision Domain Reduction: Divides networks into smaller segments, reducing collisions and improving overall network performance.
  • Loop Prevention: Implements protocols such as Spanning Tree Protocol (STP) to avoid loops and broadcast storms in the network.

How Does a Network Bridge Work?

When a bridge receives a frame, it performs the following tasks.

  1. It checks the source MAC address and updates its internal MAC address table.
  2. It then checks the destination MAC address.
  3. If the destination MAC is on a different segment, the bridge forwards the frame to that segment.
  4. If the destination MAC is on the same segment, the bridge discards the frame (to avoid unnecessary traffic).
  5. If the destination MAC is unknown, the bridge forwards the frame to all segments except the one it came from (flooding).

What is the Difference Between Linux Bridge Connection and Network Passthrough?

In Linux networking, Bridge Connection and Network Passthrough are two distinct methods for managing network interfaces and connections, each serving different functions. Below is a summary of the differences between a Linux bridge and a network passthrough.

A Linux Bridge acts as a virtual network switch that connects multiple network interfaces, allowing them to communicate as if they were directly linked within the same physical network segment. It operates at Layer 2 (Data Link Layer) and directs traffic based on MAC addresses. In contrast, network passthrough, also known as PCI passthrough or Direct Device Assignment, allows a physical network device to be directly assigned to a virtual machine. This method bypasses the host's network stack entirely, giving the virtual machine complete control over the network hardware. As a result, the host operating system no longer manages or recognizes the network interface once it has been passed through. Network passthrough provides enhanced performance and lower latency.

While a Linux bridge is commonly used for virtualization (e.g., KVM/QEMU), container networking (Docker), and basic network sharing, network passthrough is preferred in high-performance networking scenarios, such as rapid packet processing, gaming virtual machines, high-frequency trading, and situations requiring exclusive access to network hardware for a virtual machine.

You should choose a Linux Bridge if you need flexible, shared networking for multiple virtual machines or containers and prefer a simpler setup and management process. On the other hand, network passthrough is the best option if you require optimal network performance and low latency or if you have dedicated hardware intended solely for use by a virtual machine.

Feature / AspectLinux Bridge ConnectionNetwork Passthrough
Network LayerLayer 2 (Data Link)Direct hardware access
PerformanceGood, moderate overheadExcellent, minimum overhead
Hardware AccessSharedExclusive, dedicated
ComplexityEasy to configureMore difficult setup
FlexibilityHighLow (dedicated hardware)
Use Case ExamplesVM/container networkingHigh-performance networking, dedicated firewall/router

Table 2. Linux Bridge Connection vs Network Passthrough

Listen to this Article

Last updated on by Zenarmor