Persistently bridge traffic between two or more Ethernet interfaces (Debian)
Content |
Specific to |
| Debian-based distributions |
Tested on |
| Debian (Lenny, Squeeze) |
| Ubuntu (Lucid) |
Objective
To persistently bridge traffic between two or more Ethernet interfaces on a Debian-based system
Background and Scenario
See Bridge traffic between two or more Ethernet interfaces on Linux.
Method
Overview
The method described here has three steps:
- Install the bridge utilities package.
- Add the bridge configuration to
/etc/network/interfaces. - Bring the bridge up.
Be warned that once an interface has been attached to a bridge it cannot be used for other purposes, and in particular, cannot be used as an endpoint for Internet Protocol traffic. A common mistake when administering a machine remotely via SSH is to incapacitate the network interface that the SSH connection is using. Before acting on these instructions you should ensure that you will still be able to control the machine after the bridge has been created.
Install the bridge utilities package
Bridging is performed by a kernel module, but a userspace package is needed to configure it. On Debian-based systems this can be found in the bridge-utils package:
apt-get install bridge-utils
Add the bridge configuration to /etc/network/interfaces
The bridge configuration should now be added to the file /etc/network/interfaces. The format is an extension of that used for configuring ordinary network interfaces:
auto br0 iface br0 inet manual bridge_ports eth0 eth1 bridge_stp on
The auto stanza causes the bridge to be brought up automatically at boot time. Without this the bridge must be brought up manually using ifup.
The iface stanza specifies what should be bridged and how. The manual configuration method is used in this example because the bridge is not intended to have an IP address. See below if it should be bound to an address.
The bridge_ports option gives a list of interfaces to be attached to the bridge when it is brought up. More can be added later if required. For example, when hosting virtual machines you might want to connect a physical network card to the bridge at boot time, but then attach individual virtual machines as and when they are started. If you want to create a bridge with no attached interfaces then use a bridge_ports value of none:
auto br0 iface br0 inet manual bridge_ports none bridge_stp on
The bridge_stp option specifies whether or not the Spanning Tree Protocol should be enabled. This is essential if there is any possibility of the bridge creating a loop in the network. It is safe in other cases, but it will increase the delay between a new link being added and it being able to pass traffic. For this reason you may want to leave STP disabled in simple cases (such as when bridging a set of virtual machines to a single physical interface).
Unlike VLANs, bridges are not required to follow any special naming convention. It is the presence of a bridge_ports line that causes the device to be treated as a bridge (hence the need to specify a value of none if no interfaces are to be attached).
If an Ethernet interface is connected to a bridge then it should not be configured separately in /etc/network/interfaces. Any required configuration is performed automatically when the bridge is brought up.
Bring the bridge up.
Like an ordinary network interface, the bridge will not become operational until it is brought into the ‘up’ state. The auto stanza will cause this to happen when the machine is next rebooted, but to bring it up immediately you will need to use the ifup command:
ifup br0
Unlike brctl, ifup waits for the bridge to become ready for use before returning (which typically takes about 30 seconds if STP is enabled or half that if not).
Variations
Binding an IP address to the bridge
As noted above, an Ethernet interface cannot usefully have an IP address if it is also attached to a bridge. However it is possible to achieve
the same effect by binding an address to the bridge itself. This can be done using any of the usual configuration methods, including
static:
auto br0 iface br0 inet static bridge_ports eth0 eth1 bridge_stp on address 192.168.0.2 netmask 255.255.255.0 gateway 192.168.0.1
or dhcp:
auto br0 iface br0 inet dhcp bridge_ports eth0 eth1 bridge_stp on
Troubleshooting
| See: | Troubleshooting Ethernet bridging on Linux |
See also
- Bridge traffic between two or more Ethernet interfaces on Linux
- Persistently bridge traffic between two or more Ethernet interfaces (Red Hat)
- Persistently bridge traffic between two or more Ethernet interfaces (SUSE)
Further reading
- Bridging Network Connections, Debian Wiki
- bridge-utils-interfaces(5) (Ubuntu manpage)
- bridge, The Linux Foundation (bridge module official website)
- Uwe Böhme, Linux BRIDGE-STP-HOWTO, v0.04, January 2001