Bridge: Difference between revisions
Prabuanand (talk | contribs) (added {{Template:Accuracy}} to check {{ic|brctl}} package) |
|||
| (14 intermediate revisions by 5 users not shown) | |||
| Line 1: | Line 1: | ||
This document describes how to configure a [https://en.wikipedia.org/wiki/Network_bridge network bridge] interface in Alpine Linux. | |||
This document describes how to configure a [ | |||
== Installation == | |||
Install the bridge tools that configure bridge:{{Cmd|# apk add bridge}} | |||
{{Cmd| | |||
== Configuration == | |||
Bridging is then configured in {{Path|/etc/network/interfaces}} with the ''bridge-ports'' keyword. | |||
Bridging is then configured in | |||
In this example the address 192.168.0.1/24 is used. | In this example the address 192.168.0.1/24 is used.{{Cat|/etc/network/interfaces|auto br0 | ||
auto br0 | |||
iface br0 inet static | iface br0 inet static | ||
bridge-ports eth0 eth1 | bridge-ports eth0 eth1 | ||
| Line 55: | Line 15: | ||
address 192.168.0.1 | address 192.168.0.1 | ||
netmask 255.255.255.0 | netmask 255.255.255.0 | ||
}} | |||
You can set the various options with | You can set the various options with these keywords: | ||
; bridge-ports | ; bridge-ports | ||
: Set bridge ports (ethX) or none for no physical interfaces | : Set bridge ports (ethX) or none for no physical interfaces | ||
| Line 77: | Line 37: | ||
: STP on/off | : STP on/off | ||
== Using pre-up/post-down == | === Using pre-up/post-down === | ||
If you want be able to control the bridge interfaces individually, you need to use pre-up/post-down hooks. An example {{Path|/etc/network/interfaces}} file follows:{{Cat|/etc/network/interfaces|auto br0 | |||
auto br0 | |||
iface br0 inet static | iface br0 inet static | ||
pre-up brctl addbr br0 | pre-up brctl addbr br0 | ||
| Line 107: | Line 63: | ||
down brctl delif br0 $IFACE || true | down brctl delif br0 $IFACE || true | ||
down ip link set $IFACE down | down ip link set $IFACE down | ||
}} | |||
Now, create {{ic|br0}} with the command:{{Cmd|# ifup br0}} | |||
One can add/remove individual interfaces to the bridge with {{ic|ifup eth0}} and {{ic|ifdown eth0}} commands. | |||
individual interfaces to the bridge with ifup eth0 | |||
== Bridging for a Xen dom0 == | == Bridging for a Xen dom0 == | ||
Bridging in a dom0 is a bit specific as it consists in bridging a real interface (i.e. ethX) with a virtual interface (i.e. vifX.Y). | Bridging in a dom0 is a bit specific as it consists in bridging a real interface (i.e. ethX) with a virtual interface (i.e. vifX.Y). | ||
At bridge creation time, the virtual interface does not exist and will be added by the Xen toolstack when a domU is booting (see Xen documentation on how to link the virtual interface to the correct bridge). | At bridge creation time, the virtual interface does not exist and will be added by the Xen toolstack when a domU is booting (see Xen documentation on how to link the virtual interface to the correct bridge). | ||
'''Particulars:''' | |||
* the bridge consists of a single physical interface | |||
* the physical interface does not have an IP and is configured manually | |||
* the bridge will have the IP address and will be auto, resulting in bringing up the physical interface | |||
This translates to a sample config {{Path|/etc/network/interfaces}} file as follows: {{Cat|/etc/network/interfaces|auto eth0 | |||
auto eth0 | |||
iface eth0 inet manual | iface eth0 inet manual | ||
| Line 136: | Line 89: | ||
bridge_ports eth0 | bridge_ports eth0 | ||
bridge_stp 0 | bridge_stp 0 | ||
</ | }} | ||
After the domU OS is started, the virtual interface wil be added and the working bridge can be checked with the commands:{{Cmd|<nowiki># brctl show | |||
# ifconfig -a</nowiki> | |||
}} | |||
== Bridging for KVM == | |||
An example {{Path|/etc/network/interfaces}} file for KVM is given below:{{Cat|/etc/network/interfaces|auto br0 | |||
iface br0 inet dhcp | |||
bridge_ports eth0 | |||
bridge_stp 0 | |||
}} | |||
== Bridging for | == Bridging for QEMU == | ||
Ensure that the {{Path|/etc/network/interfaces}} file is as follows:{{Cat|/etc/network/interfaces|auto lo | |||
iface lo inet loopback | |||
auto br0 | auto br0 | ||
iface br0 inet dhcp | iface br0 inet dhcp | ||
bridge_ports eth0 | bridge_ports eth0 | ||
bridge_stp 0 | bridge_stp 0 | ||
}} | |||
To enable DHCP and get QEMU to use the bridge we've created [[#Installation|Install]] the {{pkg|bridge}} package. | |||
{{ | |||
< | # Load kernel modules needed for KVM bridging: {{Cmd|# printf 'tun\ntap\n' >> /etc/modules}} | ||
# Allow Qemu to use our bridge.{{Cmd|# echo 'allow br0' > /etc/qemu/bridge.conf}} | |||
</ | # Write some sysctl knobs to allow bridging to work by creating a file {{Path|etc/sysctl.d/bridging.conf}} as follows:{{Cat|/etc/sysctl.d/bridging.conf|<nowiki># Enable bridge forwarding. | ||
net.ipv4.conf.br0_bc_forwarding=1 | |||
# Ignore iptables on bridge interfaces. | |||
net.bridge.bridge-nf-call-iptables=0 | |||
</nowiki>}} | |||
# Apply sysctl config edits.{{Cmd|# sysctl -p}} | |||
After a ''reboot'', you can use the bridge with a ''qcow2'' image named ''felix-pojtigners-theia.qcow2'' as follows:{{Cmd|<nowiki>$ qemu-system-x86_64 -m 4096 -accel kvm -net nic -net bridge,br=br0 -boot d -drive format=qcow2,file=felix-pojtingers-theia.qcow2</nowiki>}} | |||
</ | |||
< | If you don't get a DHCP response for the guest machine (assuming you have a DHCP server running on the physical network that ''eth0'' is connected to), you can debug with {{ic|tshark}} command from {{pkg|tshark}} package as follows:{{Cmd|<nowiki># tshark -i eth0 -Y "bootp.option.type == 53"</nowiki>}} | ||
</ | |||
== Setting MTU == | |||
It can be a bit tricky to set the MTU on the bridge and child interfaces. | |||
That applies to both the bridge-utils and bridge packages. | |||
The below is tested (10g ports only used as a bridge and not connected to host. you can work from there and make more complex/capable setups. don't forget to consider OVS instead) | |||
{{cat|/etc/network/interfaces|auto lo | |||
auto lo | |||
iface lo inet loopback | iface lo inet loopback | ||
# "management / oob port" | |||
auto eth0 | |||
iface eth0 inet dhcp | |||
ip_rp_filter 2 # only relevant when you set an ip on br0 | |||
iface eth1 inet manual | |||
iface eth2 inet manual | |||
iface eth3 inet manual | |||
iface eth4 inet manual | |||
iface eth5 inet manual | |||
iface eth6 inet manual | |||
iface eth7 inet manual | |||
iface eth8 inet manual | |||
auto br0 | auto br0 | ||
iface br0 inet | iface br0 inet manual | ||
bridge-ports eth1 eth2 eth3 eth4 eth5 eth6 eth7 eth8 | |||
bridge-stp on | |||
bridge-fd 2 | |||
bridge-bridgeprio 32768 | |||
pre-up ip link set dev eth1 mtu 9000 | |||
pre-up ip link set dev eth2 mtu 9000 | |||
pre-up ip link set dev eth3 mtu 9000 | |||
pre-up ip link set dev eth4 mtu 9000 | |||
pre-up ip link set dev eth5 mtu 9000 | |||
pre-up ip link set dev eth6 mtu 9000 | |||
pre-up ip link set dev eth7 mtu 9000 | |||
pre-up ip link set dev eth8 mtu 9000 | |||
post-up ip link set dev br0 mtu 9000 | |||
}} | |||
So we have a three stage process: | |||
# Bring up member interfaces | |||
# Set up bridge, first run all pre-up commands, setting the MTU of the members | |||
# Once bridge is up, set its own mtu | |||
== Using brctl == | |||
{{Template:Accuracy|Package {{pkg|bridge}} uses {{ic|brctl}} command. To verify if this needs {{pkg|bridge-utils}} instead of the version from [[Busybox]].|section=Using brctl}} | |||
Bridges can be managed manually with the {{ic|brctl}} command from the {{pkg|bridge-utils}} package. | |||
{{Note|According to [https://wiki.linuxfoundation.org/networking/bridge upstream], ''bridge-utils'' is deprecated. Please [[#Installation|Install bridge]] and [[#Configuration|configure it]] instead.}} | |||
<pre> | <pre> | ||
Usage: brctl COMMAND [BRIDGE [INTERFACE]] | |||
Manage ethernet bridges | |||
Commands: | |||
show Show a list of bridges | |||
addbr BRIDGE Create BRIDGE | |||
delbr BRIDGE Delete BRIDGE | |||
addif BRIDGE IFACE Add IFACE to BRIDGE | |||
delif BRIDGE IFACE Delete IFACE from BRIDGE | |||
setageing BRIDGE TIME Set ageing time | |||
setfd BRIDGE TIME Set bridge forward delay | |||
sethello BRIDGE TIME Set hello time | |||
setmaxage BRIDGE TIME Set max message age | |||
setpathcost BRIDGE COST Set path cost | |||
setportprio BRIDGE PRIO Set port priority | |||
setbridgeprio BRIDGE PRIO Set bridge priority | |||
stp BRIDGE [1|0] STP on/off | |||
</pre> | </pre> | ||
To manually create bridge interface br0: {{Cmd|# brctl addbr br0}} | |||
< | To add interface eth0 and eth1 to br0: {{Cmd|<nowiki># brctl addif br0 eth0 | ||
# brctl addif br0 eth1</nowiki>}} | |||
Note: You need to set the link status to ''up'' on the added interfaces: {{Cmd|<nowiki># ip link set dev eth0 up | |||
# ip link set dev eth1 up</nowiki>}} | |||
== Troubleshooting == | |||
=== Script to allow dhcp over iptables === | |||
If the [[#Using pre-up/post-down|pre-up/post-down]] doesn't work the following approach can be taken to allow dhcp over iptables. The below script is based on the [https://wiki.libvirt.org/page/Networking#Debian.2FUbuntu_Bridging this page]. | |||
# Create a startup script {{Path|/etc/local.d/iptables_dhcp_kvm.start}} as follows:{{Cat|/etc/local.d/iptables_dhcp_kvm.start| | |||
echo 0 > /proc/sys/net/bridge/bridge-nf-call-arptables | |||
echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables | |||
echo 0 > /proc/sys/net/bridge/bridge-nf-call-ip6tables | |||
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu | |||
exit 0 | |||
}} | |||
# Ensure that {{Path|/etc/local.d/iptables_dhcp_kvm.start}} script is executable.{{Cmd|# chmod a+x /etc/local.d/iptables_dhcp_kvm.start}} | |||
# Ensure that scripts placed in {{Path|/etc/local.d}} starts on boot:{{Cmd|# rc-update add local}} | |||
[[Category:Networking]] | |||
Latest revision as of 06:06, 15 August 2025
This document describes how to configure a network bridge interface in Alpine Linux.
Installation
Install the bridge tools that configure bridge:
# apk add bridge
Configuration
Bridging is then configured in /etc/network/interfaces with the bridge-ports keyword.
In this example the address 192.168.0.1/24 is used.
Contents of /etc/network/interfaces
auto br0
iface br0 inet static
bridge-ports eth0 eth1
bridge-stp 0
address 192.168.0.1
netmask 255.255.255.0
You can set the various options with these keywords:
- bridge-ports
- Set bridge ports (ethX) or none for no physical interfaces
- bridge-aging
- Set ageing time
- bridge-fd
- Set bridge forward delay
- bridge-hello
- Set hello time
- bridge-maxage
- Set bridge max message age
- bridge-pathcost
- Set path cost
- bridge-portprio
- Set port priority
- bridge-bridgeprio
- Set bridge priority
- bridge-stp
- STP on/off
Using pre-up/post-down
If you want be able to control the bridge interfaces individually, you need to use pre-up/post-down hooks. An example /etc/network/interfaces file follows:
Contents of /etc/network/interfaces
auto br0
iface br0 inet static
pre-up brctl addbr br0
pre-up echo 0 > /proc/sys/net/bridge/bridge-nf-call-arptables
pre-up echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables
pre-up echo 0 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
address 192.168.0.253
netmask 255.255.255.0
gateway 192.168.0.254
post-down brctl delbr br0
auto eth0
iface eth0 inet manual
up ip link set $IFACE up
up brctl addif br0 $IFACE
down brctl delif br0 $IFACE
Now, create br0 with the command:
# ifup br0
One can add/remove individual interfaces to the bridge with ifup eth0 and ifdown eth0 commands.
Bridging for a Xen dom0
Bridging in a dom0 is a bit specific as it consists in bridging a real interface (i.e. ethX) with a virtual interface (i.e. vifX.Y). At bridge creation time, the virtual interface does not exist and will be added by the Xen toolstack when a domU is booting (see Xen documentation on how to link the virtual interface to the correct bridge).
Particulars:
- the bridge consists of a single physical interface
- the physical interface does not have an IP and is configured manually
- the bridge will have the IP address and will be auto, resulting in bringing up the physical interface
This translates to a sample config /etc/network/interfaces file as follows:
Contents of /etc/network/interfaces
auto eth0
iface eth0 inet manual
auto br0
iface br0 inet static
address 192.168.0.253
netmask 255.255.255.0
gateway 192.168.0.254
bridge_ports eth0
bridge_stp 0
After the domU OS is started, the virtual interface wil be added and the working bridge can be checked with the commands:
# brctl show # ifconfig -a
Bridging for KVM
An example /etc/network/interfaces file for KVM is given below:
Contents of /etc/network/interfaces
auto br0
iface br0 inet dhcp
bridge_ports eth0
bridge_stp 0
Bridging for QEMU
Ensure that the /etc/network/interfaces file is as follows:
Contents of /etc/network/interfaces
auto lo
iface lo inet loopback
auto br0
iface br0 inet dhcp
bridge_ports eth0
bridge_stp 0
To enable DHCP and get QEMU to use the bridge we've created Install the bridge package.
- Load kernel modules needed for KVM bridging:
# printf 'tun\ntap\n' >> /etc/modules
- Allow Qemu to use our bridge.
# echo 'allow br0' > /etc/qemu/bridge.conf
- Write some sysctl knobs to allow bridging to work by creating a file etc/sysctl.d/bridging.conf as follows:
Contents of /etc/sysctl.d/bridging.conf
# Enable bridge forwarding. net.ipv4.conf.br0_bc_forwarding=1 # Ignore iptables on bridge interfaces. net.bridge.bridge-nf-call-iptables=0 - Apply sysctl config edits.
# sysctl -p
After a reboot, you can use the bridge with a qcow2 image named felix-pojtigners-theia.qcow2 as follows:
$ qemu-system-x86_64 -m 4096 -accel kvm -net nic -net bridge,br=br0 -boot d -drive format=qcow2,file=felix-pojtingers-theia.qcow2
If you don't get a DHCP response for the guest machine (assuming you have a DHCP server running on the physical network that eth0 is connected to), you can debug with tshark command from tshark package as follows:
# tshark -i eth0 -Y "bootp.option.type == 53"
Setting MTU
It can be a bit tricky to set the MTU on the bridge and child interfaces. That applies to both the bridge-utils and bridge packages.
The below is tested (10g ports only used as a bridge and not connected to host. you can work from there and make more complex/capable setups. don't forget to consider OVS instead)
Contents of /etc/network/interfaces
auto lo
iface lo inet loopback
# "management / oob port"
auto eth0
iface eth0 inet dhcp
ip_rp_filter 2 # only relevant when you set an ip on br0
iface eth1 inet manual
iface eth2 inet manual
iface eth3 inet manual
iface eth4 inet manual
iface eth5 inet manual
iface eth6 inet manual
iface eth7 inet manual
iface eth8 inet manual
auto br0
iface br0 inet manual
bridge-ports eth1 eth2 eth3 eth4 eth5 eth6 eth7 eth8
bridge-stp on
bridge-fd 2
bridge-bridgeprio 32768
pre-up ip link set dev eth1 mtu 9000
pre-up ip link set dev eth2 mtu 9000
pre-up ip link set dev eth3 mtu 9000
pre-up ip link set dev eth4 mtu 9000
pre-up ip link set dev eth5 mtu 9000
pre-up ip link set dev eth6 mtu 9000
pre-up ip link set dev eth7 mtu 9000
pre-up ip link set dev eth8 mtu 9000
post-up ip link set dev br0 mtu 9000
So we have a three stage process:
- Bring up member interfaces
- Set up bridge, first run all pre-up commands, setting the MTU of the members
- Once bridge is up, set its own mtu
Using brctl
 Reason:Package bridge uses |
Bridges can be managed manually with the brctl command from the bridge-utils package.
Note: According to upstream, bridge-utils is deprecated. Please Install bridge and configure it instead.
Usage: brctl COMMAND [BRIDGE [INTERFACE]] Manage ethernet bridges Commands: show Show a list of bridges addbr BRIDGE Create BRIDGE delbr BRIDGE Delete BRIDGE addif BRIDGE IFACE Add IFACE to BRIDGE delif BRIDGE IFACE Delete IFACE from BRIDGE setageing BRIDGE TIME Set ageing time setfd BRIDGE TIME Set bridge forward delay sethello BRIDGE TIME Set hello time setmaxage BRIDGE TIME Set max message age setpathcost BRIDGE COST Set path cost setportprio BRIDGE PRIO Set port priority setbridgeprio BRIDGE PRIO Set bridge priority stp BRIDGE [1|0] STP on/off
To manually create bridge interface br0:
# brctl addbr br0
To add interface eth0 and eth1 to br0:
# brctl addif br0 eth0 # brctl addif br0 eth1
Note: You need to set the link status to up on the added interfaces:
# ip link set dev eth0 up # ip link set dev eth1 up
Troubleshooting
Script to allow dhcp over iptables
If the pre-up/post-down doesn't work the following approach can be taken to allow dhcp over iptables. The below script is based on the this page.
- Create a startup script /etc/local.d/iptables_dhcp_kvm.start as follows:
Contents of /etc/local.d/iptables_dhcp_kvm.start
echo 0 > /proc/sys/net/bridge/bridge-nf-call-arptables echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables echo 0 > /proc/sys/net/bridge/bridge-nf-call-ip6tables iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu exit 0 - Ensure that /etc/local.d/iptables_dhcp_kvm.start script is executable.
# chmod a+x /etc/local.d/iptables_dhcp_kvm.start
- Ensure that scripts placed in /etc/local.d starts on boot:
# rc-update add local