Bridge: Difference between revisions

From Alpine Linux
(→‎Using brctl: mention that bridge-utils is deprecated)
(added {{Template:Accuracy}} to check {{ic|brctl}} package)
 
(5 intermediate revisions by 4 users not shown)
Line 1: Line 1:
[[Category:Networking]]
This document describes how to configure a [https://en.wikipedia.org/wiki/Network_bridge network bridge] interface in Alpine Linux.
This document describes how to configure a [http://en.wikipedia.org/wiki/Bridging_%28networking%29 network bridge] interface in Alpine Linux.
 
== Using brctl ==
 
{{Obsolete|According to [https://wiki.linuxfoundation.org/networking/bridge upstream], ''bridge-utils'' is deprecated.  Please use ''bridge'' instead.}}
 
Bridges are managed manually with the '''brctl''' command.
<pre>
Usage: brctl COMMAND [BRIDGE [INTERFACE]]


Manage ethernet bridges
== Installation ==
 
Commands:
show Show a list of bridges
addbr BRIDGE Create BRIDGE
delbr BRIDGE Delete BRIDGE
addif BRIDGE IFACE Add IFACE to BRIDGE
delif BRIDGE IFACE Delete IFACE from BRIDGE
setageing BRIDGE TIME Set ageing time
setfd BRIDGE TIME Set bridge forward delay
sethello BRIDGE TIME Set hello time
setmaxage BRIDGE TIME Set max message age
setpathcost BRIDGE COST Set path cost
setportprio BRIDGE PRIO Set port priority
setbridgeprio BRIDGE PRIO Set bridge priority
stp BRIDGE [1|0] STP on/off
</pre>
 
To manually create bridge interface br0:
{{Cmd|brctl addbr br0}}
 
To add interface eth0 and eth1 to br0:
{{Cmd|brctl addif br0 eth0
brctl addif br0 eth1}}
 
Note: You need to set the link status to ''up'' on the added interfaces.
{{Cmd|ip link set dev eth0 up
ip link set dev eth1 up}}
 
[[Category:Networking]]


== Configuration file ==
Install the bridge tools that configure bridge:{{Cmd|# apk add bridge}}
Install the scripts that configure the bridge.
{{Cmd|apk add bridge}}


Bridging is then configured in ''/etc/network/interfaces'' with the ''bridge-ports'' keyword.
== Configuration ==
{{Warning|You normally don't assign ip addresses to the bridged interfaces (eth0 and eth1 in our example) but to the bridge itself (br0).}}


In this example the address 192.168.0.1/24 is used.
Bridging is then configured in {{Path|/etc/network/interfaces}} with the ''bridge-ports'' keyword.


<pre>
In this example the address 192.168.0.1/24 is used.{{Cat|/etc/network/interfaces|auto br0
auto br0
iface br0 inet static
iface br0 inet static
bridge-ports eth0 eth1
bridge-ports eth0 eth1
Line 57: Line 15:
address 192.168.0.1
address 192.168.0.1
netmask 255.255.255.0
netmask 255.255.255.0
</pre>
}}


You can set the various options with these keywords:
You can set the various options with these keywords:
Line 79: Line 37:
: STP on/off
: STP on/off


== Using pre-up/post-down ==
=== Using pre-up/post-down ===
If you want be able to control the bridge interfaces individually, you need to use pre-up/post-down hooks.
 
Example ''/etc/network/interfaces'':


<pre>
If you want be able to control the bridge interfaces individually, you need to use pre-up/post-down hooks. An example {{Path|/etc/network/interfaces}} file follows:{{Cat|/etc/network/interfaces|auto br0
auto br0
iface br0 inet static
iface br0 inet static
pre-up brctl addbr br0
pre-up brctl addbr br0
Line 109: Line 63:
down brctl delif br0 $IFACE || true
down brctl delif br0 $IFACE || true
down ip link set $IFACE down
down ip link set $IFACE down
</pre>
}}
 
Now, create {{ic|br0}} with the command:{{Cmd|# ifup br0}}


That way, you create br0 with: ifup br0. You can add/remove
One can add/remove individual interfaces to the bridge with {{ic|ifup eth0}} and {{ic|ifdown eth0}} commands.
individual interfaces to the bridge with ifup eth0, ifdown eth0.


== Bridging for a Xen dom0 ==
== Bridging for a Xen dom0 ==
Bridging in a dom0 is a bit specific as it consists in bridging a real interface (i.e. ethX) with a virtual interface (i.e. vifX.Y).
Bridging in a dom0 is a bit specific as it consists in bridging a real interface (i.e. ethX) with a virtual interface (i.e. vifX.Y).
At bridge creation time, the virtual interface does not exist and will be added by the Xen toolstack when a domU is booting (see Xen documentation on how to link the virtual interface to the correct bridge).
At bridge creation time, the virtual interface does not exist and will be added by the Xen toolstack when a domU is booting (see Xen documentation on how to link the virtual interface to the correct bridge).


;Particulars :
'''Particulars:'''
- the bridge consists of a single physical interface <br/>
* the bridge consists of a single physical interface
- the physical interface does not have an IP and is configured manually <br/>
* the physical interface does not have an IP and is configured manually  
- the bridge will have the IP address and will be auto, resulting in bringing up the physical interface <br/>
* the bridge will have the IP address and will be auto, resulting in bringing up the physical interface  
 
This translates to a sample config :
 
Example ''/etc/network/interfaces'':


<pre>
This translates to a sample config {{Path|/etc/network/interfaces}} file as follows: {{Cat|/etc/network/interfaces|auto eth0
auto eth0
iface eth0 inet manual
iface eth0 inet manual


Line 138: Line 89:
         bridge_ports eth0
         bridge_ports eth0
         bridge_stp 0
         bridge_stp 0
</pre>
}}
 
After the domU OS is started, the virtual interface wil be added and the working bridge can be checked with the commands:{{Cmd|<nowiki># brctl show
# ifconfig -a</nowiki>
}}


After the domU OS is started, the virtual interface wil be added and the working bridge can be checked with
== Bridging for KVM ==
<pre>
brctl show


ifconfig -a
An example {{Path|/etc/network/interfaces}} file for KVM is given below:{{Cat|/etc/network/interfaces|auto br0
</pre>
iface br0 inet dhcp
  bridge_ports eth0
  bridge_stp 0
}}


== Bridging for KVM ==
== Bridging for QEMU ==


Example ''/etc/network/interfaces'':
Ensure that the {{Path|/etc/network/interfaces}} file is as follows:{{Cat|/etc/network/interfaces|auto lo
iface lo inet loopback


{{Note|I personally remove the eth0 declaration without any issue.}}
<pre>
auto br0
auto br0
iface br0 inet dhcp
iface br0 inet dhcp
   bridge_ports eth0
   bridge_ports eth0
   bridge_stp 0
   bridge_stp 0
</pre>
}}
 
To enable DHCP and get QEMU to use the bridge we've created [[#Installation|Install]] the {{pkg|bridge}} package.


=== Little script to allow dhcp over iptables ===
# Load kernel modules needed for KVM bridging: {{Cmd|# printf 'tun\ntap\n' >> /etc/modules}}
{{Note|I tried the Using pre-up/post-down as mentionned in #3, but it didn't work well for me }}
# Allow Qemu to use our bridge.{{Cmd|# echo 'allow br0' > /etc/qemu/bridge.conf}}
{{Note|Usually it will be in /etc/rc.local as mentioned [https://wiki.libvirt.org/page/Networking#Debian.2FUbuntu_Bridging here] }}
# Write some sysctl knobs to allow bridging to work by creating a file {{Path|etc/sysctl.d/bridging.conf}} as follows:{{Cat|/etc/sysctl.d/bridging.conf|<nowiki># Enable bridge forwarding.
net.ipv4.conf.br0_bc_forwarding=1
# Ignore iptables on bridge interfaces.
net.bridge.bridge-nf-call-iptables=0
</nowiki>}}
# Apply sysctl config edits.{{Cmd|# sysctl -p}}


<pre>
After a ''reboot'', you can use the bridge with a ''qcow2'' image named ''felix-pojtigners-theia.qcow2'' as follows:{{Cmd|<nowiki>$ qemu-system-x86_64 -m 4096 -accel kvm -net nic -net bridge,br=br0 -boot d -drive format=qcow2,file=felix-pojtingers-theia.qcow2</nowiki>}}
# Run local.d scripts on boot.
rc-update add local


# Write the script.
If you don't get a DHCP response for the guest machine (assuming you have a DHCP server running on the physical network that ''eth0'' is connected to), you can debug with {{ic|tshark}} command from {{pkg|tshark}} package as follows:{{Cmd|<nowiki># tshark -i eth0  -Y "bootp.option.type == 53"</nowiki>}}
cat >> /etc/local.d/iptables_dhcp_kvm.start << EOM
echo 0 > /proc/sys/net/bridge/bridge-nf-call-arptables
echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 0 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
exit 0
EOM


# local.d script must be executable.
== Setting MTU ==
chmod a+x /etc/local.d/iptables_dhcp_kvm.start
</pre>


== Bridging for QEMU ==
It can be a bit tricky to set the MTU on the bridge and child interfaces.
That applies to both the bridge-utils and bridge packages.


Replace ''/etc/network/interfaces'' with the following:
The below is tested (10g ports only used as a bridge and not connected to host. you can work from there and make more complex/capable setups. don't forget to consider OVS instead)


<pre>
{{cat|/etc/network/interfaces|auto lo
auto lo
iface lo inet loopback
iface lo inet loopback
# "management / oob port"
auto eth0
iface eth0 inet dhcp
ip_rp_filter 2 # only relevant when you set an ip on br0
iface eth1 inet manual
iface eth2 inet manual
iface eth3 inet manual
iface eth4 inet manual
iface eth5 inet manual
iface eth6 inet manual
iface eth7 inet manual
iface eth8 inet manual


auto br0
auto br0
iface br0 inet dhcp
iface br0 inet manual
  bridge_ports eth0
    bridge-ports eth1 eth2 eth3 eth4 eth5 eth6 eth7 eth8
  bridge_stp 0
    bridge-stp on
</pre>
    bridge-fd 2
    bridge-bridgeprio 32768
    pre-up ip link set dev eth1 mtu 9000
    pre-up ip link set dev eth2 mtu 9000
    pre-up ip link set dev eth3 mtu 9000
    pre-up ip link set dev eth4 mtu 9000
    pre-up ip link set dev eth5 mtu 9000
    pre-up ip link set dev eth6 mtu 9000
    pre-up ip link set dev eth7 mtu 9000
    pre-up ip link set dev eth8 mtu 9000
    post-up ip link set dev br0 mtu 9000
}}
 
So we have a three stage process:
 
# Bring up member interfaces
# Set up bridge, first run all pre-up commands, setting the MTU of the members
# Once bridge is up, set its own mtu
 
== Using brctl ==
 
{{Template:Accuracy|Package {{pkg|bridge}} uses {{ic|brctl}} command. To verify if this needs {{pkg|bridge-utils}} instead of the version from [[Busybox]].|section=Using brctl}}
 
Bridges can be managed manually with the {{ic|brctl}} command from the {{pkg|bridge-utils}} package.


To enable DHCP and get QEMU to use the bridge we've created above, run:
{{Note|According to [https://wiki.linuxfoundation.org/networking/bridge upstream], ''bridge-utils'' is deprecated.  Please  [[#Installation|Install bridge]] and [[#Configuration|configure it]] instead.}}


<pre>
<pre>
# Install the bridge tools
Usage: brctl COMMAND [BRIDGE [INTERFACE]]
apk add bridge
 
Manage ethernet bridges
 
Commands:
show Show a list of bridges
addbr BRIDGE Create BRIDGE
delbr BRIDGE Delete BRIDGE
addif BRIDGE IFACE Add IFACE to BRIDGE
delif BRIDGE IFACE Delete IFACE from BRIDGE
setageing BRIDGE TIME Set ageing time
setfd BRIDGE TIME Set bridge forward delay
sethello BRIDGE TIME Set hello time
setmaxage BRIDGE TIME Set max message age
setpathcost BRIDGE COST Set path cost
setportprio BRIDGE PRIO Set port priority
setbridgeprio BRIDGE PRIO Set bridge priority
stp BRIDGE [1|0] STP on/off
</pre>


# Load kernel modules needed for KVM bridging.
To manually create bridge interface br0: {{Cmd|# brctl addbr br0}}
printf 'tun\ntap\n' >> /etc/modules


# Allow Qemu to use our bridge.
To add interface eth0 and eth1 to br0: {{Cmd|<nowiki># brctl addif br0 eth0
echo 'allow br0' > /etc/qemu/bridge.conf
# brctl addif br0 eth1</nowiki>}}


# Write some sysctl knobs to allow bridging to work.
Note: You need to set the link status to ''up'' on the added interfaces: {{Cmd|<nowiki># ip link set dev eth0 up
printf '# Enable bridge forwarding.
# ip link set dev eth1 up</nowiki>}}
net.ipv4.conf.br0_bc_forwarding=1
# Ignore iptables on bridge interfaces.
net.bridge.bridge-nf-call-iptables=0
' >> /etc/sysctl.d/bridging.conf


# Apply sysctl config edits.
== Troubleshooting ==
sysctl -p
</pre>


After a ''reboot'', you can use the bridge like so (assuming you have a ''qcow2'' image named ''felix-pojtigners-theia.qcow2''):
=== Script to allow dhcp over iptables ===


<pre>
If the [[#Using pre-up/post-down|pre-up/post-down]] doesn't work the following approach can be taken to allow dhcp over iptables. The below script is based on the [https://wiki.libvirt.org/page/Networking#Debian.2FUbuntu_Bridging this page].
qemu-system-x86_64 -m 4096 -accel kvm -net nic -net bridge,br=br0 -boot d -drive format=qcow2,file=felix-pojtingers-theia.qcow2
</pre>


If you don't get a DHCP response for the guest machine (assuming you have a DHCP server running on the physical network that ''eth0'' is connected to), you can debug with ''tshark'':
# Create a startup script {{Path|/etc/local.d/iptables_dhcp_kvm.start}} as follows:{{Cat|/etc/local.d/iptables_dhcp_kvm.start|
echo 0 > /proc/sys/net/bridge/bridge-nf-call-arptables
echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 0 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
exit 0
}}
# Ensure that {{Path|/etc/local.d/iptables_dhcp_kvm.start}} script is executable.{{Cmd|# chmod a+x /etc/local.d/iptables_dhcp_kvm.start}}
# Ensure that scripts placed in {{Path|/etc/local.d}} starts on boot:{{Cmd|# rc-update add local}}


<pre>
[[Category:Networking]]
tshark -i eth0  -Y "bootp.option.type == 53"
</pre>

Latest revision as of 06:06, 15 August 2025

This document describes how to configure a network bridge interface in Alpine Linux.

Installation

Install the bridge tools that configure bridge:

# apk add bridge

Configuration

Bridging is then configured in /etc/network/interfaces with the bridge-ports keyword.

In this example the address 192.168.0.1/24 is used.

Contents of /etc/network/interfaces

auto br0 iface br0 inet static bridge-ports eth0 eth1 bridge-stp 0 address 192.168.0.1 netmask 255.255.255.0

You can set the various options with these keywords:

bridge-ports
Set bridge ports (ethX) or none for no physical interfaces
bridge-aging
Set ageing time
bridge-fd
Set bridge forward delay
bridge-hello
Set hello time
bridge-maxage
Set bridge max message age
bridge-pathcost
Set path cost
bridge-portprio
Set port priority
bridge-bridgeprio
Set bridge priority
bridge-stp
STP on/off

Using pre-up/post-down

If you want be able to control the bridge interfaces individually, you need to use pre-up/post-down hooks. An example /etc/network/interfaces file follows:

Contents of /etc/network/interfaces

auto br0 iface br0 inet static pre-up brctl addbr br0 pre-up echo 0 > /proc/sys/net/bridge/bridge-nf-call-arptables pre-up echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables pre-up echo 0 > /proc/sys/net/bridge/bridge-nf-call-ip6tables address 192.168.0.253 netmask 255.255.255.0 gateway 192.168.0.254 post-down brctl delbr br0 auto eth0 iface eth0 inet manual up ip link set $IFACE up up brctl addif br0 $IFACE down brctl delif br0 $IFACE

Now, create br0 with the command:

# ifup br0

One can add/remove individual interfaces to the bridge with ifup eth0 and ifdown eth0 commands.

Bridging for a Xen dom0

Bridging in a dom0 is a bit specific as it consists in bridging a real interface (i.e. ethX) with a virtual interface (i.e. vifX.Y). At bridge creation time, the virtual interface does not exist and will be added by the Xen toolstack when a domU is booting (see Xen documentation on how to link the virtual interface to the correct bridge).

Particulars:

  • the bridge consists of a single physical interface
  • the physical interface does not have an IP and is configured manually
  • the bridge will have the IP address and will be auto, resulting in bringing up the physical interface

This translates to a sample config /etc/network/interfaces file as follows:

Contents of /etc/network/interfaces

auto eth0 iface eth0 inet manual auto br0 iface br0 inet static address 192.168.0.253 netmask 255.255.255.0 gateway 192.168.0.254 bridge_ports eth0 bridge_stp 0

After the domU OS is started, the virtual interface wil be added and the working bridge can be checked with the commands:

# brctl show # ifconfig -a

Bridging for KVM

An example /etc/network/interfaces file for KVM is given below:

Contents of /etc/network/interfaces

auto br0 iface br0 inet dhcp bridge_ports eth0 bridge_stp 0

Bridging for QEMU

Ensure that the /etc/network/interfaces file is as follows:

Contents of /etc/network/interfaces

auto lo iface lo inet loopback auto br0 iface br0 inet dhcp bridge_ports eth0 bridge_stp 0

To enable DHCP and get QEMU to use the bridge we've created Install the bridge package.

  1. Load kernel modules needed for KVM bridging:

    # printf 'tun\ntap\n' >> /etc/modules

  2. Allow Qemu to use our bridge.

    # echo 'allow br0' > /etc/qemu/bridge.conf

  3. Write some sysctl knobs to allow bridging to work by creating a file etc/sysctl.d/bridging.conf as follows:

    Contents of /etc/sysctl.d/bridging.conf

    # Enable bridge forwarding. net.ipv4.conf.br0_bc_forwarding=1 # Ignore iptables on bridge interfaces. net.bridge.bridge-nf-call-iptables=0
  4. Apply sysctl config edits.

    # sysctl -p

After a reboot, you can use the bridge with a qcow2 image named felix-pojtigners-theia.qcow2 as follows:

$ qemu-system-x86_64 -m 4096 -accel kvm -net nic -net bridge,br=br0 -boot d -drive format=qcow2,file=felix-pojtingers-theia.qcow2

If you don't get a DHCP response for the guest machine (assuming you have a DHCP server running on the physical network that eth0 is connected to), you can debug with tshark command from tshark package as follows:

# tshark -i eth0 -Y "bootp.option.type == 53"

Setting MTU

It can be a bit tricky to set the MTU on the bridge and child interfaces. That applies to both the bridge-utils and bridge packages.

The below is tested (10g ports only used as a bridge and not connected to host. you can work from there and make more complex/capable setups. don't forget to consider OVS instead)

Contents of /etc/network/interfaces

auto lo iface lo inet loopback # "management / oob port" auto eth0 iface eth0 inet dhcp ip_rp_filter 2 # only relevant when you set an ip on br0 iface eth1 inet manual iface eth2 inet manual iface eth3 inet manual iface eth4 inet manual iface eth5 inet manual iface eth6 inet manual iface eth7 inet manual iface eth8 inet manual auto br0 iface br0 inet manual bridge-ports eth1 eth2 eth3 eth4 eth5 eth6 eth7 eth8 bridge-stp on bridge-fd 2 bridge-bridgeprio 32768 pre-up ip link set dev eth1 mtu 9000 pre-up ip link set dev eth2 mtu 9000 pre-up ip link set dev eth3 mtu 9000 pre-up ip link set dev eth4 mtu 9000 pre-up ip link set dev eth5 mtu 9000 pre-up ip link set dev eth6 mtu 9000 pre-up ip link set dev eth7 mtu 9000 pre-up ip link set dev eth8 mtu 9000 post-up ip link set dev br0 mtu 9000

So we have a three stage process:

  1. Bring up member interfaces
  2. Set up bridge, first run all pre-up commands, setting the MTU of the members
  3. Once bridge is up, set its own mtu

Using brctl

The factual accuracy of this article or section is disputed.

Reason:Package bridge uses brctl command. To verify if this needs bridge-utils instead of the version from Busybox. (Discuss in Talk:Bridge#Using brctl)

Bridges can be managed manually with the brctl command from the bridge-utils package.

Note: According to upstream, bridge-utils is deprecated. Please Install bridge and configure it instead.
Usage: brctl COMMAND [BRIDGE [INTERFACE]]

Manage ethernet bridges

Commands:
	show			Show a list of bridges
	addbr BRIDGE		Create BRIDGE
	delbr BRIDGE		Delete BRIDGE
	addif BRIDGE IFACE	Add IFACE to BRIDGE
	delif BRIDGE IFACE	Delete IFACE from BRIDGE
	setageing BRIDGE TIME		Set ageing time
	setfd BRIDGE TIME		Set bridge forward delay
	sethello BRIDGE TIME		Set hello time
	setmaxage BRIDGE TIME		Set max message age
	setpathcost BRIDGE COST		Set path cost
	setportprio BRIDGE PRIO		Set port priority
	setbridgeprio BRIDGE PRIO	Set bridge priority
	stp BRIDGE [1|0]		STP on/off

To manually create bridge interface br0:

# brctl addbr br0

To add interface eth0 and eth1 to br0:

# brctl addif br0 eth0 # brctl addif br0 eth1

Note: You need to set the link status to up on the added interfaces:

# ip link set dev eth0 up # ip link set dev eth1 up

Troubleshooting

Script to allow dhcp over iptables

If the pre-up/post-down doesn't work the following approach can be taken to allow dhcp over iptables. The below script is based on the this page.

  1. Create a startup script /etc/local.d/iptables_dhcp_kvm.start as follows:

    Contents of /etc/local.d/iptables_dhcp_kvm.start

    echo 0 > /proc/sys/net/bridge/bridge-nf-call-arptables echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables echo 0 > /proc/sys/net/bridge/bridge-nf-call-ip6tables iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu exit 0
  2. Ensure that /etc/local.d/iptables_dhcp_kvm.start script is executable.

    # chmod a+x /etc/local.d/iptables_dhcp_kvm.start

  3. Ensure that scripts placed in /etc/local.d starts on boot:

    # rc-update add local

Retrieved from "https://wiki.alpinelinux.org/w/index.php?title=Bridge&oldid=30711"