Bridge: Difference between revisions

This document describes how to configure a network bridge interface in Alpine Linux.

Using brctl

This material is obsolete ... According to upstream, bridge-utils is deprecated. Please use bridge instead. (Discuss)

Bridges are managed manually with the brctl command.

Usage: brctl COMMAND [BRIDGE [INTERFACE]]

Manage ethernet bridges

Commands:
	show			Show a list of bridges
	addbr BRIDGE		Create BRIDGE
	delbr BRIDGE		Delete BRIDGE
	addif BRIDGE IFACE	Add IFACE to BRIDGE
	delif BRIDGE IFACE	Delete IFACE from BRIDGE
	setageing BRIDGE TIME		Set ageing time
	setfd BRIDGE TIME		Set bridge forward delay
	sethello BRIDGE TIME		Set hello time
	setmaxage BRIDGE TIME		Set max message age
	setpathcost BRIDGE COST		Set path cost
	setportprio BRIDGE PRIO		Set port priority
	setbridgeprio BRIDGE PRIO	Set bridge priority
	stp BRIDGE [1|0]		STP on/off

To manually create bridge interface br0:

brctl addbr br0

To add interface eth0 and eth1 to br0:

brctl addif br0 eth0 brctl addif br0 eth1

Note: You need to set the link status to up on the added interfaces.

ip link set dev eth0 up ip link set dev eth1 up

Configuration file

Install the scripts that configure the bridge.

apk add bridge

Bridging is then configured in /etc/network/interfaces with the bridge-ports keyword.

In this example the address 192.168.0.1/24 is used.

auto br0
iface br0 inet static
	bridge-ports eth0 eth1
	bridge-stp 0
	address 192.168.0.1
	netmask 255.255.255.0

You can set the various options with these keywords:

bridge-ports

Set bridge ports (ethX) or none for no physical interfaces

bridge-aging

Set ageing time

bridge-fd

Set bridge forward delay

bridge-hello

Set hello time

bridge-maxage

Set bridge max message age

bridge-pathcost

Set path cost

bridge-portprio

Set port priority

bridge-bridgeprio

Set bridge priority

bridge-stp

STP on/off

Using pre-up/post-down

If you want be able to control the bridge interfaces individually, you need to use pre-up/post-down hooks.

Example /etc/network/interfaces:

auto br0
iface br0 inet static
	pre-up brctl addbr br0
	pre-up echo 0 > /proc/sys/net/bridge/bridge-nf-call-arptables
	pre-up echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables
	pre-up echo 0 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
	address 192.168.0.253
	netmask 255.255.255.0
	gateway 192.168.0.254
	post-down brctl delbr br0
	
auto eth0
iface eth0 inet manual
	up ip link set $IFACE up
	up brctl addif br0 $IFACE
	down brctl delif br0 $IFACE || true
	down ip link set $IFACE down
	
auto eth1
iface eth1 inet manual
	up ip link set $IFACE up
	up brctl addif br0 $IFACE
	down brctl delif br0 $IFACE || true
	down ip link set $IFACE down

That way, you create br0 with: ifup br0. You can add/remove individual interfaces to the bridge with ifup eth0, ifdown eth0.

Bridging for a Xen dom0

Bridging in a dom0 is a bit specific as it consists in bridging a real interface (i.e. ethX) with a virtual interface (i.e. vifX.Y). At bridge creation time, the virtual interface does not exist and will be added by the Xen toolstack when a domU is booting (see Xen documentation on how to link the virtual interface to the correct bridge).

Particulars:

• the bridge consists of a single physical interface
• the physical interface does not have an IP and is configured manually
• the bridge will have the IP address and will be auto, resulting in bringing up the physical interface

This translates to a sample config /etc/network/interfaces

auto eth0
iface eth0 inet manual

auto br0
iface br0 inet static
	address 192.168.0.253
	netmask 255.255.255.0
	gateway 192.168.0.254
        bridge_ports eth0
        bridge_stp 0

After the domU OS is started, the virtual interface wil be added and the working bridge can be checked with

brctl show

ifconfig -a

Bridging for KVM

Example /etc/network/interfaces:

auto br0
iface br0 inet dhcp
  bridge_ports eth0
  bridge_stp 0

Little script to allow dhcp over iptables

# Run local.d scripts on boot.
rc-update add local

# Write the script.
cat >> /etc/local.d/iptables_dhcp_kvm.start << EOM
echo 0 > /proc/sys/net/bridge/bridge-nf-call-arptables
echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables
echo 0 > /proc/sys/net/bridge/bridge-nf-call-ip6tables
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
exit 0
EOM

# local.d script must be executable.
chmod a+x /etc/local.d/iptables_dhcp_kvm.start

Bridging for QEMU

Replace /etc/network/interfaces with the following:

auto lo
iface lo inet loopback

auto br0
iface br0 inet dhcp
  bridge_ports eth0
  bridge_stp 0

To enable DHCP and get QEMU to use the bridge we've created above, run:

# Install the bridge tools
apk add bridge

# Load kernel modules needed for KVM bridging.
printf 'tun\ntap\n' >> /etc/modules

# Allow Qemu to use our bridge.
echo 'allow br0' > /etc/qemu/bridge.conf

# Write some sysctl knobs to allow bridging to work.
printf '# Enable bridge forwarding.
net.ipv4.conf.br0_bc_forwarding=1
# Ignore iptables on bridge interfaces.
net.bridge.bridge-nf-call-iptables=0
' >> /etc/sysctl.d/bridging.conf

# Apply sysctl config edits.
sysctl -p

After a reboot, you can use the bridge like so (assuming you have a qcow2 image named felix-pojtigners-theia.qcow2):

qemu-system-x86_64 -m 4096 -accel kvm -net nic -net bridge,br=br0 -boot d -drive format=qcow2,file=felix-pojtingers-theia.qcow2

If you don't get a DHCP response for the guest machine (assuming you have a DHCP server running on the physical network that eth0 is connected to), you can debug with tshark:

tshark -i eth0  -Y "bootp.option.type == 53"