How to create a Linux Network Bridge on CentOS/RHEL7

Introduction

Linux Network Bridge is a device that separates two or more network segments within one logical network and helps to connect a Physical Server or Desktop to a virtual machine.

A bridge connects a number of physical Ethernet’s together to form one large logical Ethernet. The logical Ethernet will be a virtual network interface in the name of br0, br1 etc.

The role of the bridge is to examine the destination of the data packets one at a time and decide whether or not to pass the packets to the other side of the Ethernet segment. The result is a faster, quieter network with fewer collisions.

Note:> In bridging only the bridge interface (br0) need to be configured with IP information, the ports or physical Ethernet resides under the bridge doesn’t require any IP information.

Let’s start with how to configure the bridge network.

Check for Kernel Modules

In the first place, we required a kernel module for working with Linux Network Bridge. By default, this kernel will be installed on most of all recent Linux distributions.

# modinfo bridge

For your reference

[root@sysadmins ~]# modinfo bridge
 filename:       /lib/modules/3.10.0-957.27.2.el7.x86_64/kernel/net/bridge/bridge.ko.xz
 alias:          rtnl-link-bridge
 version:        2.3
 license:        GPL
 retpoline:      Y
 rhelversion:    7.6
 srcversion:     24DDA8C6E1594CDB8543B49
 depends:        stp,llc
 intree:         Y
 vermagic:       3.10.0-957.27.2.el7.x86_64 SMP mod_unload modversions 
 signer:         CentOS Linux kernel signing key
 sig_key:        52:0A:4E:2D:9D:55:3E:F8:42:01:C1:88:B8:7F:E5:1B:9D:E1:1A:5E
 sig_hashalgo:   sha256
 [root@sysadmins ~]#

Installing Bridge Utility

Info:> Red Hat has deprecated bridge-utils in RHEL 7.7 and future releases, more information can be found in RHEL 7.7 release notes.

Red Hat Release 7.7 Notes check under Chapter 9.1. Deprecated Packages.

If you still running on RHEL 7.6 or earlier version continue with installing the packages. To create a bridge network we require a utility, By installing “bridge-utils” package you will get it.

# yum info bridge-utils

Therefore, start to know about the available bridge utility by running yum command.

[root@sysadmins ~]# yum info bridge-utils
 Available Packages
 Name        : bridge-utils
 Arch        : x86_64
 Version     : 1.5
 Release     : 9.el7
 Size        : 32 k
 Repo        : base/7/x86_64
 Summary     : Utilities for configuring the linux ethernet bridge
 URL         : http://www.linuxfoundation.org/collaborate/workgroups/networking/bridge
 License     : GPLv2+
 Description : This package contains utilities for configuring the linux ethernet
             : bridge. The linux ethernet bridge can be used for connecting multiple
             : ethernet devices together. The connecting is fully transparent: hosts
             : connected to one ethernet device see hosts connected to the other
             : ethernet devices directly.
             : 
             : Install bridge-utils if you want to use the linux ethernet bridge.
 [root@sysadmins ~]#

By default, None of the Linux operating systems will be installed with bridge-utils. However, we can install as per our requirement.

# yum -y install bridge-utils

The bridge utility has been installed.

Total download size: 32 k
 Installed size: 56 k
 Downloading packages:
 bridge-utils-1.5-9.el7.x86_64.rpm                   |  32 kB  00:00:00     
 Running transaction check
 Running transaction test
 Transaction test succeeded
 Running transaction
   Installing : bridge-utils-1.5-9.el7.x86_64        1/1 
   Verifying  : bridge-utils-1.5-9.el7.x86_64        1/1 
 Installed:
   bridge-utils.x86_64 0:1.5-9.el7                                                                             
 Complete!
 [root@sysadmins ~]#

Required packages installed, now let’s list the physical Ethernet we are about to use for creating a bridge.

List the Physical Ethernet’s

Let’s start to find the physical interfaces available on our server using the network manager command-line utility.

# nmcli device

We have two physical interfaces in this server. However, we will use only ens32.

[root@sysadmins ~]# nmcli device 
DEVICE  TYPE      STATE         CONNECTION 
ens32   ethernet  connected     ens32      
ens33   ethernet  disconnected  --         
lo      loopback  unmanaged     --         
[root@sysadmins ~]#

Already our two Ethernet’s have a valid connection profile as well, It means they have a configuration file under /etc/sysconfig/network-scripts/ifcfg-ens32, ens33.

[root@sysadmins ~]# nmcli connection 
 NAME   UUID                                  TYPE      DEVICE 
 ens32  97f8ee48-fa54-4a91-b20f-17144533b9c0  ethernet  ens32  
 ens33  1633af9e-dcfd-4612-899c-479ea028140f  ethernet  --     
 [root@sysadmins ~]#

Let’s print and verify the interfaces.

[root@sysadmins ~]# ifconfig
 ens32: flags=4163  mtu 1500
         inet 192.168.107.100  netmask 255.255.255.0  broadcast 192.168.107.255
         inet6 fe80::3d30:84c:29be:8677  prefixlen 64  scopeid 0x20
         ether 00:0c:29:43:a6:5a  txqueuelen 1000  (Ethernet)
         RX packets 59  bytes 7047 (6.8 KiB)
         RX errors 0  dropped 0  overruns 0  frame 0
         TX packets 56  bytes 7339 (7.1 KiB)
         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 ens33: flags=4163  mtu 1500
         ether 00:0c:29:43:a6:50  txqueuelen 1000  (Ethernet)
         RX packets 5  bytes 300 (300.0 B)
         RX errors 0  dropped 0  overruns 0  frame 0
         TX packets 0  bytes 0 (0.0 B)
         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 lo: flags=73  mtu 65536
         inet 127.0.0.1  netmask 255.0.0.0
         inet6 ::1  prefixlen 128  scopeid 0x10
         loop  txqueuelen 1000  (Local Loopback)
         RX packets 0  bytes 0 (0.0 B)
         RX errors 0  dropped 0  overruns 0  frame 0
         TX packets 0  bytes 0 (0.0 B)
         TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
 [root@sysadmins ~]#

The device name used in this guide is ens32 and ens33 it will change depends on your platform whether it may be a physical server or virtual server.

Creating a Bridge Interface in a Persistent way

Create a Linux network Bridge Interface

Firstly, create a bridge interface in the name of br0 with a static IP address.

# nmcli connection add con-name br0 type bridge ifname br0 ipv4.addresses 192.168.107.100/24 ipv4.gateway 192.168.107.2 ipv4.dns 192.168.107.2 ipv4.method manual autoconnect yes ipv6.method ignore

The bridge interface created successfully, Now let’s configure the physical interface.

Configure the Physical Interface

Secondly, Configure the physical interface and add it with our bridge (br0). While configuring the physical interface make sure not to configure with any IP’s. As we discussed earlier in the introduction, other than bridge interface none of the interfaces will have IP details.

Configure the physical interface without an IP Address.

# nmcli connection add type ethernet con-name ens32 ifname ens32 ipv4.addresses 0.0.0.0/24 autoconnect yes ipv4.method manual ipv6.method ignore

Verify the Bridge

Continue with printing the created bridge and verify which physical interfaces are part of our bridge.

# brctl show

Right now we have not yet added any interfaces to the Bridge, that the reason the column interfaces not listed with any NIC.

[root@sysadmins ~]# brctl show
 bridge name    bridge id       STP enabled interfaces
 br0        8000.000c2943a65a   yes     
[root@sysadmins ~]#

Adding Physical Interface to a Bridge

Thirdly, add the physical interface to our bridge (br0).

# brctl addif br0 ens32
# brctl show br0

After adding the physical interface print and verify. As a result, you should get an interface while listing the bridge.

[root@sysadmins ~]# brctl show br0
 bridge name    bridge id       STP enabled interfaces
 br0        8000.000c2943a65a   yes         ens32
[root@sysadmins ~]#

We have done with creating a bridge interface br0.

Manual Way and Persistent

In addition, we have one more manual way to create and configure the bridge interface.

Create a bridge Interface configuration file.

# vi /etc/sysconfig/network-scripts/ifcfg-br0

Append the configuration as shown below, replace the IP address/netmask/gateway and DNS relevant to your network.

 DEVICE="br0"
 BOOTPROTO="static"
 IPADDR="192.168.107.110"
 NETMASK="255.255.255.0"
 GATEWAY="192.168.107.2"
 DNS1=192.168.107.2
 ONBOOT="yes"
 TYPE="Bridge"
 NM_CONTROLLED="no"

Once completed with creating a bridge, Create the physical interface configuration without IP as shown below.

vi /etc/sysconfig/network-scripts/ifcfg-ens32

Append with below configuration without any IP address. Make sure to map the bridge interface by specifying “BRIDGE=br0“.

 DEVICE=ens33
 TYPE=Ethernet
 BOOTPROTO=none
 ONBOOT=yes
 NM_CONTROLLED=no
 BRIDGE=br0

Done, the manual way of creating a bridge will be easier for some users.

Temporally Creating a Linux Network Bridge

In some cases, we may require a bridge interface only for installation and initial configuration. In such a scenario it possible to create a bridge network by running a few commands in a short time of span.

# brctl addbr br0
# brctl addif br0 ens32
# ifconfig ens32 0.0.0.0
# ifconfig br0 192.168.107.100 netmask 255.255.255.0
# ifconfig br0 up

What did we do in the above commands?

  • Creating a bridge interface in the name of br0.
  • Adding one of Physical interface to the bridge interface br0.
  • Ignore IP for the physical interface.
  • Configure an IP address to our bridge interface br0.
  • Bring up the bridge (br0) interface online.

More Complicated setup in Bridging

It’s possible to have a more complicated setup in bridging. For instance, multiple bridge port groups and do filtering and NAT.

For example, we have four physical interfaces in our server. Two of the interfaces need to be used under bridge br_191 with the IP 191.168.107.100 and another two need to be part of br_192 with 192.168.107.100.

The first bridge br_191 configuration

# brctl addbr br_191
# brctl addif br_191 ens34
# brctl addif br_191 ens35
# ifconfig br_191 191.168.107.100 netmask 255.255.255.0
# ifconfig br_191 up

The Second bridge br_192 configuration

# brctl addbr br_192
# brctl addif br_192 ens32
# brctl addif br_192 ens33
# ifconfig br_192 192.168.107.100 netmask 255.255.255.0
# ifconfig br_192 up

Now we have logical network interfaces br_191 and br_192 which will act just like an ordinary interface.

Filtering the Traffic in Linux network bridge

In case, if 192.168.107.100 is the only host on the 192.168.107.0 network that is allowed to access the 191.168.107.* network, then we can play with iptables to forward the traffics.

# iptables -P FORWARD DROP
# iptables -A FORWARD -s 192.168.107.100/24 -d 191.168.107.0/24 -i br_191 -j ACCEPT
# iptables -L -n
Filter Bridged Traffics

That’s it we have completed with creating a Linux network bridge on a Linux server using various methods.

Conclusion

To sum up, Creating a Linux network bridge in Linux operating is super easy by following anyone of the method. Provide your feedback through below comment section, Subscribe to our newsletter for more articles related to Linux networking.

2 thoughts on “How to create a Linux Network Bridge on CentOS/RHEL7

Comments are closed.

Exit mobile version