Master Linux Bridge Management: Concepts, Commands, and Configuration

Linux Bridge Management

Bridge Concept

In everyday life a bridge connects two places, allowing pedestrians or vehicles to cross obstacles such as rivers or highways.

In computer networking, a bridge is a Layer‑2 device (physical or logical) that connects two or more LAN segments and forwards or filters frames based on MAC addresses, effectively limiting broadcast domains.

In Linux, a bridge is a logical device that links multiple network interfaces (e.g., eth0, eth1) so they behave as a single interface; it is widely used in virtualization to connect the host and virtual machines.

Bridge Working Principle

1. Role of network interfaces

In Linux, udev dynamically manages device nodes; when hardware is added or removed, it creates or removes the corresponding device node according to rules in /lib/udev/rules.d/.

Interface names such as eth0 or ens33 are assigned by udev rules and serve as logical identifiers for user‑space tools to reference the underlying kernel network device.

User‑space utilities (e.g., ifconfig, nmcli) use these names to interact with the kernel network stack, allowing configuration and status queries.

Virtual network interfaces (e.g., vnetX) are logical NICs that exist in the kernel without corresponding physical hardware.

2. Bridge member interfaces

When a bridge device is created, it is a logical interface without physical hardware. Adding physical and virtual NICs to the bridge makes them members; traffic between eth0 and vnetX is now handled by the bridge br0 rather than the kernel directly. Both interfaces share the same Layer‑2 subnet.

In effect, after bridging, the physical NIC becomes a cable that connects external devices to the bridge.

Note: Bridging two interfaces always requires a bridge device; you cannot directly bridge two NICs without creating a bridge.

Bridge Explanation

Data flow after bridging : When a physical NIC (e.g., eth0) is added to br0, it no longer communicates directly with the network stack. All Layer‑2 traffic is managed by the bridge interface, which acts like a virtual switch forwarding frames between its member ports.

IP address assignment : After bridging, the bridge interface br0 becomes the primary interface for IP configuration. Member interfaces lose their IP addresses and rely on the bridge’s IP for network communication.

Physical NIC role : The physical NIC serves as a transmission medium (a “cable”) that connects the host to external networks. The bridge ensures that the bridge interface and its members can communicate at Layer‑2 with external devices.

Managing Bridges with Tools

1. Using brctl (bridge‑utils)

brctl

creates temporary bridges that disappear after a reboot. The ip suite now provides equivalent functionality.

Create a bridge

# br0 is the bridge name
sudo brctl addbr br0

Add member interfaces

# Add physical NICs ens33 and ens37
brctl addif ens33
brctl addif ens37

Bring the bridge up

ifconfig br0 up
# or
ip link set br0 up

Delete a bridge brctl delbr br0 Remove a member interface brctl delif br0 device_name Enable STP

brctl stp br0 on

2. Using NetworkManager (nmcli)

Most modern distributions use NetworkManager. Configurations made with nmcli are stored in /etc/NetworkManager/system-connections/ and survive reboots.

Create a bridge

nmcli con add type bridge con-name br0 ifname br0

Add a member interface

# Add physical NIC eth1 as a bridge‑slave
nmcli con add type bridge-slave con-name br0-eth1 ifname eth1 master br0

Bring the bridge up or down

nmcli con up br0
nmcli con down br0

Delete the bridge nmcli con delete br0 Enable STP

nmcli con modify br0 bridge.stp yes

3. Using ip command

The ip suite (from iproute2) can also manage bridges, but changes are temporary unless added to startup scripts.

Create a bridge ip link add name br0 type bridge Add a member interface ip link set dev eth1 master br0 Bring the bridge up or down

# Up
ip link set dev br0 up
# Down
ip link set dev br0 down

Delete the bridge ip link delete dev br0 type bridge Remove a member interface ip link set dev eth1 nomaster Show bridge configuration ip link show type bridge Enable STP via ip

sudo ip link set br0 type bridge stp_state 1

Bridge IP Configuration

When a bridge is created, member interfaces lose their IP addresses. Assign an IP address to the bridge itself so it can participate in network communication and routing.

# Assign IP to br0
ip addr add 192.168.1.10/24 dev br0
# Set default route
ip route add default via 192.168.1.1 dev br0

Bridge Configuration Files

CentOS 7

Ensure the bridge kernel module is loaded and set to load persistently.

# Verify module
lsmod | grep bridge
# Load if missing
modprobe bridge
# Persist module loading (e.g., add to /etc/modules)

Create /etc/sysconfig/network-scripts/ifcfg-br0:

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=static
IPADDR=10.0.0.20
NETMASK=255.255.255.0
GATEWAY=10.0.0.2
DNS1=180.76.76.76
DNS2=223.6.6.6
STP=on

Modify the physical NIC files ( ifcfg-eth0, ifcfg-eth1) to reference the bridge:

TYPE="Ethernet"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
BRIDGE=br0

Restart NetworkManager:

systemctl restart NetworkManager

Ubuntu 16.04

Load the bridge module and install bridge-utils if not present.

sudo modprobe bridge
sudo apt install bridge-utils

Edit /etc/network/interfaces:

auto lo
iface lo inet loopback

auto br0
iface br0 inet static
    address 192.168.14.108
    netmask 255.255.248.0
    gateway 192.168.12.1
    dns-nameserver 180.76.76.76
    bridge_ports ens33 ens37
    bridge_stp on

auto ens33
iface ens33 inet manual
    up ip link set $IFACE up
    down ip link set $IFACE down

auto ens37
iface ens37 inet manual
    up ip link set $IFACE up
    down ip link set $IFACE down

Apply changes:

sudo systemctl restart networking

Ubuntu 20.04 (netplan)

Ensure the bridge module is loaded.

# Verify
lsmod | grep bridge
# Load if missing
sudo modprobe bridge

Create a netplan configuration (e.g., /etc/netplan/01‑bridge.yaml):

network:
  version: 2
  renderer: networkd
  ethernets:
    ens33:
      dhcp4: no
    ens34:
      dhcp4: no
  bridges:
    br0:
      interfaces: [ens33, ens34]
      dhcp4: yes
      parameters:
        stp: true
        forward-delay: 4

Apply the configuration:

sudo netplan apply

STP (Spanning Tree Protocol) Overview

STP prevents Layer‑2 loops by placing ports in a series of states. When a bridge is created and STP is enabled, each member port initially enters the blocking state, then transitions through listening (monitoring for BPDUs) and learning (building the MAC address table) before reaching the forwarding state. Enabling STP on bridges that connect to the same physical switch avoids broadcast storms and network instability.