Mastering Linux Bridge Management: Concepts, Commands, and Configuration
This guide explains the fundamentals of Linux bridges, their role in linking network interfaces, and provides step‑by‑step instructions for creating, configuring, and managing bridges using brctl, NetworkManager (nmcli), and iproute2 commands across various distributions.
Linux Bridge Overview
Concept
A Linux bridge is a logical network device that links two or more interfaces (e.g., eth0, eth1, vnet0) so they behave as a single interface at the data‑link layer.
It is commonly used in virtualization to connect host NICs with guest NICs, effectively acting as a virtual switch.
How a Bridge Works
When a bridge (e.g., br0) is created, it has no physical hardware. Adding physical or virtual interfaces as members makes all layer‑2 traffic pass through the bridge device instead of the individual interfaces. The bridge forwards frames based on MAC addresses, and the member interfaces typically do not have IP addresses of their own.
Virtual NICs (e.g., vnetX) are kernel‑level logical interfaces without corresponding physical hardware.
Data Flow and IP Assignment
After adding an interface to a bridge, all layer‑2 traffic is handled by the bridge, which acts like a virtual switch.
The bridge interface receives the IP configuration; member interfaces usually have their IPs cleared.
The physical NIC provides the physical link to the external network, while the bridge ensures communication among its members.
Bridge Management Tools
1. brctl (bridge‑utils)
Although brctl is superseded by ip, it remains useful on many systems.
# Create a bridge (temporary, lost after reboot)
sudo brctl addbr br0
# Add member interfaces (e.g., ens33 and ens37)
brctl addif br0 ens33
brctl addif br0 ens37
# Bring the bridge up
ifconfig br0 up # or ip link set br0 up
# Delete the bridge
brctl delbr br0
# Remove a member interface
brctl delif br0 <em>device_name</em>
# Enable STP
brctl stp br0 on2. NetworkManager ( nmcli )
Configurations created with nmcli are stored in /etc/NetworkManager/system-connections/ and survive reboots.
# Create a bridge
nmcli con add type bridge con-name br0 ifname br0
# Add a physical NIC as a bridge‑slave
nmcli con add type bridge-slave con-name br0-eth1 ifname eth1 master br0
# Bring the bridge up or down
nmcli con up br0
nmcli con down br0
# Delete the bridge
nmcli con delete br0
# Show bridge connections
nmcli con show | grep bridge
# Enable STP
nmcli con modify br0 bridge.stp yes3. ip (iproute2)
Commands are transient; persist them via startup scripts or network configuration files.
# Create a bridge
ip link add name br0 type bridge
# Add a member interface
ip link set dev eth1 master br0
# Bring the bridge up or down
ip link set dev br0 up # down
# Delete the bridge
ip link delete dev br0 type bridge
# Remove a member interface
ip link set dev eth1 nomaster
# Show bridge details
ip link show type bridge
# Enable STP
sudo ip link set br0 type bridge stp_state 1Bridge IP Configuration
After bridging, assign an IP address to the bridge interface itself.
# Assign IP to the bridge
ip addr add 192.168.1.10/24 dev br0
# Set default route
ip route add default via 192.168.1.1 dev br0Persistent Configuration Files
CentOS 7
Ensure the bridge kernel module is loaded.
lsmod | grep bridge # if missing
modprobe bridgeCreate /etc/sysconfig/network-scripts/ifcfg-br0:
DEVICE=br0
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=static
IPADDR=10.0.0.20
NETMASK=255.255.255.0
GATEWAY=10.0.0.2
DNS1=180.76.76.76
DNS2=223.6.6.6
STP=onConfigure member NICs (e.g., eth0, eth1) to use the bridge:
TYPE="Ethernet"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
BRIDGE=br0Restart NetworkManager to apply changes:
systemctl restart NetworkManagerUbuntu 16.04 (ifupdown)
Load the bridge module and install bridge-utils if needed.
sudo modprobe bridge
sudo apt install bridge-utilsEdit /etc/network/interfaces:
auto lo
iface lo inet loopback
auto br0
iface br0 inet static
address 192.168.14.108
netmask 255.255.248.0
gateway 192.168.12.1
dns-nameserver 180.76.76.76
bridge_ports ens33 ens37
bridge_stp on
auto ens33
iface ens33 inet manual
up ip link set $IFACE up
down ip link set $IFACE down
auto ens37
iface ens37 inet manual
up ip link set $IFACE up
down ip link set $IFACE downApply the configuration:
sudo systemctl restart networkingUbuntu 20.04 (netplan)
Edit /etc/netplan/01-bridge.yaml:
network:
version: 2
renderer: networkd
ethernets:
ens33:
dhcp4: no
ens34:
dhcp4: no
bridges:
br0:
interfaces: [ens33, ens34]
dhcp4: yes
parameters:
stp: true
forward-delay: 4Apply the netplan configuration:
sudo netplan applySpanning Tree Protocol (STP)
STP prevents layer‑2 loops by placing ports into a sequence of states before forwarding traffic.
Listening : The port listens for BPDUs for 15 seconds (half of the forward‑delay).
Learning : The port learns MAC addresses for another 15 seconds but does not forward frames.
Forwarding : After the two timers expire, the port begins forwarding frames.
Enabling STP on a bridge ensures that ports connected to the same physical switch do not create broadcast storms.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Raymond Ops
Linux ops automation, cloud-native, Kubernetes, SRE, DevOps, Python, Golang and related tech discussions.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.