bridging

A network bridge forwards traffic between networks based on their MAC addresses. It does that by keeping track of what MACs are associated to what IPs thereby learning what hosts reside on each network. Bridges are not as widely used as they once were, having been pushed aside by switches. What are the differences between a bridge and a switch?

• Most bridges in use nowadays are software based and hosted in some box running UNIX (mostly Linux?). There are hardware bridges but they are outnumbered by software ones. Most switches are still physical network devices custom-made to do packet processing and running on ASICs (Application Specific Integrated Circuits). That however might change overtime as software defined networks (SDNs) become more common...

• Most bridges have a few ports available (at least 2 and sometimes a few more). Switches (especially those meant for data center) usually come with many ports (24/48) plus uplinks or trunking ports of higher bandwidth.

• Switches generally are generally capable of full-duplex communication in all their ports. So the aggregate bandwidth of a switch is an order of magnitude higher than that of a typical software bridge.

• Bridges perform the packet forwarding based on MAC addresses and are thus protocol agnostic. Anything goes for them.

Now, the differences above are arguable as some people refer to switches as multi-port bridges. So take them with a pinch of salt.

Today, network bridges are very common in virtual environments where VM guests reside on separate networks from their hosts. Let's say that a host is in a 10.20.30.0 network and the VM guests do sit in a virtual network 192.168.122.0/24. For the guests to be able to communicate with the host, with other IPs in the 10.20.30.0/24 range or with external networks, a bridge needs to be created in the host (usually with an IP of 192.168.122.1) to glue both networks together.

Let's see how we can create such a bridge with the ifcfg configuration files and the command line. As with bonding and teaming, we shall skip the other 3 possible methods (nmtui, nmcli and Network Manager GUI).

First we setup the file of the NIC we will use for the bridge:

# cd /etc/sysconfig/network-scripts
# cat ifcfg-eno1
NAME=eno1
DEVICE=eno1
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
BRIDGE=br0

A simple file like the one above will do. The NAME is optional but recommended. And the TYPE has been added for clarity but it defaults to "Ethernet" so we could do without it. Other than that, we could add 4 other optional parameters: HWADDR, UUID, USERCTL and NM_CONTROLLED (see network configuration basics for more details on those).

Now we setup the file for the bridge itself:

# cat ifcfg-br0
NAME=br0
DEVICE=br0
IPADDR=192.168.122.1
PREFIX=24
BOOTPROTO=none
ONBOOT=yes
DELAY=0
TYPE=bridge

We see that the file for the bridge does not differ that much from that of a NIC with a static IP, save for the last 2 parameters. The DELAY has been set to 0 to prevent the bridge from sitting for a number of seconds getting to know where the hosts sit and building the MAC address table.

Now we can just bring the bridge up and we are ready to roll:

# ifup eno1
# ifup br0

If we want to add redundancy to the bridge and use 2 bonded NICs as slaves then we should create the 2 ifcfg files for the NICs...

# cat /etc/sysconfig/network-scripts/ifcfg-ens1
NAME=bond0-slave
DEVICE=ens1
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
.
# cat /etc/sysconfig/network-scripts/ifcfg-ens2
NAME=bond0-slave
DEVICE=ens2
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes

... then create the one for the bond ...

# cat /etc/sysconfig/network-scripts/ifcfg-bond0
NAME=bond0
DEVICE=bond0

TYPE=Bond
BONDING_MASTER=yes
ONBOOT=yes
BOOTPROTO=none
BONDING_OPTS="miimon=100 mode=balance-rr"
BRIDGE=brbond0

If we compare the file above with the same one in the bonding section we shall see that we have stripped out any IPs, netmasks, routes, dns, etc and added the BRIDGE parameter at the end pointing to the bridge file just below:

# cat /etc/sysconfig/network-scripts/ifcfg-brbond0
NAME=brbond0
DEVICE=brbond0
ONBOOT=yes
BOOTPROTO=none
TYPE=bridge
IPADDR=192.168.122.1
PREFIX=24

We are ready to bring everything up either with the ifup / ifdown commands or in one go with:

# systemctl restart network

<< teaming                 VLANs >>