HOWTO Configure a network bridge

HOWTO Configure a network bridge

From Consultancy.EdVoncken.NET

Jump to: navigation, search

Contents

Network bridging (Wikipedia)
A network bridge connects multiple network segments at the data link layer (Layer 2) of the OSI model. In Ethernet networks, the term bridge formally means a device that behaves according to the IEEE 802.1D standard. A bridge and switch are very much alike; a switch being a bridge with numerous ports. Switch or Layer 2 switch is often used interchangeably with bridge.

Linux allows you to define a "software bridge" that acts more or less like a network switch. So, why use a bridge? Some scenarios where I have used a network bridge:

  • Bridging firewall: a Layer 2 firewall which does not have an IP-address. This makes it more difficult for intruders to "see" the firewall.
  • Virtualization: virtual machines (guests) that need full access to the network. The default network is often a NAT connection. With a bridge, your VM guest shares the physical connection with the VM host.

Configuring the bridge on RHEL

Typically, you will move the IP-address from the physical interface (eth0) to the network bridge. The bridge is just another network interface to the Linux kernel.

Install the necessary software: 

 yum install bridge-utils

You could now use brctl on the commandline to create, modify or delete a network bridge: 

 brctl addbr br0
 brctl stp br0 on
 brctl addif br0 eth0
 brctl delif br0 eth0
 brctl delbr br0

It is better to modify the appropriate configuration files to ensure that your network configuration survives a reboot.

  1. Modify /etc/sysconfig/network-scripts/ifcfg-eth0
  2. Create /etc/sysconfig/network-scripts/ifcfg-br0

Modify /etc/sysconfig/network-scripts/ifcfg-eth0

Before: 

 DEVICE=eth0
 HWADDR=00:04:23:C0:FF:EE
 ONBOOT=yes
 BOOTPROTO=static
 IPADDR=192.168.11.22
 NETMASK=255.255.255.0

After: 

 DEVICE=eth0
 HWADDR=00:04:23:C0:FF:EE
 ONBOOT=yes
 BRIDGE=br0

Create /etc/sysconfig/network-scripts/ifcfg-br0 

 DEVICE=br0
 TYPE=Bridge
 BOOTPROTO=static
 IPADDR=192.168.11.22
 NETMASK=255.255.255.0
 STP=on
 DELAY=0

Verify the results

Apply the changes: 

 service network restart

Check the network interfaces: 

 # ifconfig
 br0       Link encap:Ethernet  HWaddr 00:04:23:C0:FF:EE
           inet addr:192.168.11.22  Bcast:192.168.11.255  Mask:255.255.255.0
           inet6 addr: fe80::204:23ff:fec0:ffee/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:5511 errors:0 dropped:0 overruns:0 frame:0
           TX packets:2884 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:0 
           RX bytes:1735754 (1.6 MiB)  TX bytes:703564 (687.0 KiB)

 eth0      Link encap:Ethernet  HWaddr 00:04:23:C0:FF:EE
           inet6 addr: fe80::204:23ff:fec0:cffee/64 Scope:Link
           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
           RX packets:479541 errors:0 dropped:0 overruns:0 frame:0
           TX packets:470608 errors:0 dropped:0 overruns:0 carrier:0
           collisions:0 txqueuelen:100 
           RX bytes:380235120 (362.6 MiB)  TX bytes:456695994 (435.5 MiB)

Verify the routing table: 

 # route -n
 Kernel IP routing table
 Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
 192.168.11.0    0.0.0.0         255.255.255.0   U     0      0        0 br0
 0.0.0.0         192.168.11.254  0.0.0.0         UG    0      0        0 br0
Retrieved from "http://consultancy.edvoncken.net/index.php/HOWTO_Configure_a_network_bridge"