Ever wanted to setup your desktop computer as a network bridge? A bridge differs from a router in that it only looks at layer 2 traffic (MAC addresses) whereas a router inspects at layer 3 of the OSI model (IP addresses). An interesting advantage of running a bridge on your Linux machine is that you can configure it as a transparent bridge with firewall filtering, you could even run something like SNORT, an intrusion detection system for monitoring traffic on the wire. But these are discussions for another day. I would like to cover the functionality of the brctl command in Linux.
The brctl command allows the user to interface with the kernel to actually configure the bridge. The brctl binary is from the bridge-utils package that can be found in the Debian or Ubuntu repositories. To utilize the brctl function you must be running as root or under sudo privileges. The set of commands that brctl provides is as follows:
# brctl
Usage: brctl [commands]
commands:
addbr <bridge> add bridge
delbr <bridge> delete bridge
addif <bridge> <device> add interface to bridge
delif <bridge> <device> delete interface from bridge
setageing <bridge> <time> set ageing time
setbridgeprio <bridge> <prio> set bridge priority
setfd <bridge> <time> set bridge forward delay
sethello <bridge> <time> set hello time
setmaxage <bridge> <time> set max message age
setpathcost <bridge> <port> <cost> set path cost
setportprio <bridge> <port> <prio> set port priority
show show a list of bridges
showmacs <bridge> show a list of mac addrs
showstp <bridge> show bridge stp info
stp <bridge> {on|off} turn stp on/off
Display All Bridge Interfaces
To see all current bridge interfaces, execute the command:
# brctl show
bridge name bridge id STP enabled interfaces
As you can see, I currently have no bridge interfaces noted by just column output. So lets add a bridge interface.
Create A Bridge
To create a bridge interface simply run the command:
# brctl addbr br0
Most people create their initial bridge as ‘br0′, you will see that on most OpenWRT or DD-WRT routers. Now if we output our interfaces using ifconfig we can see our interface. I will also bring the interface up.
# ifconfig br0 up
# ifconfig br0
br0 Link encap:Ethernet HWaddr 26:bc:c7:e4:68:20
inet6 addr: fe80::24bc:c7ff:fee4:6820/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:2 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:168 (168.0 B)
Our bridge is just like any other interface, it can even have an IP address assigned to it if you wanted (using ifconfig). Lets display our current bridges now:
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
You will notice that we do not have STP enabled. STP is the spanning tree protocol that is used to avoid bridging loops. We can enable STP using a brctl command I will outline later. As you can also see here, our bridge has no interfaces in it. Lets add an interface.
Add Interfaces To A Bridge
To add an interface to your bridge is simple:
# brctl addif br0 eth0
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.001a921ddc9b no eth0
Notice how the bridge id changed once I added the interface. The bridge will also take on the MAC address of the first interface added to your bridge.
To make it a true bridge, we should probably have two interfaces within that bridge, executing the same command:
# brctl addif br0 eth1
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.001a921ddc9b no eth0
eth1
To remove interfaces from the bridge we utilize the delif flag of the brctl command.
Remove Interface From A Bridge
To remove eth1 from our bridge we can enter the command:
# brctl delif br0 eth1
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.001a921ddc9b no eth0
Those are the basic features of creating, adding, removing a bridge and its interfaces. There are a few more commands I would like to outline, including STP.
Turning STP On For Your Bridge
To configure your bridge to participate in a spanning tree, you can enter the command:
# brctl stp br0 on
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.001a921ddc9b yes eth0
Display Learned MAC Address On Your Bridge
For the bridge to properly send traffic out the correct interface it keeps a table of all MAC addresses that it has seen and the interface it arrived on. To display this enter the command:
# brctl showmacs br0
port no mac addr is local? ageing timer
2 00:01:29:d4:bd:59 no 139.95
1 00:0c:29:2b:3e:77 no 19.50
1 00:ab:76:ba:d0:22 yes 0.00
2 00:ce:d6:aa:de:fa yes 0.00
Notice there is an ageing timer. This is the amount of time (in seconds) since this mac address has been seen on the bridge. A ‘garbage’ collector will check every interval if the age is passed the acceptable limit and remove it from the table.
From the brctl manual page:
brctl setageingtime <brname> <time> sets the ethernet (MAC) address ageing time, in seconds. After seconds of not having seen a frame coming from a certain address, the bridge will time out (delete) that address from the Forwarding DataBase (fdb).
brctl setgcint <brname> <time> sets the garbage collection interval for the bridge to seconds. This means that the bridge will check the forwarding database for timed out entries every seconds.
The areas I have covered include the most used features of the brctl command. There are however, other features as shown by my first output of the brctl command. Refer to the manual page for more information (man brctl).