Bridge Interfaces

From VyOS Wiki
Jump to: navigation, search

Bridging allows you to create a software switch that connects two ports at Layer 2 of the OSI model. A bridge consists of two or more ports that are members of a bridge group. This document was created on VyOS 1.2.0.

Bridge Interface Names

Bridge interfaces are named with br in front of a number, for example, br0 would be bridge interface zero. Bridge interfaces can be called a bridge interface or a bridge group interchangeably.

Creating a Bridge

Creating a bridge interface is very simple. For this example, let's create a bridge between two physical interfaces on a VyOS router. More example use cases will be given below. This example uses eth0 and eth1.

set interfaces bridge br0 
set interfaces ethernet eth0 bridge-group bridge br0 
set interfaces ethernet eth1 bridge-group bridge br0 

Spanning Tree

The Spanning Tree Protocol (STP) is supported on bridge interfaces, and is disabled by default. For our example, STP can be enabled by issuing set interfaces bridge br0 stp true. STP can be tweaked per bridge as well. Let's change some of the default values:

NOTE: These are not changes you should make unless you know the impact they can have on your network! The values below are purely for demonstration, and will be different for many networks. If you don't know what these are for, don't touch them!

set interfaces bridge br0 priority 4096 
set interfaces bridge br0 forwarding-delay 5 
set interfaces bridge br0 hello-time 1 
set interfaces bridge br0 max-age 10 

You can also tweak spanning tree settings on the physical interfaces that are members of the bridge group:

set interfaces ethernet eth0 bridge-group cost 1 
set interfaces ethernet eth0 bridge-group priority 0 

Show Commands

Bridge interfaces show just like any other interface when running show interfaces:

vyos@vyos:~$ show interfaces 
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------
br0              -                                 u/u  BridgeExample 
eth0             -                                 u/u  
eth1             -                                 u/u  
eth2             -                                 u/u  
eth3             10.0.2.2/24                       u/u  
lo               127.0.0.1/8                       u/u  
                 ::1/128

Since bridge interfaces are essentially a software switch, showing the MAC addresses learned on the bridge is possible. For the example above, we can issue show bridge br0 macs and get this output:

vyos@vyos:~$ show bridge br0 macs 
port no mac addr                is local?       ageing timer
  2     08:00:27:a6:56:5a       yes                0.00
  2     08:00:27:a6:56:5a       yes                0.00
  1     08:00:27:ae:5b:d5       yes                0.00
  1     08:00:27:ae:5b:d5       yes                0.00

Bridge groups even support the Spanning Tree Protocol (STP), which can be viewed by issuing show bridge br0 spanning-tree. In our example we get this output:

vyos@vyos:~$ show bridge br0 spanning-tree 
br0
 bridge id              1000.080027a6565a
 designated root        1000.080027a6565a
 root port                 0                    path cost                  0
 max age                  10.00                 bridge max age            10.00
 hello time                1.00                 bridge hello time          1.00
 forward delay             5.00                 bridge forward delay       5.00
 ageing time             300.00
 hello timer               0.78                 tcn timer                  0.00
 topology change timer     0.00                 gc timer                  72.02
 flags                  
   
eth0 (1)
 port id                8001                    state                forwarding
 designated root        1000.080027a6565a       path cost                100
 designated bridge      1000.080027a6565a       message age timer          0.00
 designated port        8001                    forward delay timer        0.00
 designated cost           0                    hold timer                 0.78
 flags                  
   
eth1 (2)
 port id                8002                    state                forwarding
 designated root        1000.080027a6565a       path cost                100
 designated bridge      1000.080027a6565a       message age timer          0.00
 designated port        8002                    forward delay timer        0.00
 designated cost           0                    hold timer                 0.78
 flags                  

Example Use Cases

Below is a collection of use cases for Bridges. This is by no means exhaustive, but is just some of the handy ways I have used bridges in the past.

Layer 2 GRE Bridge

This is very useful when you have that one annoying piece of equipment that requires broadcast communication, but you need to operate it across one or more Layer 3 boundaries.

NOTE: This isn't encrypted in any way shape or form, so this should only be used across links that you have control over. If you need to do this over a network out of your control, such as the Internet, you should use IPSec, similar to what is outlined here on the GRE and IPSec tutorial page.

To perform this simple GRE bridge, you will need two routers, one for each segment that needs Layer 2 connectivity. Here is an example config:

set interfaces bridge br1 
set interfaces ethernet eth3 bridge‐group bridge br1 
set interfaces tunnel tun0 local‐ip <SourceIP to use for tunnel> 
set interfaces tunnel tun0 remote‐ip <DestinationIP to use for tunnel endpoint> 
set interfaces tunnel tun0 encapsulation gre‐bridge 
set interfaces tunnel tun0 bridge‐group bridge br1 

After you have this router setup, you just need to do the same thing on the other router, and voila, you will have the ability to broadcast over Layer 3 Segments!

Adding VLANs to a Bridge

If you don't have a switch, or want to use your VyOS router as a root switch, you may want to trunk the same VLANs over multiple ports. Bridges are helpful in this case. Here is an example config:

set interfaces bridge br2 
set interfaces ethernet eth2 vif 2 bridge-group bridge br2 
set interfaces ethernet eth2 vif 2 address 192.0.2.1/24 

If you don't want to bother with VLANs, you can simply add an address to the bridge interface just like any other interface:

set interfaces bridge br2 address 192.0.2.1/24