Bridging

What is a bridge?

A bridge acts just like a having an ethernet switch connected across two ethernet cards (NIC). Packets can flow in any direction as needed, intelligently, based on what MAC addresses are present on each network. What that means is that packets will only be echoed (or bridged across) to the other interface when that destination MAC address is on network (this is the same functionality provided by an ethernet switch, rather than an ethernet hub). An exception is made when a destination MAC is used that is unknown, or it is a broadcast address, in which case the packet is echoed on every interface.

Why construct a bridge?

Usually the reason for creating a bridge between two ethernet networks is because they are separate types of networks, like one being a wireless interface. This allows someone connected to the wireless to be virtually connected to the same network as wired users. All WiFi Access Points (AP’s) have this bridge function built-in (WiFi routers also use an internal bridge between the LAN ethernet ports and the WiFi network).

It can also be handy to use two ethernet cards in one computer as bridge where you need an extra connection but don’t want to buy a switch just to accomplish that. An extra 100bt ethernet card at $10 is cheaper than buying a $30 5-port switch, and runs off the computer instead of having an extra wall-bug for power. Of course, you have to keep the computer on all the time.

Another reason is to make it easier to sniff (view with packet decoder tool) all the packets going to a device you’re trying to test or diagnose.

Finally, you can also manage the priority and thus QOS (Quality Of Service) of the connection between the interfaces. This is very useful for VoIP.

One issue with using a bridge though, is that both ethernet cards are put into “promiscuous” mode, meaning that all traffic on either network interface is received and processed by the linux kernel (not just packets meant for you as would otherwise happen). This can put an extra load on the machine, and slow down other programs you may be running on it. However, with a modern machine (basically anything 1ghz or more) or with lesser than the full 100mbit bandwidth such as when web browsing through a DSL modem, the extra CPU load to operate the bridge will hardly be noticed, even while playing Tux Racer. And since bridging runs in the kernel, your applications shouldn’t slow down the packets.

How to configure a bridge in network-scripts

The first step is to make sure that you have the brctl utility installed (before you start making changes to the network and loose your internet connection). This can be done through any package manager method to insure that bridge-utils is installed, or by using the command yum install bridge-utils.

The next step is to identify which two ethernet interfaces you want to bridge. I’m assuming here that you already have linux installed along with whatever ethernet interfaces you want to use. In these examples, I will assume you are using eth0 and eth1, although any other device you can use ifconfig on will work. I also presume that you know how to cd to directories and edit text files (like with vi) from a shell prompt in linux. If not, go get a book on linux and learn that first.

So in the /etc/sysconfig/network-scripts directory, you should see among other files the ifcfg-eth0 and ifcfg-eth1 files (again substitute your device for the eth# in these examples). Edit these and make sure to remove any lines specifying IPADDR, NETMASK, GATEWAY, or BOOTPROTO values. These are not needed for a bridge, since a separate bridged device is created later to have an IP address. For each of these files, make sure to change or addONBOOT=yes, and add a line BRIDGE=br0 to specify the bridge device. You can substitute something other name for br0, but make sure it’s the same for all devices. If you want a third or more device in your bridge, edit those icfg-eth# files the same way.

Your ifcfg-eth0 and eth1 files should now look like this (your HWADDR value will be different, don’t change it):

Then create a file ifcfg-br0 for the bridge device br0. There are two examples shown below, one for static IP address, and one for DHCP assigned IP address (use only one). If you choose the static option, put in your own values for the IP addresses, and make sure that you have put the correct DNS servers in the /etc/resolv.conf file (DHCP does this for you).

Once these files have been properly configured, you can reboot the computer, or, issue a service network restart command on the shell console to cause the network to be reconfigured using the new settings. To insure that the bridge has been properly configured, use the command brctl show to see what bridges exist and what interfaces are attached to them. If your bridge didn’t get configured at all, and brctl command gives you an error that it’s not found, you need to install the bridge utility package by using the command yum install bridge-utils and then restart the network again.