Create Linux Bridge on VLAN Interface in Debian 11/10

By Posted on 242 views

How can I create a Linux Bridge on Debian 10 / Debian 11 Linux system?. How can one create a Linux bridge on top of a VLAN interface in Debian / Ubuntu system?. Our recent article covered the creation of a VLAN interface on a Debian System. As a continuation, we show you how a Linux bridge can be created on top of a VLAN interface.

For those new to Linux networking, a Linux bridge behaves like a typical network switch. It forwards packets between interfaces connected to it. The most common use case is forwarding packets between Virtual Machines in a Virtualized Infrastructure. A Linux bridge also supports STP, VLAN filter, and multicast snooping.

Create Linux Bridge on Debian 10 | Debian 11

Before you can create bridge interfaces on Debian Linux you must install bridge-utils package:

sudo apt update
sudo apt install bridge-utils -y

To check active interfaces on your server run the command:

$ ip -f inet a s
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
6: [email protected]:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 172.20.20.10/28 brd 172.20.20.15 scope global eno1.100
       valid_lft forever preferred_lft forever
7: [email protected]:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 172.20.25.10/24 brd 172.20.25.255 scope global eno1.503
       valid_lft forever preferred_lft forever

Basic Example: Creating a Linux Bridge without VLAN

if you want to create a Linux bridge br1 on eno1 interface without any VLANs you’ll have settings like below.

$ sudo vim  /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
 
source /etc/network/interfaces.d/*
 
# The loopback network interface
auto lo
iface lo inet loopback

#Bridge br1 network configurations
auto br1
iface br1 inet static
	address 172.20.25.10
	broadcast 172.20.25.255
	netmask 255.255.255.0
	gateway 172.20.25.1
	bridge_ports eno1
	bridge_stp off       # disable Spanning Tree Protocol
        bridge_waitport 0    # no delay before a port becomes available
        bridge_fd 0          # no forwarding delay

When using DHCP configurations will be modified to:

auto br1
 
# Bridge setup using DHCP
 iface br1 inet dhcp
    bridge_ports eno1

Then restart the network-manager service:

sudo systemctl restart network-manager

Check service status:

systemctl status network-manager

Confirm IP settings:

$ ip a s
$ ip r

Advanced Example: Creating Linux bridge on VLAN interface

Make sure the vlan package is installed on the system:

sudo apt install vlan

If the host is a hypervisor consider adding below sysctl configurations:

echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.arp_filter=0" | sudo tee -a /etc/sysctl.conf
echo "net.ipv4.conf.all.rp_filter=2" | sudo tee -a /etc/sysctl.conf

Load configurations:

$ sudo sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.rp_filter = 2

Then modify configurations accordingly:

$ sudo vim /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
 
source /etc/network/interfaces.d/*
 
# The loopback network interface
auto lo
iface lo inet loopback

# eno1 interface
auto eno1
iface eno1 inet manual

# VLAN 100
auto eno1.100
iface eno1.100 inet manual

# VLAN 503
auto eno1.503
iface eno1.503 inet manual

# Bridge br0
auto br0
iface br0 inet static
  bridge_ports eno1.100 
  bridge_stp off       # disable Spanning Tree Protocol
  bridge_waitport 0    # no delay before a port becomes available
  bridge_fd 0          # no forwarding delay
  address 172.21.200.2
  netmask 255.255.255.0
  gateway 172.21.200.1
  # dns-* options are implemented by the resolvconf package, if installed
  dns-nameservers 8.8.8.8 8.8.4.4

# Bridge br1
auto br1
iface br1 inet static
  bridge_ports eno1.101 
  bridge_stp off       # disable Spanning Tree Protocol
  bridge_waitport 0    # no delay before a port becomes available
  bridge_fd 0          # no forwarding delay
  address 172.20.20.1
  netmask 255.255.255.0

Reboot the server:

sudo reboot

Check bridges created once the system is rebooted:

$ sudo brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.e0db55fe5b03	no		eno1.100
br1		8000.e0db55fe5b03	no		eno1.503

You can also confirm IP configurations:

$ ip -f inet a s
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
8: br0:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 172.21.200.2/29 brd 172.21.200.255 scope global br0
       valid_lft forever preferred_lft forever
9: br1:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 172.20.20.1/24 brd 172.20.20.255 scope global br1
       valid_lft forever preferred_lft forever

You should now be able to create Virtual Machines on the bridges created. The IP configurations used need to be modified to suit the settings in your environment.

coffee

Related posts:

Gravatar Image
Ben Bennett - https://www.thetodaypost.net
A systems engineer with excellent skills in systems administration, cloud computing, systems deployment, virtualization, containers, and a certified ethical hacker.