Linux Bridge

Introduction to Linux interfaces for virtual networking

Usage: ip link add [link DEV] [ name ] NAME
                   [ txqueuelen PACKETS ]
                   [ address LLADDR ]
                   [ broadcast LLADDR ]
                   [ mtu MTU ] [index IDX ]
                   [ numtxqueues QUEUE_COUNT ]
                   [ numrxqueues QUEUE_COUNT ]
                   type TYPE [ ARGS ]

       ip link delete { DEVICE | dev DEVICE | group DEVGROUP } type TYPE [ ARGS ]

       ip link set { DEVICE | dev DEVICE | group DEVGROUP }
                   [ { up | down } ]
                   [ type TYPE ARGS ]
                   [ arp { on | off } ]
                   [ dynamic { on | off } ]
                   [ multicast { on | off } ]
                   [ allmulticast { on | off } ]
                   [ promisc { on | off } ]
                   [ trailers { on | off } ]
                   [ carrier { on | off } ]
                   [ txqueuelen PACKETS ]
                   [ name NEWNAME ]
                   [ address LLADDR ]
                   [ broadcast LLADDR ]
                   [ mtu MTU ]
                   [ netns { PID | NAME } ]
                   [ link-netnsid ID ]
     [ alias NAME ]
                   [ vf NUM [ mac LLADDR ]
       [ vlan VLANID [ qos VLAN-QOS ] [ proto VLAN-PROTO ] ]
       [ rate TXRATE ]
       [ max_tx_rate TXRATE ]
       [ min_tx_rate TXRATE ]
       [ spoofchk { on | off} ]
       [ query_rss { on | off} ]
       [ state { auto | enable | disable} ] ]
       [ trust { on | off} ] ]
       [ node_guid { eui64 } ]
       [ port_guid { eui64 } ]
     [ xdp { off |
      object FILE [ section NAME ] [ verbose ] |
      pinned FILE } ]
     [ master DEVICE ][ vrf NAME ]
     [ nomaster ]
     [ addrgenmode { eui64 | none | stable_secret | random } ]
                   [ protodown { on | off } ]

       ip link show [ DEVICE | group GROUP ] [up] [master DEV] [vrf NAME] [type TYPE]

       ip link xstats type TYPE [ ARGS ]

       ip link afstats [ dev DEVICE ]

       ip link help [ TYPE ]

TYPE := { vlan | veth | vcan | vxcan | dummy | ifb | macvlan | macvtap |
          bridge | bond | team | ipoib | ip6tnl | ipip | sit | vxlan |
          gre | gretap | erspan | ip6gre | ip6gretap | ip6erspan |
          vti | nlmon | team_slave | bond_slave | ipvlan | geneve |
          bridge_slave | vrf | macsec }

Bridge

Bridge also supports STP, VLAN filter, and multicast snooping.


To create a bridge as the above shown:

# ip link add br0 type bridge
# ip link set eth0 master br0
# ip link set tap1 master br0
# ip link set tap2 master br0
# ip link set veth1 master br0

This creates a bridge device named br0 and sets the following devices as its slaves :
two TAP devices (tap1, tap2), a VETH device (veth1), and a physical device (eth0).

Bonded interface

The Linux bonding driver provides a method for aggregating multiple network interfaces into a single logical “bonded” interface.
The behavior of the bonded interface depends on the mode; generally speaking, modes provide either hot standby or load balancing services.
Use a bonded interface when you want to increase your link speed or do a failover on your server.


To create a bonded interface as the above shown:

ip link add bond1 type bond miimon 100 mode active-backup
ip link set eth0 master bond1
ip link set eth1 master bond1

This creates a bonded interface named bond1 with mode active-backup.

Querying Bonding Configuration

Each bonding device has a read-only file residing in the /proc/net/bonding directory.
The file contents include information about the bonding configuration, options and state of each slave.
The precise format and contents will change depending upon the bonding configuration, state, and version of the bonding driver.

$ cat /proc/net/bonding

Configuring Bonding for High Availability

High Availability refers to configurations that provide maximum network availability by having redundant or backup networking devices between the host and the rest of the world.

Wireless bonding

Here is an example of using the kernel bonding driver to maximize availability, by allowing network connections to "failover" between a primary network device and any number of secondary devices.
This approach provides Automatic Wired and Wireless Network Configuration with Removable Device Support, using only

• the kernel bonding module in "active-backup" mode,
DHCP client on a virtual "bond0" interface
• the sysfs
• the iproute2 commands
• systemd "template" Unit files, without using systemd-networkd.

The basic idea is to have two "always active" wired and wireless interfaces, then "bond" or "enslave" them to a virtual bonding interface "master", and then let the kernel bonding module handle switching between the interfaces.

Team device

Similar a bonded interface, but, there are also some functional differences between a bonded interface and a team.
Use a team when you want to use some features that bonding doesn’t provide.

VLAN

The IEEE 802.1Q standard defines a system of VLAN tagging for Ethernet frames and the accompanying procedures to be used by bridges and switches in handling such frames.
802.1Q adds a 32-bit field between the source MAC address and the EtherType fields of the original frame.

Two bytes are used for the tag protocol identifier (TPID), the other two bytes for tag control information (TCI).

• Tag protocol identifier (TPID)
A 16-bit field set to a value of 0x8100 in order to identify the frame as an IEEE 802.1Q-tagged frame. This field is located at the same position as the EtherType field in untagged frames, and is thus used to distinguish the frame from untagged frames.
• Tag control information (TCI)
A 16-bit field containing the following sub-fields:
• Priority code point (PCP)
A 3-bit field which refers to the IEEE 802.1p class of service and maps to the frame priority level. Different PCP values can be used to prioritize different classes of traffic.[5]
• Drop eligible indicator (DEI)
A 1-bit field. (formerly CFI[b]) May be used separately or in conjunction with PCP to indicate frames eligible to be dropped in the presence of congestion.[7]
• VLAN identifier (VID)
A 12-bit field specifying the VLAN to which the frame belongs. The hexadecimal values of 0x000 and 0xFFF are reserved. All other values may be used as VLAN identifiers, allowing up to 4,094 VLANs. The reserved value 0x000 indicates that the frame does not carry a VLAN ID; in this case, the 802.1Q tag specifies only a priority (in PCP and DEI fields) and is referred to as a priority tag. On bridges, VID 0x001 (the default VLAN ID) is often reserved for a network management VLAN; this is vendor-specific. The VID value 0xFFF is reserved for implementation use; it must not be configured or transmitted. 0xFFF can be used to indicate a wildcard match in management operations or filtering database entries.

To create a VLAN as the above shown:

# ip link add link eth0 name eth0.2 type vlan id 2
# ip link add link eth0 name eth0.3 type vlan id 3

This adds VLAN 2 with name eth0.2 and VLAN 3 with name eth0.3.