Bridge Interfaces

Created by Yuriy Andamasov, Modified on Wed, 26 Apr 2023 at 10:56 AM by Aslan Hajiyev

Bridging allows you to create a software switch that connects two ports at Layer 2 of the OSI model. A bridge consists of two or more ports that are members of a bridge group. This document was created on VyOS 1.2.0.

Bridge Interface Names

Bridge interfaces are named with br in front of a number, for example, br0 would be bridge interface zero. Bridge interfaces can be called a bridge interface or a bridge group interchangeably.

Creating a Bridge

Creating a bridge interface is very simple. For this example, let's create a bridge between two physical interfaces on a VyOS router. More example use cases will be given below. This example uses eth0 and eth1.

vyos@vyos-rtr# set interfaces bridge br0 
vyos@vyos-rtr# set interfaces ethernet eth0 bridge-group bridge br0
vyos@vyos-rtr# set interfaces ethernet eth1 bridge-group bridge br0

Spanning Tree

The Spanning Tree Protocol (STP) is supported on bridge interfaces, and is disabled by default. For our example, STP can be enabled by issuing set interfaces bridge br0 stp true. STP can be tweaked per bridge as well. Lets change some of the default values:

NOTE: These are not changes you should make unless you know the impact they can have on your network! The values below are purely for demonstration, and will be different for many networks. If you don't know what these are for, don't touch them!
vyos@vyos-rtr# set interfaces bridge br0 priority 4096 
vyos@vyos-rtr# set interfaces bridge br0 forwarding-delay 5
vyos@vyos-rtr# set interfaces bridge br0 hello-time 1
vyos@vyos-rtr# set interfaces bridge br0 max-age 10

You can also tweak spanning tree settings on the physical interfaces that are members of the bridge group:


vyos@vyos-rtr# set interfaces etherneteth0 bridge-group cost 1
vyos@vyos-rtr# set interfaces ethernet eth0 bridge-group priority 0

Show Commands

Bridge interfaces show just like any other interface when running show interfaces


vyos@vyos-rtr:~$ show interfaces
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface IP Address S/L Description
--------- ---------- --- -----------
br0 - u/u BridgeExample
eth0 - u/u
eth1 - u/u
eth2 - u/u
eth3 10.0.2.2/24 u/u
lo 127.0.0.1/8 u/u
::1/128

Since bridge interfaces are essentially a software switch, showing the MAC addresses learned on the bridge is possible. For the example above, we can issue show bridge br0 macs and get this output:


vyos@vyos-rtr:~$ show bridge br0 macs
port no mac addr is local? ageing timer
2 08:00:27:a6:56:5a yes 0.00
2 08:00:27:a6:56:5a yes 0.00
1 08:00:27:ae:5b:d5 yes 0.00
1 08:00:27:ae:5b:d5 yes 0.00

Bridge groups even support the Spanning Tree Protocol (STP), which can be viewed by issuing show bridge br0 spanning-tree. In our example we get this output:


vyos@vyos-rtr:~$ show bridge br0 spanning-tree
br0
bridge id 1000.080027a6565a
designated root 1000.080027a6565a
root port 0 path cost 0
max age 10.00 bridge max age 10.00
hello time 1.00 bridge hello time 1.00
forward delay 5.00 bridge forward delay 5.00
ageing time 300.00
hello timer 0.78 tcn timer 0.00
topology change timer 0.00 gc timer 72.02
flags

eth0 (1)
port id 8001 state forwarding
designated root 1000.080027a6565a path cost 100
designated bridge 1000.080027a6565a message age timer 0.00
designated port 8001 forward delay timer 0.00
designated cost 0 hold timer 0.78
flags

eth1 (2)
port id 8002 state forwarding
designated root 1000.080027a6565a path cost 100
designated bridge 1000.080027a6565a message age timer 0.00
designated port 8002 forward delay timer 0.00
designated cost 0 hold timer 0.78
flags

Example Use Cases

Below is a collection of use cases for Bridges. This is by no means exhaustive, but is just some of the handy ways I have used bridges in the past.

Layer 2 GRE Bridge

This is very useful when you have that one annoying piece of equipment that requires broadcast communication, but you need to operate it across one or more Layer 3 boundaries.

NOTE: This isn't encrypted in any way shape or form, so this should only be used across links that you have control over. If you need to do this over a network out of your control, such as the Internet, you should use IPSec, similar to what is outlined here on the GRE and IPSec tutorial page.

To perform this simple GRE bridge, you will need two routers, one for each segment that needs Layer 2 connectivity. Here is an example config:

vyos@vyos-rtr# set interfaces bridge br1 
vyos@vyos-rtr# set interfaces ethernet eth3 bridge‐group bridge br1
vyos@vyos-rtr# set interfaces tunnel tun0 local‐ip  
vyos@vyos-rtr# set interfaces tunnel tun0 remote‐ip  
vyos@vyos-rtr# set interfaces tunnel tun0 encapsulation gre‐bridge
vyos@vyos-rtr# set interfaces tunnel tun0 parameters ip bridge-group bridge br1 

After you have this router setup, you just need to do the same thing on the other router, and voila, you will have the ability to broadcast over Layer 3 Segments!

Adding VLANs to a Bridge

If you don't have a switch, or want to use your VyOS router as a root switch, you may want to trunk the same VLANs over multiple ports. Bridges are helpful in this case. Here is an example config:

vyos@vyos-rtr# set interfaces bridge br2
vyos@vyos-rtr# set interfaces ethernet eth2 vif 2 bridge-group bridge br2
vyos@vyos-rtr# set interfaces ethernet eth2 vif 2 address 192.0.2.1/24

If you don't want to bother with VLANs, you can simply add an address to the bridge interface just like any other interface:

vyos@vyos-rtr# set interfaces bridge br2 address 192.0.2.1/24 

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article