br0 Network Interface Explained


Bridging allows you to create a software switch that connects two ports at Layer 2 of the OSI model. A bridge consists of two or more ports that are members of a bridge group. This document was created on VyOS 1.2.0.

Software Switch: Similar to a Hardware switch, a software switch also works as a LAN switch and it learns the Mac address of bridged interfaces. The bridged interface can be ethernet or wifi.

Bridge Interface Names

Bridge interfaces are named  br in front of a number, for example, br0 would bridge interface zero. Bridge interfaces can be called bridge interfaces or bridge groups interchangeably.

Creating a Bridge

Creating a bridge interface is very simple. For this example, let's create a bridge between two physical interfaces on a VyOS router. More example use cases will be given below. This example uses eth0 and eth1.

vyos@vyos-rtr# set interfaces bridge br0 
vyos@vyos-rtr# set interfaces ethernet eth0 bridge-group bridge br0 
vyos@vyos-rtr# set interfaces ethernet eth1 bridge-group bridge br0

Spanning Tree

The Spanning Tree Protocol (STP) is supported on bridge interfaces, and is disabled by default. For our example, STP can be enabled by issuing set interfaces bridge br0 stp true.  STP can be tweaked per bridge as well. Let's change some of the default values:

NOTE: These are not changes you should make unless you know the impact they can have on your network! The values below are purely for demonstration, and will be different for many networks. If you don't know what these are for, don't touch them!
vyos@vyos-rtr# set interfaces bridge br0 priority 4096 
vyos@vyos-rtr# set interfaces bridge br0 forwarding-delay 5 
vyos@vyos-rtr# set interfaces bridge br0 hello-time 1 
vyos@vyos-rtr# set interfaces bridge br0 max-age 10

You can also tweak spanning tree settings on the physical interfaces that are members of the bridge group:


vyos@vyos-rtr# set interfaces etherneteth0 bridge-group cost 1
vyos@vyos-rtr# set interfaces ethernet eth0 bridge-group priority 0

Show Commands

Bridge interfaces show just like any other interface when running show interfaces:


vyos@vyos-rtr:~$ show interfaces 
Codes: S - State, L - Link, u - Up, D - Down, A - Admin Down
Interface        IP Address                        S/L  Description
---------        ----------                        ---  -----------
br0              -                                 u/u  BridgeExample 
eth0             -                                 u/u  
eth1             -                                 u/u  
eth2             -                                 u/u  
eth3             10.0.2.2/24                       u/u  
lo               127.0.0.1/8                       u/u  
                 ::1/128

Since bridge interfaces are essentially a software switch, showing the MAC addresses learned on the bridge is possible. For the example above, we can issue show bridge br0 macs and get this output:


vyos@vyos-rtr:~$ show bridge br0 macs 
port no mac addr                is local?       ageing timer
  2     08:00:27:a6:56:5a       yes                0.00
  2     08:00:27:a6:56:5a       yes                0.00
  1     08:00:27:ae:5b:d5       yes                0.00
  1     08:00:27:ae:5b:d5       yes                0.00

Bridge groups even support the Spanning Tree Protocol (STP), which can be viewed by issuing show bridge br0 spanning-tree. In our example we get this output:


vyos@vyos-rtr:~$ show bridge br0 spanning-tree 
br0
 bridge id              1000.080027a6565a
 designated root        1000.080027a6565a
 root port                 0                    path cost                  0
 max age                  10.00                 bridge max age            10.00
 hello time                1.00                 bridge hello time          1.00
 forward delay             5.00                 bridge forward delay       5.00
 ageing time             300.00
 hello timer               0.78                 tcn timer                  0.00
 topology change timer     0.00                 gc timer                  72.02
 flags                  
   
eth0 (1)
 port id                8001                    state                forwarding
 designated root        1000.080027a6565a       path cost                  100
 designated bridge      1000.080027a6565a       message age timer          0.00
 designated port        8001                    forward delay timer        0.00
 designated cost           0                    hold timer                 0.78
 flags                  
   
eth1 (2)
 port id                8002                    state                forwarding
 designated root        1000.080027a6565a       path cost                  100
 designated bridge      1000.080027a6565a       message age timer          0.00
 designated port        8002                    forward delay timer        0.00
 designated cost           0                    hold timer                 0.78
 flags

Example Use Cases

Below is a collection of use cases for Bridges. This is by no means exhaustive but is just some of the handy ways I have used bridges in the past.

Layer 2 GRE Bridge

This is very useful when you have that one annoying piece of equipment that requires broadcast communication, but you need to operate it across one or more Layer 3 boundaries.

NOTE: This isn't encrypted in any way shape or form, so this should only be used across links that you have control over. If you need to do this over a network out of your control, such as the Internet, you should use IPSec, similar to what is outlined here on the GRE and IPSec tutorial page.

To perform this simple GRE bridge, you will need two routers, one for each segment that needs Layer 2 connectivity. Here is an example config:

vyos@vyos-rtr# set interfaces bridge br1 
vyos@vyos-rtr# set interfaces ethernet eth3 bridge‐group bridge br1 
vyos@vyos-rtr# set interfaces tunnel tun0 local‐ip  
vyos@vyos-rtr# set interfaces tunnel tun0 remote‐ip  
vyos@vyos-rtr# set interfaces tunnel tun0 encapsulation gre‐bridge 
vyos@vyos-rtr# set interfaces tunnel tun0 parameters ip bridge-group bridge br1 

After you have this router setup, you just need to do the same thing on the other router, and voila, you will have the ability to broadcast over Layer 3 Segments!

Adding VLANs to a Bridge

If you don't have a switch, or want to use your VyOS router as a root switch, you may want to trunk the same VLANs over multiple ports. Bridges are helpful in this case. Here is an example config:

vyos@vyos-rtr# set interfaces bridge br2
vyos@vyos-rtr# set interfaces ethernet eth2 vif 2 bridge-group bridge br2
vyos@vyos-rtr# set interfaces ethernet eth2 vif 2 address 192.0.2.1/24

If you don't want to bother with VLANs, you can simply add an address to the bridge interface just like any other interface:  

vyos@vyos-rtr# set interfaces bridge br2 address 192.0.2.1/24



I have a Router Connected to Three devices. Out of three devices, two are connected via wlan0 (wifi or Wireless LAN or Access Point) and the last one is connected via eth0 (RJ45 cable or ethernet port). As shown below picture of my router showing connected devices


 

But if I try to see the configuration of Wireless and Ethernet devices using ipconfig command as shown below, you will observe that no IP addresses are shown in eth0 and ap0. This is because all three devices are connected through the br0 switch. Further, br0 is a virtual software switch is used to bridge the eth0 and wlan0.
So I Will be able to see only the IP address of br0 (software switch) only. 




Another Explanation: 

Let's assume our device has LAN connectivity using an Access point and Ethernet  Port, also our device has WAN connectivity using another ethernet port. Assuming this the picture shown below is capable of explaining the working of br0 interface (software switch or bridge group)


              
Use the following commands (Yocto/embedded  Linux) to MAC addresses learned by the br0 adaptor.
 
 ip link show master br0
 bridge link show







 






Comments

Post a Comment

Popular posts from this blog

U-Boot SPL vs U-BOOT

Image
During I was Working on Embedded  Linux development, during boot up the very first message you will see on the console is as shown below. So I was curious what is U-BOOT SPL and U-BOOT. So i tried to understand this bootup process below. On Embedded OMAP platforms the first program being run after power-on is ROM code (which is similar to BIOS on a PC. This Code buried in every Microcontroller, Microprocessor by default by the manufacturer). ROM code looks for bootloader (which must be a file named "MLO" and located on the active first partition of MMC, which must be formatted as FAT12/16/32, -- but that's details) ROM code copies the content of that "MLO" file to static RAM (because regular RAM is not initialized yet). Next picture shows the SRAM memory layout for OMAP4460 SoC: SRAM memory is limited (due to physical reasons), so we only have 48 KiB for the bootloader. Usually regular bootloader (e.g. U-Boot) binary is bigger than that. So we need to create som...
Read more

dB vs dBm

Image
dB   DB is Power Ratio OR Power Loss OR Variation in Power.  So, in order to see the loss of your patch cable, you need a transmitter at one end with known power and put the receiver on the other end with known transmitter power. Then the receiver will give you the dB or loss introduced by the patch cable you made.  dBm dBm is the actual Power of the signal or value of the quantity. Getting the Signal Strenght of an RF signal is tricky. The Most accurate way to express it is with Milliwatts (mW). But you will end with with huge number if zero in before decimal places because of super-low power. For Example -60dBm is 0.000001 Milli Watts. So that means 1mW = 0dBm , 10mW = 10dBm, 100mW = 20 dBm, -40db = 0.0001 mWatt
Read more