...
Supplemental Information: Virtual Bridge and TAP Interfaces
Basic Bridge Configuration Using ip Commands
The following table shows a simple example of how to create a virtual bridge on Linux and how to add TAP interfaces to it using ip commands:
| Step | Command |
|---|---|
| Create a TAP interface (not needed if emulator automatic creation is used). |
|
| Activate TAP interface (can also be done via the initialize command in emulator configuration). | # ip link set my_tap0 up |
| Create a new bridge. | # ip link add name my_bridge type bridge |
| Activate the bridge. | # ip link set my_bridge up |
| Add a physical interface to the bridge as required. This interface will connect the bridge to the physical LAN. | # ip link set <physical-int> master my_bridge |
| Remove any configured IP address from the physical interface. | # ip addr delete <ip-address>/<netmask> dev <physical-int> |
| Add the IP address previously configured on the physical interface to the bridge interface. | # ip addr add <ip-address>/<netmask> dev my_bridge |
| Add the TAP interface to the bridge (can also be done via the initialize command in the emulator configuration). | # ip link set my_tap0 master my_bridge |
Please note: The commands above are not persistent. They would need to be scripted and added to the host system startup as required.
To delete TAP and bridge interfaces, you can use the command ip link delete <interface-name>.
Basic Bridge Configuration Using nmicli
The following table shows a simple example of how to create a virtual bridge on Linux and how to add TAP interfaces to it using nmcli commands (NetworkManager command-line interface):
| Step | Description |
|---|---|
| Create a bridge and set a static IP address for it. | # nmcli con add type bridge ifname mybr0 ipv4.method manual ip4 <ipaddr/mask> |
| Activate bridge. | # nmcli con up bridge-mybr0 |
| Add physical interface to bridge. | # nmcli conn modify <physical-int-conn> master mybr0 slave-type bridge |
| Activate changes. | # nmcli conn up <physical-int-conn> |
After the bridge has been created, you can use the initialize command in the emulator configuration to add the required TAP interfaces for the emulator to the bridge.
Please note: By default, nmicli commands are persistent (connection information is stored in /etc/sysconfig/network-scripts/).
Linux Firewalls and Virtual Bridges
...