...
Supplemental Information: Virtual Bridge and TAP Interfaces
The following sections describe the basic steps for the configuration of virtual bridges and TAP interfaces.
Please note:
- The examples describe a virtual bridge that connects host and guest system to the local LAN via a physical NIC.
- The described virtual bridge configuration is mostly suited for on-premises installations where the host system runs on a physical system.
- For VMware (or similar environments) it is recommended to add additional vNICs for the guest as needed - instead of using a bridge configuration on the host.
- In most cloud environments, a virtual bridge cannot directly link bridge traffic to the LAN via a host NIC. There are usually restrictions regarding the MAC addresses allowed on the NICs of a cloud instance. Also promiscuous mode is usually not possible. Hence, in such environments, traffic between a virtual bridge and the rest of the network must usually be NAT'ed or routed. The virtual bridge is then internal to the Linux host and not connected directly to the LAN.
Basic Bridge Configuration Using ip Commands
The following table shows a simple example of how to create a virtual bridge on Linux and how to add TAP interfaces to it using ip commands:
| Step | Command |
|---|---|
| Gather information about the existing network configuration. | List all existing interfaces, their status and their MAC addresses: List all configured IP addresses and netmasks: List the routing table entries: |
| Create a TAP interface (not needed if emulator automatic creation is used). |
|
| Activate TAP interface (can also be done via the initialize command in emulator configuration). | # ip link set my_tap0 up |
| Create a new bridge - if needed. | # ip link add name my_bridge type bridge |
| Activate the bridge - if needed | # ip link set my_bridge up |
| If needed, add a physical interface to the bridge. This interface will connect the bridge to the physical LAN. | # ip link set <physical-int> master my_bridge |
| Remove any configured IP address from the physical interface. | # ip addr delete <ip-address>/<netmask> dev <physical-int> |
| Add the IP address previously configured on the physical interface (or another IP address to be used by the host system) to the bridge interface. | # ip addr add <ip-address>/<netmask> dev my_bridge |
| Add any routes (including the default gateway) to be routed across the bridge interface - if needed. |
|
| Add the TAP interface to the bridge (can also be done via the initialize command in the emulator configuration). | # ip link set my_tap0 master my_bridge |
Please note: The commands above are not persistent. They would need to be scripted and added to the host system startup as required.
...
The following table shows a simple example of how to create a virtual bridge on Linux and how to add TAP interfaces to it using nmcli commands (NetworkManager command-line interface):
| Step | Description |
|---|---|
| Gather information about the existing network configuration. | List all existing interfaces, their status and their MAC addresses: List all configured IP addresses and netmasks: List the routing table entries: |
| If needed, create a new connection for the physical interface to be used with the bridge. |
|
| If needed, create a bridge and set a static IP address for it. | # nmcli con add type bridge autoconnect yes \mybr0 ifname mybr0 \ipv4.method manual ip4 <ipaddr/mask> stp off |
| If needed, activate bridge. | # nmcli con up bridge-mybr0 |
| If needed, add physical interface to bridge. | # nmcli conn modify <physical-int-conn> master mybr0 \ |
| Activate changes to interface. | # nmcli conn up <physical-int-conn> |
After the bridge has been created, you can use the initialize command in the emulator configuration to add the required TAP interfaces for the emulator to the bridge.
...
Please note: at the time of writing, this feature is not yet available for nftables.
...
| Include Page | ||||
|---|---|---|---|---|
|