Linux Bridge configuration Command: Brctl (2)

The BRCTL is used to manage the Ethernet bridge, establish, maintain, and check the Network Bridge configuration in the kernel. A bridge is typically used to connect multiple different networks so that these different networks can communicate like a network.

Network Bridge is a link layer to implement the relay, the frame forwarding technology, according to the Mac sub-block, can isolate collisions, the network of networks of multiple network segments connected in the Data Link layer network equipment. The bridge works at the data link layer, connecting two LANs and forwarding frames based on the MAC address, which can be seen as a "bottom-up router"

On the bridge each Ethernet connection can correspond to a physical interface, these Ethernet pretexts are combined into a large logical interface, which corresponds to the bridging network.

Brctl ADDBR <name> Create a bridged network interface named name

Brctl DELBR <name> Delete a bridged network interface named name, the bridged network interface must be down before it can be deleted.

Brctl Show shows all the current bridging interfaces

Brctl addif <brname> <ifname> Adding a physical interface ifname to the bridge interface Brname, all the frames received from the ifname will be processed, just like the bridge processing. All frames destined for brname, ifname are like output interfaces. When the physical Ethernet is added to the bridge, it is in promiscuous mode, so no IP configuration is required.

Brctl Delif <brname> <ifname> out of a ifname interface from Brname

Brctl Show <brname> shows some of the bridge's information

STP multiple Ethernet bridges can work together to form a larger network, using the 802.1D protocol to find the shortest path between two networks, the role of STP is to prevent the formation of loops between the Ethernet bridge, if there is only one bridge, you can shut down the STP.

BRCTL STP <bridge> <state> Control Bridge joins the STP tree,<state> can be ' on ' or ' yes ' to join the STP tree, which prevents loopback when there are multiple bridges in the LAN, ' off ' Indicates that STP is turned off.

Brctl Setbridgeprio <bridge> <priority>

Set the priority,<priority> of the bridge to a value of 0-65535, a small value with a high priority, and the highest priority is the root bridge.

Brctl setfd <bridge> <time>

Set bridge forward delay ' forwarding delay time in seconds

Brctl Sethello <bridge> <time>

Set Bridge Hello time for bridge to survive detection

Brctl setmaxage <bridge> <time>

Set the ' Maximum message age ' time for the bridge

Brctl setpathcost <bridge> <port> <cost>

Set the link cost value for a port in the bridge

Brctl Setportprio <bridge> <port> <priority>

Set the priority of a port in a network bridge

Example 1: Simple bridge

Eth0 eth1 combined into a bridge br0

Brctl ADDBR br0 Create a bridge br0 instance

Brctl addif br0 eth0 eth0 into the bridge br0

Brctl addif br0 eth1 eth1 into the bridge br0

Ifconfig eth0 0.0.0.0 Physical NIC is in promiscuous mode without configuring IP

Ifconfig eth1 0.0.0.0

Ifconfig br0 10.1.1.2 You only need to configure one IP for the bridge

Example 2: Creating a multi-bridge communication

Create a multi-bridge communication through Filtering/natting, on a machine with four network cards, two network cards are zoned into a LAN, IP is 10.16.0.254, the other two network cards are zoned into a LAN, IP is 192.168.10.1.

Brctl ADDBR br_10

Brctl addif br_10 eth0

Brctl addif br_10 eth1

Ifconfig br_10 10.16.0.254

Brctl ADDBR br_192

Brctl addif br_192 eth2

Brctl addif br_192 Eth3

Ifconfig br_192 192.168.10.1

Now there are two local NIC Br_10 br_192, open ipforwd, if 192.168.10.2 is allowed access to the 192.* network segment in the 10.* segment:

Ipchains-p forward REJECT

Ipchains-a forward-s 192.168.10.2/32-d 10.0.0.0/8-I br_10-j ACCEPT

This article is from the "Professor" blog, please be sure to keep this source http://professor.blog.51cto.com/996189/1569031

Linux Bridge configuration Command: Brctl (2)