Create Linux Bridge on VLAN Interface in Debian 11/10

How can I create a Linux Bridge on Debian 10 / Debian 11 Linux system?. How can one create a Linux bridge on top of a VLAN interface in Debian / Ubuntu system?. Our recent article covered the creation of a VLAN interface on a Debian System. As a continuation, we show you how a Linux bridge can be created on top of a VLAN interface.

For those new to Linux networking, a Linux bridge behaves like a typical network switch. It forwards packets between interfaces connected to it. The most common use case is forwarding packets between Virtual Machines in a Virtualized Infrastructure. A Linux bridge also supports STP, VLAN filter, and multicast snooping.

Create Linux Bridge on Debian 10 | Debian 11

Before you can create bridge interfaces on Debian Linux you must install bridge-utils package:

sudo apt update

sudo apt install bridge-utils -y

To check active interfaces on your server run the command:

$ ip -f inet a s

1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

6: eno1.100@eno1:  mtu 1500 qdisc noqueue state UP group default qlen 1000

    inet 172.20.20.10/28 brd 172.20.20.15 scope global eno1.100

       valid_lft forever preferred_lft forever

7: eno1.503@eno1:  mtu 1500 qdisc noqueue state UP group default qlen 1000

    inet 172.20.25.10/24 brd 172.20.25.255 scope global eno1.503

       valid_lft forever preferred_lft forever

Basic Example: Creating a Linux Bridge without VLAN

if you want to create a Linux bridge br1 on eno1 interface without any VLANs you’ll have settings like below.

$ sudo vim  /etc/network/interfaces



# This file describes the network interfaces available on your system

# and how to activate them. For more information, see interfaces(5).

 

source /etc/network/interfaces.d/*

 

# The loopback network interface

auto lo

iface lo inet loopback



#Bridge br1 network configurations

auto br1

iface br1 inet static

	address 172.20.25.10

	broadcast 172.20.25.255

	netmask 255.255.255.0

	gateway 172.20.25.1

	bridge_ports eno1

	bridge_stp off       # disable Spanning Tree Protocol

        bridge_waitport 0    # no delay before a port becomes available

        bridge_fd 0          # no forwarding delay

When using DHCP configurations will be modified to:

auto br1

 

# Bridge setup using DHCP

 iface br1 inet dhcp

    bridge_ports eno1

Then restart the network-manager service:

sudo systemctl restart network-manager

Check service status:

systemctl status network-manager

Confirm IP settings:

$ ip a s

$ ip r

Advanced Example: Creating Linux bridge on VLAN interface

Make sure the vlan package is installed on the system:

sudo apt install vlan

If the host is a hypervisor consider adding below sysctl configurations:

echo "net.ipv4.ip_forward=1" | sudo tee -a /etc/sysctl.conf

echo "net.ipv4.conf.all.arp_filter=0" | sudo tee -a /etc/sysctl.conf

echo "net.ipv4.conf.all.rp_filter=2" | sudo tee -a /etc/sysctl.conf

Load configurations:

$ sudo sysctl -p

net.ipv4.ip_forward = 1

net.ipv4.conf.all.arp_filter = 0

net.ipv4.conf.all.rp_filter = 2

Then modify configurations accordingly:

$ sudo vim /etc/network/interfaces



# This file describes the network interfaces available on your system

# and how to activate them. For more information, see interfaces(5).

 

source /etc/network/interfaces.d/*

 

# The loopback network interface

auto lo

iface lo inet loopback



# eno1 interface

auto eno1

iface eno1 inet manual



# VLAN 100

auto eno1.100

iface eno1.100 inet manual



# VLAN 503

auto eno1.503

iface eno1.503 inet manual



# Bridge br0

auto br0

iface br0 inet static

  bridge_ports eno1.100 

  bridge_stp off       # disable Spanning Tree Protocol

  bridge_waitport 0    # no delay before a port becomes available

  bridge_fd 0          # no forwarding delay

  address 172.21.200.2

  netmask 255.255.255.0

  gateway 172.21.200.1

  # dns-* options are implemented by the resolvconf package, if installed

  dns-nameservers 8.8.8.8 8.8.4.4



# Bridge br1

auto br1

iface br1 inet static

  bridge_ports eno1.101 

  bridge_stp off       # disable Spanning Tree Protocol

  bridge_waitport 0    # no delay before a port becomes available

  bridge_fd 0          # no forwarding delay

  address 172.20.20.1

  netmask 255.255.255.0

Reboot the server:

sudo reboot

Check bridges created once the system is rebooted:

$ sudo brctl show

bridge name	bridge id		STP enabled	interfaces

br0		8000.e0db55fe5b03	no		eno1.100

br1		8000.e0db55fe5b03	no		eno1.503

You can also confirm IP configurations:

$ ip -f inet a s

1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

8: br0:  mtu 1500 qdisc noqueue state UP group default qlen 1000

    inet 172.21.200.2/29 brd 172.21.200.255 scope global br0

       valid_lft forever preferred_lft forever

9: br1:  mtu 1500 qdisc noqueue state UP group default qlen 1000

    inet 172.20.20.1/24 brd 172.20.20.255 scope global br1

       valid_lft forever preferred_lft forever

You should now be able to create Virtual Machines on the bridges created. The IP configurations used need to be modified to suit the settings in your environment.

https://www.computingpost.com/create-linux-bridge-on-vlan-interface-in-debian-11-10/?feed_id=10656&_unique_id=6344762f885fb