| A bridge interconnects several local area networks on the data-link layer, simulating the behavior of one large single network to the outside. To connect several local area networks in a Linux system, we need only install several network adapters in the computer. Linux also allows you to manage several bridges within one system, which can operate independently of one another. Each bridge instance has a logical name. One network adapter can always belong to exactly one bridge instance. This allows the system administrator to build virtual local networks (VLANs), which previously required expensive VLAN switches. The following sections introduce options to configure and control Linux bridges. 12.3.1 Configuring the Kernel and the Network Adapter To be able to use a Linux system as a bridge, the Linux kernel has to contain the bridge functionality. This is normally not the case, so we have to create a new kernel. When configuring the kernel, you should select the BRIDGING option from the Networking Options. You can integrate it into the kernel either as a module or permanently. Once you have booted your new kernel (and loaded the module, if applicable), you can use the bridge functionality. Sometimes, you might incur problems when trying to activate several network adapters. If this happens, you can specify the boot parameters linux ether=0,0,ethx for each card when you start the system. If you use the LILO boot loader, you can also have the boot parameter passed automatically. If the bridge functionality resides in the loaded kernel and all network adapters are activated, you can use the brctl tool to create and configure the desired bridge instances. brctl will be introduced in the next section. 12.3.2 Using the brctl Tool to Configure Linux Bridges You can use the brctl (Bridge Control) tool to configure a bridge in Linux. This tool is part of the bridge-utils package and can be obtained from [Buyt01]. This tool can be used by the administrator to pass control commands to the bridge implementation in the kernel by using ioctl() commands. This section gives an overview of how you can use this program. [BoBu01] includes a detailed description of these commands and several examples. The brctl tool lets you use the following commands to activate and deactivate a bridge. The commands are passed as parameters when brctl is called: addbr bridge: This command creates a new instance of a bridge with the identifier bridge. addif bridge device: This command adds the network adapter device to bridge. A network adapter can always belong to one bridge only. delbr bridge: This command deletes the instance of the specified bridge. delif bridge device: This command deletes the adapter device from bridge.
The following commands are available in the brctl tool to change the default parameters of a bridge: setaging bridge time: This command sets the max age parameter to the specified value. The topology of the LAN internetwork is recalculated when a BPDU with a larger aging time arrives. setbridgeprio bridge prio: This command sets the bridge priority, not to be confused with the port priority. setfd bridge time: This command sets the bridge forward delay parameter. This value is added to the aging timer parameter of a BPDU in each bridge. setgcint bridge time: This command sets the duration of the garbage collection (GC) interval for a bridge. Once a GC interval expires, there is a check for whether the forwarding table includes old entries. If it does, then these entries are deleted. sethello bridge time: This command is used to change the time interval in which hello packets are sent. setmaxage bridge time: This command sets the max age parameter. (See Section 12.2.4.) setpathcost bridge port cost: This command can be used to change the path cost for a network adapter of the specified bridge. setportprio bridge port prio: This command changes the priority of a network adapter in a bridge. stp bridge [en|dis]: This switch can be used to enable (en) or disable (dis) the spanning-tree protocol in a bridge.
12.3.3 Checking the Bridge Functionality The following commands are included in the brctl tool to check the operation of a bridge and control its functionality: show: This command shows a list of all bridge instances currently existing in the computer. showbr bridge: This command outputs the current configuration of the specified bridge. The output for bridge 3 from the example in Figure 12-11 will be shown later. showmacs bridge: This command outputs the current filter or forwarding table, including the MAC addresses of all known stations (as shown below).
Figure 12-11. Redundant LAN internetwork. 
In addition, you can use the tcpdump tool to monitor the traffic in each of the interconnected LANs. To monitor LANs, you start tcpdump -i ethn and tcpdump -i ethm each in a separate window. You should see packets being forwarded in both adapters. In contrast, packets for computers in the same LAN should appear in one adapter only. 12.3.4 Sample Configuration The following example shows how you can add a bridge based on the configuration of bridge 1 from the LAN internetwork shown in Figure 12-11: root@tux: # brctl addbr bridge1 root@tux: # brctl addif bridge1 eth0 root@tux: # brctl addif bridge1 eth1 root@tux # brctl setpathcost bridge1 eth0 5 root@tux # brctl setpathcost bridge1 eth1 15 root@tux: # ifconfig eth0 0.0.0.0 root@tux: # ifconfig eth1 0.0.0.0 root@tux: # ifconfig bridge1 129.13.42.100 netmask 255.255.255.0 up
In this example, we first create a bridge, bridge1. Subsequently, we add network adapters. The IP addresses are deleted, because the network adapters are allocated to the bridge and should actually forward or filter packets in the LAN internetwork independently of a protocol. Nevertheless, it is possible to address the bridge (regardless of a network adapter) by using an IP address. This address is allocated to the virtual adapter, bridge1, as shown in the last command. Each bridge instance has such a virtual network device, which has the same name as its bridge instance. The outputs of brctl showstp bridge3 and brctl showmacs bridge3 are as follows: root@tux # brctl showmstp bridge 3 bridge3 bridge id 0003.00902744822b designated root 0002.00902744da29 root port 1 path cost 10 max age 20.00 bridge max age 20.00 hello time 2.00 bridge hello time 2.00 forward delay 15.00 bridge forward delay 15.00 aging time 300.00 gc interval 4.00 hello timer 0.00 tcn timer 0.00 topology change timer 0.00 gc timer 0.99 flags TOPOLOGY_CHANGE eth0 (1) port id 8001 state forwarding designated root 0002.00902744da29 path cost 5 designated bridge 0006.009027d1362b message age timer 1.98 designated port 8002 forward delay timer 0.00 designated cost 5 hold timer 0.00 flags eth1 (2) port id 8002 state blocking designated root 0002.00902744da29 path cost 12 designated bridge 0002.00902744da29 message age timer 1.98 designated port 8002 forward delay timer 0.00 designated cost 0 hold timer 0.00 flags eth2 (3) port id 8003 state forwarding designated root 0002.00902744da29 path cost 15 designated bridge 0003.00902744822b message age timer 0.00 designated port 8003 forward delay timer 0.00 designated cost 10 hold timer 0.00 flags root@tux # brctl showmacs bridge3 port no mac addr is local? aging timer 2 00:90:27:44:82:2b yes 0.00 1 00:90:27:72:0c:31 yes 0.00 3 00:90:27:cb:a3:cd yes 0.00
| 