How can I bridge two interfaces with ip/iproute2?
You can use the bridge object ip the ip command, or the bridge command that makes part of the iproute2 package.
Basic link manipulation
To create a bridge named br0, that have eth0 and eth1 as members:
ip link add name br0 type bridge
ip link set dev br0 up
ip link set dev eth0 master br0
ip link set dev eth1 master br0
To remove an interface from the bridge:
ip link set dev eth0 nomaster
And finally, to destroy a bridge after no interface is member:
ip link del br0
Forwarding manipulation
To manipulate other aspects of the bridge like the FDB(Forwarding Database) I suggest you to take a look at the bridge(8) command. Examples:
Show forwarding database on br0
bridge fdb show dev br0
Disable a port(eth0) from processing BPDUs. This will make the interface filter any incoming bpdu
bridge link set dev eth0 guard on
Setting STP Cost to a port(eth1 for example):
bridge link set dev eth1 cost 4
To set root guard on eth1:
bridge link set dev eth1 root_block on
Cost is calculated using some factors, and the link speed is one of them. Using a fix cost and disabling the processing of BPDUs and enabling root_block is somehow simmilar to a guard-root feature from switches.
Other features like vepa, veb and hairpin mode can be found on bridge link sub-command list.
VLAN rules manipulation
The vlan object from the bridge command will allow you to create ingress/egress filters on bridges.
To show if there is any vlan ingress/egress filters:
bridge vlan show
To add rules to a given interface:
bridge vlan add dev eth1 <vid, pvid, untagged, self, master>
To remove rules. Use the same parameters as vlan add at the end of the command to delete a specific rule.
bridge vlan delete dev eth1
Related stuff:
- bridge(8) manpage
- How to create a bridge interface
The equivalent of brctl show is bridge link.
You can show the bridge status per device with bridge link show dev eth0 but bridge looks at the network interface and tells you which bridge it belongs to - not which network interfaces belong to a certain bridge.
There doesn't seem to be a equivalent to brctl show br0.