25 thoughts on - Poor Perfmance Of Bridged Interfaces

• sounds like a loop.

  What says ‘brctl show’?

  best regards Ulf

• Do you have those two devices connected to the same LAN?

  Why would that matter, when all of your interfaces are NM_CONTROLLED=no?

• 2015-11-12 16:51 GMT-03:00 Gordon Messmer :

  Yes I have.

  Only as a last desesperate resource after hours of trying and not working :(

• Well, that will create a switch loop and flood the LAN with broadcast traffic.

  We can probably offer better advice if you tell us what you’re trying to accomplish. For now, just remove one of the two bridged interfaces.

• —– Original Message —

• Am 12.11.2015 um 19:42 schrieb Sergio Belkin:

  First of all: yum update to current!

  Alexander

• I hope thats two seperate files, ifcfg-enp0s8 and ifcfg-lo … otherwise, why is a bridged physical interface configured to be loopback?!?

  mine looks like…

  # cat ifcfg-br0
  DEVICE=br0
  TYPE=Bridge ONBOOT=yes NM_CONTROLLED=no BOOTPROTO=none NETWORK=…. NETMASK%5.255.255.240
  IPADDR=….. (its a static IP)
  GATEWAY=….

  # cat ifcfg-eth0
  DEVICE=eth0
  HWADDR

• If you really need two bridges on the same LAN you will need to turn on STP
  and give your interfaces a delay of say 10 seconds on start up. Sorry, cant remember options to do that.

  Kahlil (Kal) Hodgson GPG: C9A02289
  Head of Technology (m) +61 (0) 4 2573 0382
  DealMax Pty Ltd GitHub: @tartansandal

  Suite 1416
  401 Docklands Drive Docklands VIC 3008 Australia

  “All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can’t get them together again, there must be a reason. By all means, do not use a hammer.” — IBM maintenance manual, 1925

• 2015-11-12 18:17 GMT-03:00 John R Pierce :

  Yes they are separate ones

• 2015-11-12 18:07 GMT-03:00 James A. Peltier :

  I’m trying to create virtualized linux bridge, I’ve enabled STP and even with a forward delay with 300 but no luck…

• 2015-11-13 8:22 GMT-03:00 Sergio Belkin :

  I get an IP via dhcp but cannot ping only at host machine

• 2015-11-12 15:56 GMT-03:00 Ulf Volmer :

  When I enable stp:

  [root@localhost ~]# brctl show br0
  bridge name bridge id STP enabled interfaces br0 8000.080027a398e6 yes enp0s3
  enp0s8

• As Gordon said, i recommend to remove one of the physical interfaces from the bridge.

  best regards Ulf

• 2015-11-13 12:32 GMT-03:00 Ulf Volmer :

  I’ve found that setting virtual interfaces as NAT instead bridge, it works, any ideas?

  (Remember that it’s a guest OS)

  Thanks in advance!

• Well, you can’t do that by putting two interfaces on the same LAN. A
  bridge should be used to connect two separate LANs.

• 2015-11-13 13:52 GMT-03:00 Gordon Messmer :

  But…. AFAIK, routers divide broadcast domains, and switches (and therefore bridges) divide collision domains. For example:

  “A bridge is a piece of software used to unite two or more network segments. A bridge behaves like a virtual network switch, working transparently (the other machines do not need to know or care about its existence). Any real devices (e.g. eth0) and virtual devices (e.g. tap0)
  can be connected to it.” https://wiki.archlinux.org/index.php/Network_bridge

  If I’m wrong please correct me.

• Oh good, Cisco terminology. :)

  I’ll be more specific than I was earlier, then.

  It’s possible to unify two collision domains into a single broadcast domain with a router, but it’s also possible to use a bridge to link collision domains to create a larger broadcast domain. Don’t get hung up on that.

  The comparison of a Linux bridge to a switch is apt. You could, conceptually, connect two PCs to each other using a Linux bridge. You wouldn’t, however, connect two ports on one switch (here, the Linux bridge) to two ports on another switch. Doing that creates a loop in your network.

  Linux Ethernet bridges have several uses, so it’s not clear what you’re really trying to do. That is, you’ve said that you’re trying to create a virtualized Linux bridge, but a bridge is a tool, not a goal in itself. What do you expect the bridge to do when you’ve set it up?

• There should be no need to do that … that is after all the purpose of STP (in effect, what STP would do is prevent one link from being used by putting it into blocking state leaving the other in forwarding state).
  Nominally one would prefer bonding (AKA trunking or a LAG) where both can be actively used.

  /mark

• 2015-11-13 16:43 GMT-03:00 Gordon Messmer :

  Oh yeah,

  I’d want to connect a VM to another VM (or eventually to the host) via the
  “Linux bridge” so that I can demonstrate that capability in a classroom with only one laptop.

• You don’t actually need to attach *any* ethernet interfaces to do that.
  If you create a bridge with no Ethernet slaves, and then create two VMs, those VMs will get virtual network interfaces that will then be slaved to the bridge. So, you’ll see the bridge with two network devices as slaves, and those network devices will be attached to the two VMs.

  If you create a bridge device with one Ethernet interface attached, then you’ll end up with a bridge that spans two VMs and the Ethernet interface. That way the VMs will be connected to each other and to the Ethernet network.

• —– Original Message —

• The libvirt wiki covers this here [0]. These instructions create a bridge (br0), connect the physical ethernet interface to that bridge, then you can attach virtual machines to the same bridge.

  [0] http://wiki.libvirt.org/page/Networking#Fedora.2FRHEL_Bridging

• Perhaps I don’t explain myself enough.

  I don’t want to “bridge” physical machine with virtual machine, my idea was create a transparent bridge in a VM for example to demonstrate a proxy with no need of topology change.

  Greets

  2015-11-16 5:58 GMT-03:00 Paul Knox-Kennedy :

• 2015-11-14 16:43 GMT-03:00 Gordon Messmer :

  Are you talking bearing in mind VirtualBox?

  I’ve created a bridge on the host machine, and 2 VM’s but br0 has no slaves:

  [sergio@hope share]$ sudo brctl show br0
  bridge name bridge id STP enabled interfaces br0 8000.000000000000 no

  Greets

• Actually, no. I’d either missed that detail or forgotten it by that time in the conversation. This might be the wrong list for VirtualBox questions, since it’s not distributed with CentOS. I’ve worked with VirtualBox only a little bit, and I’m not sure what you’re trying to do is possible. I think it is, but I can only really describe how to accomplish what you’re trying to do with respect to libvirt/KVM (the virtualization platform that’s distributed with CentOS).

  Anyway, the first thing you’d want to do is create a bridge interface with no slaves, and then create two VMs. They should be attached to that bridge device. (In virtualbox you might be able to do that with
  “bridged networking” to br0, or you might be able to skip the virt host bridge and use “internal networking”. Try the former first.) The two VMs will not be attached to the real network, but should be able to reach each other. Now your topology looks like this:

  —| Network |—| (eth0)-VM Host-(br0) |–+| (eth0)-VM1 |
  \| (eth0)-VM2 |

  …your virtualization host is connected to the real network on eth0. The two VMs are attached to its br0 interface. They each have one
  “ethernet” interface and can communicate with each other.

  Once you’ve set that up and verified that it works, set up a new bridge interface, br1. Move the IP configuration from eth0 to br1, and make eth0 a slave of br1. Make sure the virtualization host has network connectivity. Your network topology looks exactly like it did before, except that the virt host uses br1 (with eth0 as a slave) to connect to the real network.

  —| Network |—| (br1)-VM Host-(br0) |–+| (eth0)-VM1 |
  \| (eth0)-VM2 |

  Next, you can add a second interface to VM1. This one will be connected to br1. (again, in virtualbox, you might be able to do this with bridged networking.) Give VM1’s new interface (it’s eth1) an IP
  configuration appropriate for your real network, and verify that it has full internet connectivity. Now your network looks like this:

  /——————| (eth1)\
  —| Network |—| (br1)-VM Host-(br0) |–+| (eth0)-VM1 |
  \| (eth0)-VM2 |

  So, now VM2 can reach VM1, but not the real network, and VM1 can reach the real network.

  Finally, you’ll create a bridge interface in VM1, and make both of its
  “ethernet” interfaces slaves. Move its IP configuration from eth1 to its new br0, and drop the IP configuration from eth0. This will give VM2 connectivity to the real network, so update its IP configuration to be compatible with the real network. Now your network looks like this:

  /——————| (eth1)\
  —| Network |—| (br1)-VM Host-(br0) |–+| (eth0)-(br0)-VM1 |
  \| (eth0)-VM2 |

  When VM2 transmits a packet, it will be sent out VM2-eth0, across VM
  Host br0 to VM1-eth0, across VM1-br0 to VM Host-br1, to the real network.

  And most importantly, no bridge connects two interfaces to the same broadcast domain. VM Host’s br0 creates a collision domain spanning the two VMs. VM Host’s br1 creates a collision domain spanning the physical network and VM1’s eth1 interface. And VM1’s br0 bridges those two collision domains. No loops.

  I don’t know what performance will look like under VirtualBox, since I
  don’t use it for this sort of thing. However, under KVM/libvirt, performance should be fairly good.