Network switches are common these days. You can even find quite a few designed for home use. But you can also build a virtual switch using a network bridge in Fedora.

This is most commonly used to connect virtual guests to a network without being behind Network Address Translation (NAT) but can also be used to daisy chain systems together.

A bridge is a network connection that combines multiple network adapters. This way devices attached via the different adapters can talk to each other as if directly connected with a normal network switch. This software switch is the basis for more complicated technologies such as Open VSwitch.

Since the switch is purely software, it’s important to avoid accidentally creating a loop (physically or virtually) if Spanning Tree Protocol (STP) is disabled. Otherwise, the system is likely to bottleneck at 100% CPU use and be very slow to respond, if not grind to a halt.

Moving on from bridge-utils deprecation

Previously brctl from the bridge-utils package was used to create and manipulate the bridge virtual interfaces. However this was deprecated a while back and has been superseded by the iproute2 suite of tools for most aspects.

To create a new bridge, use this command:

$ ip link add br0 type bridge

At this point, ip link will show the network interface that exists, but in a down state, as there’s no interfaces connected to it:

3: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
 link/ether 12:bb:3a:9c:02:33 brd ff:ff:ff:ff:ff:ff

You can then add physical network interfaces to the bridge. Be sure not to accidentally cut off a remote connection when doing so! These commands add the eth0 and eth1 interfaces to the bridge just created.

$ ip link set eth0 master br0
$ ip link set eth1 master br0

Now, you can create an IP address on the bridge host, so it can be addressed on the network:

$ ip address add dev br0

If you’d like to see the configuration of the bridge, use this command:

$ ip -d link sh br0
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
 link/ether 52:54:00:4b:c5:95 brd ff:ff:ff:ff:ff:ff promiscuity 0 
 bridge forward_delay 1500 hello_time 200 max_age 2000 ageing_time 30000 stp_state 0 priority 32768 vlan_filtering 0 vlan_protocol 802.1Q addrgenmode eui64

To change the configuration of the bridge using ip bridge link set or ip link set can be used for most aspects. Some spanning tree configuration either needs to be changed via brctl or via the proc interface.

$ brctl show br0
bridge name bridge id STP enabled interfaces
br0 8000.5254004bc595 no ens3

echo 1 >  /sys/class/net/br0/bridge/stp_state

$ brctl show br0
bridge name bridge id STP enabled interfaces
br0 8000.5254004bc595 yes ens3

While these commands will properly set up a bridge, the network setup won’t be persistent. In other words, when you reboot the system, you’d have to set up the bridge again.

Persistent bridge configuration

Let’s assume one of the network adapters to be connected to the bridge is eth0. You may want to start by making a backup of the configuration file.

$ sudo cp /etc/sysconfig/network-scripts/ifcfg-eth0 /root/

Now, create a configuration file for the bridge br0 with the following contents, as /etc/sysconfig/network-scripts/ifcfg-br0:


Adjust the configuration of the eth0 network adapter as follows, as /etc/sysconfig/network-scripts/ifcfg-eth0:


For each additional network adapter to be added to the bridge, adjust the configuration file accordingly. When reloading NetworkManager, the bridge will be created and the interface linked to it.

This can be scripted through the nmcli tool as well.

$ nmcli connection add ifname br0 type bridge con-name br0
$ nmcli connection add type bridge-slave ifname eth0 master br0

The nmcli tool persists the changes to disk when they are made and can be used to handle things like STP without switching to the deprecated command or venturing into /proc.

$ nmcli connection modify br0 bridge.stp no

Image courtesy Johnny Lam originally posted to Unsplash as Connect. Special thanks to Patrick Uiterwijk and James Hogarth for helping edit and review this article.