内容简介:本文风哥教程参考Linux官方文档、Red Hat Enterprise Linux官方文档、Ansible Automation Platform官方文档、Docker官方文档、Kubernetes官方文档和Podman官方文档等内容,详细介绍了相关技术的配置和使用方法。
本文档详细介绍Linux网桥的配置方法,包括网桥创建、虚拟网络配置等内容。
风哥提示:
Part01-网桥基础概念
1.1 网桥概述
# 主要功能:
# 1. 连接多个网络段
# 2. 实现二层转发
# 3. 支持虚拟机网络
# 4. 容器网络基础
# 网桥类型:
# 1. 普通网桥:连接物理接口
# 2. 虚拟网桥:连接虚拟接口
# 3. OVS网桥:Open vSwitch高级网桥
# 应用场景:
# 1. KVM虚拟机网络
# 2. Docker容器网络
# 3. 网络虚拟化
# 4. 软件定义网络
Part02-创建网桥
2.1 使用nmcli创建网桥
$ nmcli device status
DEVICE TYPE STATE CONNECTION
eth0 ethernet connected eth0
eth1 ethernet disconnected —
lo loopback unmanaged —
# 创建网桥
$ sudo nmcli connection add type bridge \
con-name br0 \
ifname br0
Connection ‘br0’ (abc12345-1234-5678-90ab-cdef12345678) successfully added.
# 配置网桥IP地址
$ sudo nmcli connection modify br0 \
ipv4.addresses 192.168.1.100/24 \
ipv4.gateway 192.168.1.1 \
ipv4.dns “8.8.8.8” \
ipv4.method manual
# 添加物理接口到网桥
$ sudo nmcli connection add type bridge-slave \
con-name br0-port0 \
ifname eth1 \
master br0
Connection ‘br0-port0’ (def23456-2345-6789-01bc-defg23456789) successfully added.
# 激活网桥
$ sudo nmcli connection up br0-port0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/30)
$ sudo nmcli connection up br0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/31)
# 查看网桥状态
$ ip addr show br0
4: br0:
link/ether 08:00:27:ab:cd:ef brd ff:ff:ff:ff:ff:ff
inet 192.168.1.100/24 brd 192.168.1.255 scope global noprefixroute br0
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:feab:cdef/64 scope link
valid_lft forever preferred_lft forever
Part03-网桥管理命令
3.1 使用brctl管理网桥
$ sudo dnf install -y bridge-utils
Last metadata expiration check: 0:45:23 ago on Thu 03 Apr 2026 17:00:15 AM CST.
Dependencies resolved.
================================================================================
Package Architecture Version Repository Size
================================================================================
Installing:
bridge-utils x86_64 1.7.1-1.el10 baseos 32 k
Transaction Summary
================================================================================
Install 1 Packages
Total download size: 32 k
Installed size: 78 k
Complete!
# 查看网桥列表
$ brctl show
bridge name bridge id STP enabled interfaces
br0 8000.080027abcdef no eth1
# 查看网桥详细信息
$ brctl showstp br0
br0
bridge id 8000.080027abcdef
designated root 8000.080027abcdef
root port 0 path cost 0
max age 20.00 bridge max age 20.00
hello time 2.00 bridge hello time 2.00
forward delay 15.00 bridge forward delay 15.00
ageing time 300.00
hello timer 0.00 tcn timer 0.00
topology change timer 0.00
gc timer 52.56
flags
eth1 (1)
port id 8001 state forwarding
designated root 8000.080027abcdef path cost 100
designated bridge 8000.080027abcdef message age timer 0.00
designated port 8001 forward delay timer 0.00
designated cost 0 hold timer 0.00
flags
# 查看网桥MAC地址表from PG视频:www.itpux.com
$ brctl showmacs br0
port no mac addr is local? ageing timer
1 08:00:27:12:34:56 no 0.52
1 08:00:27:ab:cd:ef yes 0.00
# 启用STP生成树协议
$ sudo nmcli connection modify br0 bridge.stp yes
# 设置网桥优先级
$ sudo nmcli connection modify br0 bridge.priority 32768
# 设置转发延迟
$ sudo nmcli connection modify br0 bridge.forward-delay 15
Part04-虚拟网络接口
4.1 创建虚拟网络接口
$ sudo ip link add veth0 type veth peer name veth1
# 将veth0添加到网桥
$ sudo ip link set veth0 master br0
# 启用虚拟接口
$ sudo ip link set veth0 up
$ sudo ip link set veth1 up
# 配置veth1的IP地址
$ sudo ip addr add 192.168.1.200/24 dev veth1
# 查看虚拟接口
$ ip addr show veth1
6: veth1@veth0:
link/ether 08:00:27:12:34:56 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.200/24 scope global veth1
valid_lft forever preferred_lft forever
inet6 fe80::a00:27ff:fe12:3456/64 scope link
valid_lft forever preferred_lft forever
# 创建tap设备(用于虚拟机)
$ sudo ip tuntap add dev tap0 mode tap
# 将tap设备添加到网桥
$ sudo ip link set tap0 master br0
# 启用tap设备
$ sudo ip link set tap0 up
# 查看网桥接口
$ brctl show br0
bridge name bridge id STP enabled interfaces
br0 8000.080027abcdef no eth1
veth0
tap0
Part05-网桥高级配置
5.1 网桥VLAN过滤
$ sudo nmcli connection modify br0 bridge.vlan-filtering yes
# 配置端口的VLAN
$ sudo bridge vlan add dev eth1 vid 10 pvid untagged
$ sudo bridge vlan add dev eth1 vid 20
# 查看VLAN配置
$ bridge vlan show
port vlan ids
eth1 10 PVID Egress Untagged
20
br0 10 PVID Egress Untagged
20
# 配置端口VLAN过滤
$ sudo bridge vlan add dev veth0 vid 10 pvid untagged
# 启用网桥VLAN过滤功能
$ echo 1 | sudo tee /sys/class/net/br0/bridge/vlan_filtering
1
# 查看网桥信息
$ bridge link show
2: eth1:
4: veth0:
5: tap0:
# 测试网络连通性
$ ping -c 3 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
学习交流加群风哥微信: itpux-com64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.521 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.489 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.512 ms
— 192.168.1.1 ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2049ms
rtt min/avg/max/mdev = 0.489/0.507/0.521/0.013 ms
1. 使用nmcli创建持久化网桥配置
2. 启用STP防止网络环路
3. 合理规划网桥和虚拟网络
4. 监控网桥性能和状态
5. 配置VLAN过滤提高安全性
本文由风哥教程整理发布,仅用于学习测试使用,转载注明出处:http://www.fgedu.net.cn/10327.html
