1BRIDGE(8) Linux BRIDGE(8)
2
6 bridge - show / manipulate bridge addresses and devices
7
9 bridge [ OPTIONS ] OBJECT { COMMAND | help }
10 OBJECT := { link | fdb | mdb | vlan | monitor }
13 OPTIONS := { -V[ersion] | -s[tatistics] | -n[etns] name | -b[atch]
16 filename | -c[lor] | -p[retty] | -j[son] | -o[neline] }
17 bridge link set dev DEV [ cost COST ] [ priority PRIO ] [ state STATE]
19 [ guard { on | off } ] [ hairpin { on | off } ] [ fastleave {
20 on | off } ] [ root_block { on | off } ] [ learning { on | off
21 } ] [ learning_sync { on | off } ] [ flood { on | off } ] [
22 hwmode { vepa | veb } ] [ mcast_flood { on | off } ] [
23 neigh_suppress { on | off } ] [ vlan_tunnel { on | off } ] [
24 self ] [ master ]
25 bridge link [ show ] [ dev DEV ]
27 bridge fdb { add | append | del | replace } LLADDR dev DEV { local |
29 static | dynamic } [ self ] [ master ] [ router ] [ use ] [
30 extern_learn ] [ dst IPADDR ] [ vni VNI ] [ port PORT ] [ via
31 DEVICE ]
32 bridge fdb [ show ] [ dev DEV ] [ br BRDEV ] [ brport DEV ] [ vlan VID
34 ] [ state STATE ]
35 bridge mdb { add | del } dev DEV port PORT grp GROUP [ permanent | temp
37 ] [ vid VID ]
38 bridge mdb show [ dev DEV ]
40 bridge vlan { add | del } dev DEV vid VID [ tunnel_info TUNNEL_ID ] [
42 pvid ] [ untagged ] [ self ] [ master ]
43 bridge vlan [ show | tunnelshow ] [ dev DEV ]
45 bridge monitor [ all | neigh | link | mdb ]
47
50 -V, -Version
51 print the version of the bridge utility and exit.
52 -s, -stats, -statistics
55 output more information. If this option is given multiple times,
56 the amount of information increases. As a rule, the information
57 is statistics or some time values.
58 -d, -details
61 print detailed information about MDB router ports.
62 -n, -net, -netns <NETNS>
65 switches bridge to the specified network namespace NETNS. Actu‐
66 ally it just simplifies executing of:
67 ip netns exec NETNS bridge [ OPTIONS ] OBJECT { COMMAND | help }
69 to
71 bridge -n[etns] NETNS [ OPTIONS ] OBJECT { COMMAND | help }
73 -b, -batch <FILENAME>
76 Read commands from provided file or standard input and invoke
77 them. First failure will cause termination of bridge command.
78 -force Don't terminate bridge command on errors in batch mode. If
81 there were any errors during execution of the commands, the
82 application return code will be non zero.
83 -c, -color
86 Use color output.
87 -j, -json
90 Output results in JavaScript Object Notation (JSON).
91 -p, -pretty
94 When combined with -j generate a pretty JSON output.
95 -o, -oneline
98 output each record on a single line, replacing line feeds with
99 the '\' character. This is convenient when you want to count
100 records with wc(1) or to grep(1) the output.
101
105 OBJECT
106 link - Bridge port.
107 fdb - Forwarding Database entry.
110 mdb - Multicast group database entry.
113 vlan - VLAN filter list.
116 COMMAND
119 Specifies the action to perform on the object. The set of possible
120 actions depends on the object type. As a rule, it is possible to add,
121 delete and show (or list ) objects, but some objects do not allow all
122 of these operations or have some additional commands. The help command
123 is available for all objects. It prints out a list of available com‐
124 mands and argument syntax conventions.
125 If no command is given, some default command is assumed. Usually it is
127 list or, if the objects of this class cannot be listed, help.
128
131 link objects correspond to the port devices of the bridge.
132 The corresponding commands set and display port status and bridge spe‐
135 cific attributes.
136 bridge link set - set bridge specific attributes on a port
139 dev NAME
140 interface name of the bridge port
141 cost COST
144 the STP path cost of the specified port.
145 priority PRIO
148 the STP port priority. The priority value is an unsigned 8-bit
149 quantity (number between 0 and 255). This metric is used in the
150 designated port an droot port selectio algorithms.
151 state STATE
154 the operation state of the port. This is primarily used by user
155 space STP/RSTP implementation. One may enter a lowercased port
156 state name, or one of the numbers below. Negative inputs are
157 ignored, and unrecognized names return an error.
158 0 - port is DISABLED. Make this port completely inactive.
160 1 - STP LISTENING state. Only valid if STP is enabled on the
163 bridge. In this state the port listens for STP BPDUs and drops
164 all other traffic frames.
165 2 - STP LEARNING state. Only valid if STP is enabled on the
168 bridge. In this state the port will accept traffic only for the
169 purpose of updating MAC address tables.
170 3 - STP FORWARDING state. Port is fully active.
173 4 - STP BLOCKING state. Only valid if STP is enabled on the
176 bridge. This state is used during the STP election process. In
177 this state, port will only process STP BPDUs.
178 guard on or guard off
182 Controls whether STP BPDUs will be processed by the bridge port.
183 By default, the flag is turned off allowed BPDU processing.
184 Turning this flag on will cause the port to stop processing STP
185 BPDUs.
186 hairpin on or hairpin off
189 Controls whether traffic may be send back out of the port on
190 which it was received. By default, this flag is turned off and
191 the bridge will not forward traffic back out of the receiving
192 port.
193 fastleave on or fastleave off
196 This flag allows the bridge to immediately stop multicast traf‐
197 fic on a port that receives IGMP Leave message. It is only used
198 with IGMP snooping is enabled on the bridge. By default the flag
199 is off.
200 root_block on or root_block off
203 Controls whether a given port is allowed to become root port or
204 not. Only used when STP is enabled on the bridge. By default the
205 flag is off.
206 learning on or learning off
209 Controls whether a given port will learn MAC addresses from
210 received traffic or not. If learning if off, the bridge will end
211 up flooding any traffic for which it has no FDB entry. By
212 default this flag is on.
213 learning_sync on or learning_sync off
216 Controls whether a given port will sync MAC addresses learned on
217 device port to bridge FDB.
218 flooding on or flooding off
221 Controls whether a given port will flood unicast traffic for
222 which there is no FDB entry. By default this flag is on.
223 hwmode Some network interface cards support HW bridge functionality and
226 they may be configured in different modes. Currently support
227 modes are:
228 vepa - Data sent between HW ports is sent on the wire to the
230 external switch.
231 veb - bridging happens in hardware.
233 mcast_flood on or mcast_flood off
236 Controls whether a given port will be flooded with multicast
237 traffic for which there is no MDB entry. By default this flag is
238 on.
239 neigh_suppress on or neigh_suppress off
242 Controls whether neigh discovery (arp and nd) proxy and suppres‐
243 sion is enabled on the port. By default this flag is off.
244 vlan_tunnel on or vlan_tunnel off
247 Controls whether vlan to tunnel mapping is enabled on the port.
248 By default this flag is off.
249 self link setting is configured on specified physical device
252 master link setting is configured on the software bridge (default)
255 -t, -timestamp
258 display current time when using monitor option.
259 bridge link show - list bridge port configuration.
262 This command displays the current bridge port configuration and flags.
263
266 fdb objects contain known Ethernet addresses on a link.
267 The corresponding commands display fdb entries, add new entries, append
270 entries, and delete old ones.
271 bridge fdb add - add a new fdb entry
274 This command creates a new fdb entry.
275 LLADDR the Ethernet MAC address.
278 dev DEV
281 the interface to which this address is associated.
282 local - is a local permanent fdb entry
284 static - is a static (no arp) fdb entry
287 dynamic - is a dynamic reachable age-able fdb entry
290 self - the address is associated with the port drivers fdb. Usu‐
293 ally hardware.
294 master - the address is associated with master devices fdb. Usu‐
297 ally software (default).
298 router - the destination address is associated with a router.
301 Valid if the referenced device is a VXLAN type device and has
302 route shortcircuit enabled.
303 use - the address is in use. User space can use this option to
306 indicate to the kernel that the fdb entry is in use.
307 extern_learn - this entry was learned externally. This option
310 can be used to indicate to the kernel that an entry was hardware
311 or user-space controller learnt dynamic entry. Kernel will not
312 age such an entry.
313 The next command line parameters apply only when the specified device
316 DEV is of type VXLAN.
317 dst IPADDR
319 the IP address of the destination VXLAN tunnel endpoint where
320 the Ethernet MAC ADDRESS resides.
321 vni VNI
324 the VXLAN VNI Network Identifier (or VXLAN Segment ID) to use to
325 connect to the remote VXLAN tunnel endpoint. If omitted the
326 value specified at vxlan device creation will be used.
327 port PORT
330 the UDP destination PORT number to use to connect to the remote
331 VXLAN tunnel endpoint. If omitted the default value is used.
332 via DEVICE
335 device name of the outgoing interface for the VXLAN device
336 driver to reach the remote VXLAN tunnel endpoint.
337 bridge fdb append - append a forwarding database entry
340 This command adds a new fdb entry with an already known LLADDR. Valid
341 only for multicast link layer addresses. The command adds support for
342 broadcast and multicast Ethernet MAC addresses. The Ethernet MAC
343 address is added multiple times into the forwarding database and the
344 vxlan device driver sends a copy of the data packet to each entry
345 found.
346 The arguments are the same as with bridge fdb add.
349 bridge fdb delete - delete a forwarding database entry
352 This command removes an existing fdb entry.
353 The arguments are the same as with bridge fdb add.
356 bridge fdb replace - replace a forwarding database entry
359 If no matching entry is found, a new one will be created instead.
360 The arguments are the same as with bridge fdb add.
363 bridge fdb show - list forwarding entries.
366 This command displays the current forwarding table.
367 With the -statistics option, the command becomes verbose. It prints out
370 the last updated and last used time for each entry.
371
374 mdb objects contain known IP multicast group addresses on a link.
375 The corresponding commands display mdb entries, add new entries, and
378 delete old ones.
379 bridge mdb add - add a new multicast group database entry
382 This command creates a new mdb entry.
383 dev DEV
386 the interface where this group address is associated.
387 port PORT
390 the port whose link is known to have members of this multicast
391 group.
392 grp GROUP
395 the IP multicast group address whose members reside on the link
396 connected to the port.
397 permanent - the mdb entry is permanent
399 temp - the mdb entry is temporary (default)
402 vid VID
406 the VLAN ID which is known to have members of this multicast
407 group.
408 bridge mdb delete - delete a multicast group database entry
411 This command removes an existing mdb entry.
412 The arguments are the same as with bridge mdb add.
415 bridge mdb show - list multicast group database entries
418 This command displays the current multicast group membership table. The
419 table is populated by IGMP and MLD snooping in the bridge driver auto‐
420 matically. It can be altered by bridge mdb add and bridge mdb del com‐
421 mands manually too.
422 dev DEV
425 the interface only whose entries should be listed. Default is to
426 list all bridge interfaces.
427 With the -details option, the command becomes verbose. It prints out
430 the ports known to have a connected router.
431 With the -statistics option, the command displays timer values for mdb
434 and router port entries.
435
438 vlan objects contain known VLAN IDs for a link.
439 The corresponding commands display vlan filter entries, add new
442 entries, and delete old ones.
443 bridge vlan add - add a new vlan filter entry
446 This command creates a new vlan filter entry.
447 dev NAME
450 the interface with which this vlan is associated.
451 vid VID
454 the VLAN ID that identifies the vlan.
455 tunnel_info TUNNEL_ID
458 the TUNNEL ID that maps to this vlan. The tunnel id is set in
459 dst_metadata for every packet that belongs to this vlan (appli‐
460 cable to bridge ports with vlan_tunnel flag set).
461 pvid the vlan specified is to be considered a PVID at ingress. Any
464 untagged frames will be assigned to this VLAN.
465 untagged
468 the vlan specified is to be treated as untagged on egress.
469 self the vlan is configured on the specified physical device.
472 Required if the device is the bridge device.
473 master the vlan is configured on the software bridge (default).
476 bridge vlan delete - delete a vlan filter entry
479 This command removes an existing vlan filter entry.
480 The arguments are the same as with bridge vlan add. The pvid and
483 untagged flags are ignored.
484 bridge vlan show - list vlan configuration.
487 This command displays the current VLAN filter table.
488 With the -statistics option, the command displays per-vlan traffic sta‐
491 tistics.
492 bridge vlan tunnelshow - list vlan tunnel mapping.
495 This command displays the current vlan tunnel info mapping.
496
499 The bridge utility can monitor the state of devices and addresses con‐
500 tinuously. This option has a slightly different format. Namely, the
501 monitor command is the first in the command line and then the object
502 list follows:
503 bridge monitor [ all | OBJECT-LIST ]
505 OBJECT-LIST is the list of object types that we want to monitor. It
507 may contain link, fdb, and mdb. If no file argument is given, bridge
508 opens RTNETLINK, listens on it and dumps state changes in the format
509 described in previous sections.
510 If a file name is given, it does not listen on RTNETLINK, but opens the
513 file containing RTNETLINK messages saved in binary format and dumps
514 them.
515
518 This command uses facilities added in Linux 3.0.
519 Although the forwarding table is maintained on a per-bridge device
521 basis the bridge device is not part of the syntax. This is a limitation
522 of the underlying netlink neighbour message protocol. When displaying
523 the forwarding table, entries for all bridges are displayed.
524 Add/delete/modify commands determine the underlying bridge device based
525 on the bridge to which the corresponding ethernet device is attached.
526
530 ip(8)
531
533 Please direct bugreports and patches to: <netdev@vger.kernel.org>
534
537 Original Manpage by Stephen Hemminger
538iproute2 1 August 2012 BRIDGE(8)