Путеводитель по Руководству Linux

  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |



   bridge    ( 8 )

показывать / управлять адресами моста и устройствами (show / manipulate bridge addresses and devices)

bridge link - bridge port

link objects correspond to the port devices of the bridge.

The corresponding commands set and display port status and bridge specific attributes.

bridge link set - set bridge specific attributes on a port dev NAME interface name of the bridge port

cost COST the STP path cost of the specified port.

priority PRIO the STP port priority. The priority value is an unsigned 8-bit quantity (number between 0 and 255). This metric is used in the designated port an droot port selection algorithms.

state STATE the operation state of the port. Except state 0 (disable STP or BPDU filter feature), this is primarily used by user space STP/RSTP implementation. One may enter port state name (case insensitive), or one of the numbers below. Negative inputs are ignored, and unrecognized names return an error.

0 - port is in STP DISABLED state. Make this port completely inactive for STP. This is also called BPDU filter and could be used to disable STP on an untrusted port, like a leaf virtual devices.

1 - port is in STP LISTENING state. Only valid if STP is enabled on the bridge. In this state the port listens for STP BPDUs and drops all other traffic frames.

2 - port is in STP LEARNING state. Only valid if STP is enabled on the bridge. In this state the port will accept traffic only for the purpose of updating MAC address tables.

3 - port is in STP FORWARDING state. Port is fully active.

4 - port is in STP BLOCKING state. Only valid if STP is enabled on the bridge. This state is used during the STP election process. In this state, port will only process STP BPDUs.

guard on or guard off Controls whether STP BPDUs will be processed by the bridge port. By default, the flag is turned off allowed BPDU processing. Turning this flag on will disables the bridge port if a STP BPDU packet is received.

If running Spanning Tree on bridge, hostile devices on the network may send BPDU on a port and cause network failure. Setting guard on will detect and stop this by disabling the port. The port will be restarted if link is brought down, or removed and reattached. For example if guard is enable on eth0:

ip link set dev eth0 down; ip link set dev eth0 up

hairpin on or hairpin off Controls whether traffic may be send back out of the port on which it was received. This option is also called reflective relay mode, and is used to support basic VEPA (Virtual Ethernet Port Aggregator) capabilities. By default, this flag is turned off and the bridge will not forward traffic back out of the receiving port.

fastleave on or fastleave off This flag allows the bridge to immediately stop multicast traffic on a port that receives IGMP Leave message. It is only used with IGMP snooping is enabled on the bridge. By default the flag is off.

root_block on or root_block off Controls whether a given port is allowed to become root port or not. Only used when STP is enabled on the bridge. By default the flag is off.

This feature is also called root port guard. If BPDU is received from a leaf (edge) port, it should not be elected as root port. This could be used if using STP on a bridge and the downstream bridges are not fully trusted; this prevents a hostile guest from rerouting traffic.

learning on or learning off Controls whether a given port will learn MAC addresses from received traffic or not. If learning if off, the bridge will end up flooding any traffic for which it has no FDB entry. By default this flag is on.

learning_sync on or learning_sync off Controls whether a given port will sync MAC addresses learned on device port to bridge FDB.

flood on or flood off Controls whether unicast traffic for which there is no FDB entry will be flooded towards this given port. By default this flag is on.

hwmode Some network interface cards support HW bridge functionality and they may be configured in different modes. Currently support modes are:

vepa - Data sent between HW ports is sent on the wire to the external switch.

veb - bridging happens in hardware.

mcast_flood on or mcast_flood off Controls whether multicast traffic for which there is no MDB entry will be flooded towards this given port. By default this flag is on.

mcast_to_unicast on or mcast_to_unicast off Controls whether a given port will replicate packets using unicast instead of multicast. By default this flag is off.

This is done by copying the packet per host and changing the multicast destination MAC to a unicast one accordingly.

mcast_to_unicast works on top of the multicast snooping feature of the bridge. Which means unicast copies are only delivered to hosts which are interested in it and signalized this via IGMP/MLD reports previously.

This feature is intended for interface types which have a more reliable and/or efficient way to deliver unicast packets than broadcast ones (e.g. WiFi).

However, it should only be enabled on interfaces where no IGMPv2/MLDv1 report suppression takes place. IGMP/MLD report suppression issue is usually overcome by the network daemon (supplicant) enabling AP isolation and by that separating all STAs.

Delivery of STA-to-STA IP multicast is made possible again by enabling and utilizing the bridge hairpin mode, which considers the incoming port as a potential outgoing port, too (see hairpin option). Hairpin mode is performed after multicast snooping, therefore leading to only deliver reports to STAs running a multicast router.

neigh_suppress on or neigh_suppress off Controls whether neigh discovery (arp and nd) proxy and suppression is enabled on the port. By default this flag is off.

vlan_tunnel on or vlan_tunnel off Controls whether vlan to tunnel mapping is enabled on the port. By default this flag is off.

isolated on or isolated off Controls whether a given port will be isolated, which means it will be able to communicate with non-isolated ports only. By default this flag is off.

backup_port DEVICE If the port loses carrier all traffic will be redirected to the configured backup port

nobackup_port Removes the currently configured backup port

self link setting is configured on specified physical device

master link setting is configured on the software bridge (default)

-t, -timestamp display current time when using monitor option.

bridge link show - list ports configuration for all bridges. This command displays port configuration and flags for all bridges.

To display port configuration and flags for a specific bridge, use the "ip link show master <bridge_device>" command.