bridge not working on centos 8

Issues related to configuring your network
Post Reply
vamfoom
Posts: 39
Joined: 2014/05/24 01:28:37

bridge not working on centos 8

Post by vamfoom » 2019/11/10 07:33:15

I followed this page to set up a bridge under CentOS 8 but unfortunately nothing can communicate outside the host: https://computingforgeeks.com/how-to-cr ... -centos-8/

I can see that the bridge is up. And it appears the ethernet interface is connected to the bridge. Has anyone gotten the bridge to work on centos 8? what do your ifcfg-* files looks like? Unfortunately, because the interface isn't working I cannot cut and paste.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: bridge not working on centos 8

Post by jlehtone » 2019/11/10 14:54:12

Did a test. Had a "simple connection" enp0s31f6. Took it down:

Code: Select all

sudo nmcli con down enp0s31f6
Then followed man nmcli-examples:

Code: Select all

sudo nmcli con add type bridge con-name TowerBridge ifname TowerBridge
sudo nmcli con add type ethernet con-name br-slave-1 ifname enp0s31f6 master TowerBridge
Result: I'm posting this.

As for ifcfg-*, I don't care what NM writes and where.

vamfoom
Posts: 39
Joined: 2014/05/24 01:28:37

Re: bridge not working on centos 8

Post by vamfoom » 2019/11/11 20:23:29

It still doesn't work for me with your example (exchanging device name with what I have on my system). I'm assuming you're using DHCP but you're not setting the IP address info. Ordinarily, in CentOS 7 and below, IP config is set on the bridge interface but I'm not sure how that's supposed to work in CentOS8. Everything seems to be correct as far as I can tell but I still cannot communicate outside of the host. I wanted to see the ifcfg-* files because I want to be able to compare what was generated in a working system vs what I have. Or maybe provide the output from your nmcli config.

vamfoom
Posts: 39
Joined: 2014/05/24 01:28:37

Re: bridge not working on centos 8

Post by vamfoom » 2019/11/11 20:55:32

It might not be the setup. The interface doesn't seem to be connected which is strange because it was working just fine prior to the bridge setup.

Could be something environmental.

vamfoom
Posts: 39
Joined: 2014/05/24 01:28:37

Re: bridge not working on centos 8

Post by vamfoom » 2019/11/12 05:53:16

I'm not able to get the bridge to work. I moved the testing to a different server where I verified that the interface is able to communicate with other hosts on the network. After adding the bridge and connecting/enslaving the ethernet interace to it, all communications with other hosts on the network no longer works.

In CentOS 6 and 7, I normally put the IP configuration on the bridge itself. WIth nmcli, after running the commands to add the bridge and enslaving the ethernet interface to it, I see that the IP config remains with the ethernet interface.

I did check the nmcli-examples man page and it basically provides the example you gave. I'm at a loss as to why my setup doesn't work.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: bridge not working on centos 8

Post by jlehtone » 2019/11/12 16:45:09

Okay, ran the example again. (Note: It takes a while for the bridge to come up, perhaps due to stp.)

Yes, I have DHCP server on my network and yes, the connections created by NM use DHCP by default.

Connections, devices and routes (I won't delete my enp0s31f6):

Code: Select all

$ nmcli c s
NAME         UUID                                  TYPE      DEVICE      
br-slave-1   22353850-cabe-4c4a-b354-b078832b45e7  ethernet  enp0s31f6   
TowerBridge  44123894-8fb3-41a5-9a1e-ddf35d0ac9d1  bridge    TowerBridge 
enp0s31f6    8ad6b747-bf97-4ccb-a72b-0ed4e6eedb16  ethernet  --

$ nmcli d s
DEVICE       TYPE      STATE      CONNECTION  
TowerBridge  bridge    connected  TowerBridge 
enp0s31f6    ethernet  connected  br-slave-1  
lo           loopback  unmanaged  --

$ ip ro
default via 10.20.30.1 dev TowerBridge proto dhcp metric 425 
10.20.30.0/24 dev TowerBridge proto kernel scope link src 10.20.30.40 metric 425
The slave:

Code: Select all

$ nmcli c s br-slave-1
connection.id:                          br-slave-1
connection.uuid:                        22353850-cabe-4c4a-b354-b078832b45e7
connection.stable-id:                   --
connection.type:                        802-3-ethernet
connection.interface-name:              enp0s31f6
connection.autoconnect:                 yes
connection.autoconnect-priority:        0
connection.autoconnect-retries:         -1 (default)
connection.multi-connect:               0 (default)
connection.auth-retries:                -1
connection.timestamp:                   1573575817
connection.read-only:                   no
connection.permissions:                 --
connection.zone:                        --
connection.master:                      TowerBridge
connection.slave-type:                  bridge
connection.autoconnect-slaves:          -1 (default)
connection.secondaries:                 --
connection.gateway-ping-timeout:        0
connection.metered:                     unknown
connection.lldp:                        default
connection.mdns:                        -1 (default)
connection.llmnr:                       -1 (default)
802-3-ethernet.port:                    --
802-3-ethernet.speed:                   0
802-3-ethernet.duplex:                  --
802-3-ethernet.auto-negotiate:          no
802-3-ethernet.mac-address:             --
802-3-ethernet.cloned-mac-address:      --
802-3-ethernet.generate-mac-address-mask:--
802-3-ethernet.mac-address-blacklist:   --
802-3-ethernet.mtu:                     auto
802-3-ethernet.s390-subchannels:        --
802-3-ethernet.s390-nettype:            --
802-3-ethernet.s390-options:            --
802-3-ethernet.wake-on-lan:             default
802-3-ethernet.wake-on-lan-password:    --
bridge-port.priority:                   32
bridge-port.path-cost:                  100
bridge-port.hairpin-mode:               no
GENERAL.NAME:                           br-slave-1
GENERAL.UUID:                           22353850-cabe-4c4a-b354-b078832b45e7
GENERAL.DEVICES:                        enp0s31f6
GENERAL.STATE:                          activated
GENERAL.DEFAULT:                        no
GENERAL.DEFAULT6:                       no
GENERAL.SPEC-OBJECT:                    --
GENERAL.VPN:                            no
GENERAL.DBUS-PATH:                      /org/freedesktop/NetworkManager/ActiveConnection/3
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/Settings/3
GENERAL.ZONE:                           --
GENERAL.MASTER-PATH:                    /org/freedesktop/NetworkManager/Devices/3
IP4.GATEWAY:                            --
IP6.GATEWAY:                            --
and its NM-generated file:

Code: Select all

$ cat /etc/sysconfig/network-scripts/ifcfg-br-slave-1 
TYPE=Ethernet
NAME=br-slave-1
UUID=22353850-cabe-4c4a-b354-b078832b45e7
DEVICE=enp0s31f6
ONBOOT=yes
BRIDGE=TowerBridge
The bridge (without IPv6 bits):

Code: Select all

$ nmcli c s TowerBridge
connection.id:                          TowerBridge
connection.uuid:                        44123894-8fb3-41a5-9a1e-ddf35d0ac9d1
connection.stable-id:                   --
connection.type:                        bridge
connection.interface-name:              TowerBridge
connection.autoconnect:                 yes
connection.autoconnect-priority:        0
connection.autoconnect-retries:         -1 (default)
connection.multi-connect:               0 (default)
connection.auth-retries:                -1
connection.timestamp:                   1573575817
connection.read-only:                   no
connection.permissions:                 --
connection.zone:                        --
connection.master:                      --
connection.slave-type:                  --
connection.autoconnect-slaves:          -1 (default)
connection.secondaries:                 --
connection.gateway-ping-timeout:        0
connection.metered:                     unknown
connection.lldp:                        default
connection.mdns:                        -1 (default)
connection.llmnr:                       -1 (default)
802-3-ethernet.port:                    --
802-3-ethernet.speed:                   0
802-3-ethernet.duplex:                  --
802-3-ethernet.auto-negotiate:          no
802-3-ethernet.mac-address:             --
802-3-ethernet.cloned-mac-address:      --
802-3-ethernet.generate-mac-address-mask:--
802-3-ethernet.mac-address-blacklist:   --
802-3-ethernet.mtu:                     auto
802-3-ethernet.s390-subchannels:        --
802-3-ethernet.s390-nettype:            --
802-3-ethernet.s390-options:            --
802-3-ethernet.wake-on-lan:             default
802-3-ethernet.wake-on-lan-password:    --
ipv4.method:                            auto
ipv4.dns:                               --
ipv4.dns-search:                        --
ipv4.dns-options:                       ""
ipv4.dns-priority:                      0
ipv4.addresses:                         --
ipv4.gateway:                           --
ipv4.routes:                            --
ipv4.route-metric:                      -1
ipv4.route-table:                       0 (unspec)
ipv4.ignore-auto-routes:                no
ipv4.ignore-auto-dns:                   no
ipv4.dhcp-client-id:                    --
ipv4.dhcp-timeout:                      0 (default)
ipv4.dhcp-send-hostname:                yes
ipv4.dhcp-hostname:                     --
ipv4.dhcp-fqdn:                         --
ipv4.never-default:                     no
ipv4.may-fail:                          yes
ipv4.dad-timeout:                       -1 (default)
bridge.mac-address:                     --
bridge.stp:                             yes
bridge.priority:                        32768
bridge.forward-delay:                   15
bridge.hello-time:                      2
bridge.max-age:                         20
bridge.ageing-time:                     300
bridge.group-forward-mask:              0
bridge.multicast-snooping:              yes
proxy.method:                           none
proxy.browser-only:                     no
proxy.pac-url:                          --
proxy.pac-script:                       --
GENERAL.NAME:                           TowerBridge
GENERAL.UUID:                           44123894-8fb3-41a5-9a1e-ddf35d0ac9d1
GENERAL.DEVICES:                        TowerBridge
GENERAL.STATE:                          activated
GENERAL.DEFAULT:                        yes
GENERAL.DEFAULT6:                       yes
GENERAL.SPEC-OBJECT:                    --
GENERAL.VPN:                            no
GENERAL.DBUS-PATH:                      /org/freedesktop/NetworkManager/ActiveConnection/2
GENERAL.CON-PATH:                       /org/freedesktop/NetworkManager/Settings/2
GENERAL.ZONE:                           --
GENERAL.MASTER-PATH:                    --
IP4.ADDRESS[1]:                         10.20.30.40/24
IP4.GATEWAY:                            10.20.30.1
IP4.ROUTE[1]:                           dst = 0.0.0.0/0, nh = 10.20.30.1, mt = 425
IP4.ROUTE[2]:                           dst = 10.20.30.0/24, nh = 0.0.0.0, mt = 425
IP4.DNS[1]:                             10.20.30.1
IP4.DOMAIN[1]:                          fubar.xxx
DHCP4.OPTION[1]:                        domain_name = fubar.xxx
DHCP4.OPTION[2]:                        domain_name_servers = 10.20.30.1
DHCP4.OPTION[3]:                        domain_search = fubar.xxx
DHCP4.OPTION[4]:                        expiry = 1573662014
DHCP4.OPTION[5]:                        ip_address = 10.20.30.40
DHCP4.OPTION[6]:                        requested_broadcast_address = 1
DHCP4.OPTION[7]:                        requested_dhcp_server_identifier = 1
DHCP4.OPTION[8]:                        requested_domain_name = 1
DHCP4.OPTION[9]:                        requested_domain_name_servers = 1
DHCP4.OPTION[10]:                       requested_domain_search = 1
DHCP4.OPTION[11]:                       requested_host_name = 1
DHCP4.OPTION[12]:                       requested_interface_mtu = 1
DHCP4.OPTION[13]:                       requested_ms_classless_static_routes = 1
DHCP4.OPTION[14]:                       requested_nis_domain = 1
DHCP4.OPTION[15]:                       requested_nis_servers = 1
DHCP4.OPTION[16]:                       requested_ntp_servers = 1
DHCP4.OPTION[17]:                       requested_rfc3442_classless_static_routes = 1
DHCP4.OPTION[18]:                       requested_routers = 1
DHCP4.OPTION[19]:                       requested_static_routes = 1
DHCP4.OPTION[20]:                       requested_subnet_mask = 1
DHCP4.OPTION[21]:                       requested_time_offset = 1
DHCP4.OPTION[22]:                       requested_wpad = 1
DHCP4.OPTION[23]:                       routers = 10.20.30.1
DHCP4.OPTION[24]:                       subnet_mask = 255.255.255.0
and file:

Code: Select all

$ cat /etc/sysconfig/network-scripts/ifcfg-TowerBridge 
STP=yes
BRIDGING_OPTS=priority=32768
TYPE=Bridge
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=TowerBridge
UUID=44123894-8fb3-41a5-9a1e-ddf35d0ac9d1
DEVICE=TowerBridge
ONBOOT=yes
One could/should append bridge.stp no to the nmcli con add type bridge ... command.

You could listen the interface with tcpdump while you create/start the connections to see whether there are (dhcp) traffic.

vamfoom
Posts: 39
Joined: 2014/05/24 01:28:37

Re: bridge not working on centos 8

Post by vamfoom » 2019/11/12 22:01:18

As a test, I tried to remove the bridge and could not get the machine to communicate on the network anymore. I had the networking team look on their switch to determine why nothing is working. Turns out, the switch received an unknown BPDU packet and shut down the port to avoid STP topology recalculation. Is there a command to disable this while setting up the bridge ? It could do it afterward but by that time the port would’ve been disabled.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: bridge not working on centos 8

Post by jlehtone » 2019/11/12 22:28:27

If BPDU's come from the STP and you know that you won't add a loop with your "switch", then creating bridge without STP should ...

You can give most nm-settings on the "add" command:

Code: Select all

sudo nmcli con add type bridge con-name TowerBridge ifname TowerBridge bridge.stp no

vamfoom
Posts: 39
Joined: 2014/05/24 01:28:37

Re: bridge not working on centos 8

Post by vamfoom » 2019/11/12 23:13:14

With STP disabled from the get-go, everything works now. I was chasing a red herring. The issue was because the switch actually disabled the port.

Thank you for all your inputs.

Post Reply