OpenBSD: Configure Network Interface As A Bridge / Network Switch

Author: Vivek Gite Last updated: August 9, 2020 4 comments
I have Soekris single board communication embedded computer which is optimized for low power and network usage. The server has four Ethernet ports. How do I setup IPv4 software bridge using the OpenBSD operating system so that the rest of four ports act as a network switch?

[donotprint]
Tutorial details
Difficulty level Intermediate
Root privileges Yes
Requirements OpenBSD v2.5+
Est. reading time 10m
[/donotprint] The OpenBSD operating system comes with the bridge device support. A bridge interface can be created at runtime using the ifconfig bridge0 command or by setting up a /etc/hostname.N configuration file for netstart command. A bridge interface creates a logical link between two or more Ethernet interfaces or encapsulation interfaces. This link between the interfaces selectively forwards frames from each interface on the bridge to every other interface on the bridge. A bridge can serve several services, including isolation of traffic between sets of machines so that traffic local to one set of machines is not available on the wire of another set of machines, and it can act as a transparent filter for IP datagrams.

How do I setup bridge0?

Create a file called /etc/hostname.bridge0, enter:
# vi /etc/hostname.bridge0
Append the following interface names:

add vr0
add vr1
add vr2
add vr3
add rl0
up

Save and close the file. This is saying set up a bridge consisting of the five NICs, vr0, vr1, vr2, vr3, and rl0 and activate it. The order the cards are listed does not matters. Make sure each NICs is configured as per your requirements:
# cat /etc/hostname.vr0
Sample outputs:
up media autoselect
The rest of the config:
# cat /etc/hostname.vr1
up media autoselect

# cat /etc/hostname.vr2
up media autoselect

# cat /etc/hostname.vr3
up media autoselect

However, NIC rl0 has static IP address configuration as follows:
# vi /etc/hostname.rl0
Sample outputs:

inet 192.168.1.254 255.255.255.0 192.168.1.255

Save and close the file. Reboot the server to test new settings:
# reboot
Verify new switch settings:
# ifconfig bridge0
Sample outputs:

bridge0: flags=41<UP,RUNNING>
        groups: bridge
        priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
        designated: id 00:00:00:00:00:00 priority 0
        run0 flags=3<LEARNING,DISCOVER>
                port 8 ifpriority 0 ifcost 0
        vr3 flags=3<LEARNING,DISCOVER>
                port 4 ifpriority 0 ifcost 0
        vr2 flags=3<LEARNING,DISCOVER>
                port 3 ifpriority 0 ifcost 0
        vr1 flags=3<LEARNING,DISCOVER>
                port 2 ifpriority 0 ifcost 0
        vr0 flags=3<LEARNING,DISCOVER>
                port 1 ifpriority 0 ifcost 0
        rl0 flags=3<LEARNING,DISCOVER>
                port 5 ifpriority 0 ifcost 0
        Addresses (max cache: 100, timeout: 240):
                74:44:01:40:57:fb vr0 0 flags=0<>

To see rl0 config:
# ifconfig rl0

References:

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 4 comments so far... add one

Related Tutorials
CategoryList of Unix and Linux commands
Disk space analyzersncdu pydf
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
4 comments… add one
  • x Feb 5, 2013 @ 19:08

    There’s a typo in the topic:
    the “n” is missing at “OpeBSD” ;)

    Reply Link
  • Paul May 21, 2013 @ 12:27

    Well, if you need to give bridge an address, don’t do it on physical interface. Once this particular interface goes down, you won’t be able to connect to bridge via any other interface.

    Use vether* for this purpose. Give it address and add to a bridge. It is always-up and will be reachable as long as at least one physical interface of bridge is up.

    Reply Link
    • Celery Man Oct 21, 2015 @ 6:37

      Thanks for that awesome tip Paul, just stumbled across this!

      Reply Link

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum

Next FAQ:

Previous FAQ:

 

FEATURED ARTICLES

Sign up for my newsletter

Sign up for my newsletter