Skip to main content

Anonymous bridges in netplan

netplan is the default network configuration system for new installs of Ubuntu 18.04 (Bionic). Introduced as the default in Artful, it replaces /etc/network/interfaces.

One question that gets asked repeatedly is: "How do I set up an anonymous bridge in netplan?" (An anonymous bridge, I discovered, is one where the bridge doesn't have an IP address; it's more akin to a switch or hub.) It's been approached on Launchpad, and comes up on the IRC channel.

If you're trying to create a bridge without an IP address, the obvious first thing to try is this:

network:
    version: 2
    ethernets:
        ens8:
            match:
                macaddress: 52:54:00:f9:e9:dd
        ens9:
            match:
                macaddress: 52:54:00:56:0d:ce
    bridges:
        br0:
           interfaces: [ens8, ens9]

This is neat, plausible, and wrong - the bridge will be created but will stay 'down'. Per ip a:

5: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 0e:e3:1c:83:f8:e8 brd ff:ff:ff:ff:ff:ff

This is because systemd requires a 'network file' to bring up an interface, and netplan doesn't generate a systemd network file for the bridge. If you look at src/generate.c, in particular at write_network_file, you need at least one of a set of properties to trigger generation of a network file, and an anonymous bridge has none of them. This is clearly a bug - LP: #1736975.

There's no fix yet, but in the mean time, you can work around it by just manually telling systemd-networkd to bring up the interface. I created /etc/systemd/network/br0.network, containing the following:

[Match]
Name=br0

[Network]
LinkLocalAddressing=no
IPv6AcceptRA=no

Then upon restarting networking (netplan apply or just reboot), you will see that the bridge comes up, and - as desired - has no address:

5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 0e:e3:1c:83:f8:e8 brd ff:ff:ff:ff:ff:ff

Don't forget to include a comment in your netplan YAML to remind you that this extra file exists!

I will update this post when the bug is fixed to provide whatever canonical solution we land on.

Comments

  1. Unknown15 May 2018 at 16:28

    an alternate way, just add an systemd service?

    ========= /etc/systemd/system/up-bridge-100-interface.service ========
    [Unit]
    Description=Bring br100 interface up after network settings are done (bug: anonymous briges dont came up at boottime)
    Wants=network-online.target
    After=network-online.target

    [Service]
    Type=simple
    ExecStart=/bin/ip link set br100 up

    [Install]
    WantedBy=multi-user.target
    =========================================

    # sudo systemctl start up-bridge-100-interface
    # sudo systemctl status up-bridge-100-interface
    # sudo systemctl enable up-bridge-100-interface

    ReplyDelete
    Replies
    1. Daniel Axtens16 May 2018 at 12:05

      Yes, that should also work fine.

      Delete
    2. Daniel Axtens16 May 2018 at 12:06

      Do you find you get IPv6 link local addressing in that case though?

      Delete
  2. Anonymous17 August 2019 at 11:46

    It would appear this has been fixed in bionic-updates:
    https://bugs.launchpad.net/ubuntu/+source/nplan/+bug/1736975/comments/31

    ReplyDelete
  3. 行草1 December 2020 at 19:46

    I've got it working like this. The trick is to make it think it needs dhcp, but without IP. So this case interface will be up.

    network:
    version: 2
    ethernets:
    enp1s0:
    dhcp4: no
    enp2s0:
    dhcp4: no
    bridges:
    br0:
    interfaces: [enp1s0, enp2s0]

    ReplyDelete

Post a Comment

Popular posts from this blog

Connecting to a wifi network with netplan

How do you connect to a a wifi network with netplan? I hang out on the #netplan IRC channel on Freenode, and this comes up every so often. netplan - the default network configuration tool in Ubuntu 17.10 onwards - currently supports WPA2 Personal networks, and open (unencrypted) networks only. If you need something else, consider using NetworkManager directly, or falling back to ifupdown and wpa_supplicant for a little longer. Without further ado, here are tested, working YAML files for connection to my local WPA2 and unencrypted network. The only things that have been changed are the SSIDs and password. Both networks have a router providing dhcp4. In both cases I assume there's only one wifi device in the system - if this is not true, replace match: {} with something more specific. You can drop these in  /etc/netplan and run netplan generate; netplan apply  and things should work. The network will also be brought up on subsequent boots. Note that, as always in YAML...
3 comments
Read more

Painless powerpc cross-compiling

As an ex-IBMer, I'm still quite fond of POWER/ppc64 processors, and occasionally cross-compile kernels for 64-bit little-endian PowerPC (ppc64el/ppc64le) from my amd64 system. It's not immediately obvious what the simplest way to do this is. On Ubuntu (and I'm told, Debian) it is really very simple. Installation sudo apt install gcc-powerpc64le-linux-gnu Congrats, you now have a ppc64le cross-compiling toolchain installed! If you need other languages, g++/gccgo/gfortran/gnat/gobjc-powerpc64le-linux-gnu are also available. Kernel cd your/linux/source make ARCH=powerpc CROSS_COMPILE=powerpc64le-linux-gnu- <your usual kernel build commands here> That's it. Userspace It depends a bit on the build system. Here's how to build, for example, sed , which uses autotools ( ./configure and friends). ./configure --host powerpc64le-linux-gnu make That's it.  For a dynamically linked binary, you only need the headers for any library depende...
Post a Comment
Read more