How To Configuring Network Bridge on Ubuntu 24.04 LTS

Network bridges serve as essential components in modern Linux environments, particularly for virtualization and container deployments. A bridge interface acts as a virtual network switch, connecting multiple network segments and allowing virtual machines to communicate directly with physical networks. Understanding how to properly configure network bridges on Ubuntu 24.04 LTS opens doors to advanced networking capabilities, including KVM virtualization, container orchestration, and multi-host networking scenarios.

This comprehensive guide walks through multiple methods of creating and managing network bridges on Ubuntu 24.04 LTS. Whether running a desktop installation with NetworkManager or a server deployment using Netplan, the techniques covered here provide practical solutions for various use cases. The configuration approaches detailed in this article enable seamless integration of virtual machines with physical network infrastructure, ensuring optimal performance and connectivity.

Understanding Network Bridges

Network bridges operate at Layer 2 of the OSI model, functioning as intelligent switches that forward traffic between connected interfaces. When a bridge is created, it learns MAC addresses of devices on connected segments and makes forwarding decisions based on this information. This differs significantly from NAT (Network Address Translation) networking, where virtual machines sit behind a private network and access external resources through address translation.

The primary advantage of bridged networking lies in its transparency. Virtual machines connected to a bridge appear as distinct hosts on the physical network, receiving their own IP addresses from the network’s DHCP server or configured with static addresses. This setup proves invaluable for scenarios requiring direct network access, such as running production services, testing network applications, or creating development environments that mirror production topologies.

Common bridge interface names include br0 for custom bridges and virbr0 for libvirt’s default NAT bridge. Understanding these naming conventions helps when troubleshooting and managing multiple bridge configurations.

Prerequisites and Requirements

Before diving into bridge configuration, ensure the system meets basic requirements. Ubuntu 24.04 LTS must be installed, whether Desktop or Server edition. Administrative access through sudo privileges is mandatory for modifying network configurations. A fundamental understanding of networking concepts—including IP addressing, subnet masks, and default gateways—facilitates smoother configuration.

The system requires at least one physical or virtual network interface available for bridging. Active internet connectivity proves necessary for installing additional packages. For virtualization use cases, allocate sufficient system resources to support both the host operating system and any virtual machines that will utilize the bridge.

Identifying Your Network Configuration Tool

Ubuntu 24.04 LTS employs different network management systems depending on the installation type. Desktop installations typically use NetworkManager, providing graphical and command-line interfaces for network configuration. Server installations default to systemd-networkd with Netplan as the configuration front-end.

Determine which system manages network connections by checking NetworkManager status:

systemctl status NetworkManager

If NetworkManager is active and running, the system uses NetworkManager for network management. Alternatively, check for Netplan configuration files:

ls /etc/netplan/

The presence of YAML files in this directory indicates Netplan configuration. Understanding which tool the system uses determines the appropriate configuration method.

Installing Required Packages

System preparation begins with updating existing packages to ensure compatibility and security:

sudo apt update && sudo apt upgrade -y

Install bridge-utils, which provides traditional bridge management commands:

sudo apt install bridge-utils -y

For modern systems, iproute2 offers an updated approach to network configuration. Most Ubuntu installations include iproute2 by default, but verify its availability:

ip link show

For KVM virtualization scenarios, install additional packages:

sudo apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virt-manager -y

These packages provide the necessary tools for creating and managing virtual machines that utilize bridge networking. Verify successful installation by checking package versions and availability.

Identifying Network Interfaces

Before creating a bridge, identify available network interfaces. The ip command displays all network interfaces and their current states:

ip link show

This command lists interfaces with names like enp1s0, enp4s0, or eth0 for Ethernet connections. Wireless interfaces typically appear as wlp3s0 or similar. Note the exact name of the interface currently providing network connectivity.

For detailed information including IP addresses and subnet masks, use:

ip addr show

The output reveals which interfaces are UP and currently active. Interface naming follows Predictable Network Interface Names convention, where names reflect physical location or hardware properties. Understanding these names ensures accurate configuration.

Method 1: Creating Bridge with NetworkManager (nmcli)

NetworkManager’s command-line interface, nmcli, provides powerful tools for creating and managing network bridges. This method suits Ubuntu Desktop installations and systems where NetworkManager handles network configuration.

Begin by viewing existing network connections:

nmcli connection show

This displays all configured connections with their names, UUIDs, types, and associated devices. Create the bridge interface with a descriptive connection name:

sudo nmcli connection add type bridge ifname br0 con-name bridge-br0

This command creates a bridge interface named br0 with the connection name bridge-br0. Next, add the physical Ethernet interface as a bridge slave. Replace enp4s0 with the actual interface name:

sudo nmcli connection add type ethernet ifname enp4s0 master br0 con-name bridge-slave-enp4s0

Disable Spanning Tree Protocol (STP) for improved performance in simple topologies:

sudo nmcli connection modify bridge-br0 bridge.stp no

STP prevents network loops but introduces delays during bridge activation. For single-host virtualization scenarios, disabling STP improves startup times.

Configure the bridge to obtain an IP address automatically via DHCP:

sudo nmcli connection modify bridge-br0 ipv4.method auto

Alternatively, configure a static IP address:

sudo nmcli connection modify bridge-br0 ipv4.addresses 192.168.1.100/24
sudo nmcli connection modify bridge-br0 ipv4.gateway 192.168.1.1
sudo nmcli connection modify bridge-br0 ipv4.dns "8.8.8.8,8.8.4.4"
sudo nmcli connection modify bridge-br0 ipv4.method manual

Set the DNS search domain for name resolution:

sudo nmcli connection modify bridge-br0 ipv4.dns-search example.com

Deactivate the original Ethernet connection:

sudo nmcli connection down "Wired connection 1"

Activate the bridge connection:

sudo nmcli connection up bridge-br0

The system may experience brief network interruption during this transition. Verify the bridge is active:

nmcli connection show --active

The output should display the bridge connection as active, with the Ethernet interface listed as a slave.

For KVM integration, define the bridge in libvirt. Create an XML file describing the bridge network:

cat > br0.xml << EOF
<network>
  <name>br0</name>
  <forward mode="bridge"/>
  <bridge name="br0"/>
</network>
EOF

Define and start the network in virsh:

sudo virsh net-define br0.xml
sudo virsh net-start br0
sudo virsh net-autostart br0

This makes the bridge available for virtual machine network configurations.

Method 2: Creating Bridge with Netplan

Netplan provides declarative network configuration using YAML syntax, ideal for Ubuntu Server installations. The configuration approach emphasizes clarity and reproducibility.

Navigate to the Netplan configuration directory:

cd /etc/netplan/
ls -la

Locate the active configuration file, typically named 01-netcfg.yaml, 00-installer-config.yaml, or similar. Create a backup before making changes:

sudo cp 01-netcfg.yaml 01-netcfg.yaml.backup

Edit the configuration file with a text editor:

sudo nano /etc/netplan/01-netcfg.yaml

For a DHCP-configured bridge, use this structure:

network:
  version: 2
  renderer: networkd
  ethernets:
    enp1s0:
      dhcp4: no
  bridges:
    br0:
      dhcp4: yes
      interfaces:
        - enp1s0

This configuration disables DHCP on the physical interface and enables it on the bridge. The physical interface becomes a bridge member, passing all traffic through the bridge.

For static IP configuration, use this format:

network:
  version: 2
  renderer: networkd
  ethernets:
    enp1s0:
      dhcp4: no
  bridges:
    br0:
      addresses: [192.168.1.100/24]
      routes:
        - to: default
          via: 192.168.1.1
      nameservers:
        addresses: [8.8.8.8, 8.8.4.4]
        search: [example.com]
      interfaces:
        - enp1s0
      parameters:
        stp: false
        forward-delay: 0

YAML syntax requires precise indentation using spaces, not tabs. Each level of nesting uses two spaces. The parameters section allows fine-tuning bridge behavior. Setting stp to false and forward-delay to 0 minimizes bridge activation time.

Save the file and set appropriate permissions:

sudo chmod 600 /etc/netplan/01-netcfg.yaml

Validate the configuration before applying:

sudo netplan generate

If no errors appear, apply the configuration:

sudo netplan apply

For safer testing, use netplan try, which automatically reverts changes after 120 seconds unless confirmed:

sudo netplan try

SSH sessions may disconnect during application. Wait 30-60 seconds for the bridge to initialize and obtain an IP address. Verify the bridge configuration:

ip addr show br0

The output displays the bridge interface with its assigned IP address.

Method 3: Creating Bridge with iproute2 Commands

Modern Linux systems support bridge creation using iproute2 commands, offering flexibility for temporary configurations or scripting scenarios.

Create a bridge interface:

sudo ip link add name br0 type bridge

Add the physical interface to the bridge:

sudo ip link set dev enp1s0 master br0

Activate both interfaces:

sudo ip link set dev enp1s0 up
sudo ip link set dev br0 up

Assign an IP address to the bridge:

sudo ip addr add 192.168.1.100/24 dev br0

Configure the default gateway:

sudo ip route add default via 192.168.1.1

These commands create a functional bridge immediately but don’t persist across reboots. For permanent configuration, combine iproute2 commands with systemd network units or integrate them into startup scripts.

The bridge command, part of iproute2, offers advanced management capabilities:

bridge link show

This displays all bridge ports and their states, useful for troubleshooting complex configurations.

Verifying Bridge Configuration

Thorough verification ensures the bridge operates correctly. Check the bridge interface status:

ip addr show br0

The output should display the bridge interface in UP state with an assigned IP address. Use brctl to examine bridge details:

sudo brctl show

This command lists all bridges with their associated interfaces and configuration parameters. The output shows which physical interfaces belong to each bridge.

Modern systems can use the bridge command for verification:

bridge link show

Test network connectivity with ping:

ping -c 4 8.8.8.8
ping -c 4 google.com

Successful responses confirm both network connectivity and DNS resolution. For KVM setups, verify the bridge appears in libvirt networks:

sudo virsh net-list --all

Review system logs for any error messages:

journalctl -xe | grep -i bridge

Check routing table configuration:

ip route show

Ensure the default route points through the bridge interface.

Configuring Bridge for KVM Virtualization

KVM virtualization benefits significantly from bridge networking, allowing virtual machines direct network access. Add the user account to the libvirt group:

sudo usermod -aG libvirt $USER

Log out and back in for group membership to take effect. The default virbr0 bridge provides NAT networking, suitable for isolated testing. Custom bridges like br0 enable direct physical network access.

When creating virtual machines with virt-manager, select the bridge network during network configuration. For virt-install command-line installations, specify the bridge:

virt-install --name test-vm \
  --memory 2048 \
  --vcpus 2 \
  --disk size=20 \
  --network bridge=br0,model=virtio \
  --cdrom /path/to/ubuntu-24.04.iso

The virtio network model provides optimal performance for Linux guests. VirtualBox users may need to configure promiscuous mode for proper bridge operation, though KVM handles this automatically.

Configuring Static IP on Bridge Interface

Static IP addressing provides predictable network configuration, essential for servers and services requiring consistent addresses. With nmcli, configure static addressing during bridge creation or modify existing bridges:

sudo nmcli connection modify bridge-br0 ipv4.addresses 192.168.1.100/24
sudo nmcli connection modify bridge-br0 ipv4.gateway 192.168.1.1
sudo nmcli connection modify bridge-br0 ipv4.dns "8.8.8.8,1.1.1.1"
sudo nmcli connection modify bridge-br0 ipv4.method manual

Restart the connection to apply changes:

sudo nmcli connection down bridge-br0
sudo nmcli connection up bridge-br0

For Netplan configurations, edit the YAML file with static parameters as shown in the previous section. The addresses field accepts CIDR notation, while routes define the default gateway. DNS nameservers and search domains go in the nameservers section.

Static configuration proves particularly valuable in production environments where IP address changes could disrupt services or break firewall rules.

Advanced Bridge Configuration Options

Fine-tuning bridge parameters optimizes performance for specific scenarios. Spanning Tree Protocol (STP) prevents network loops by blocking redundant paths. For simple topologies with a single bridge, disabling STP reduces activation time:

sudo nmcli connection modify bridge-br0 bridge.stp no

In Netplan, set STP in the parameters section:

parameters:
  stp: false

Forward-delay determines how long the bridge waits before forwarding traffic, allowing topology discovery. Reducing this value speeds up bridge activation:

parameters:
  forward-delay: 0

Maximum Transmission Unit (MTU) configuration affects packet size. Match the MTU to the physical network for optimal performance:

parameters:
  mtu: 1500

Bridge priority influences STP root bridge election in complex topologies. Lower values increase priority. Port cost affects STP path selection. These advanced parameters suit complex network designs with multiple bridges and redundant paths.

Common Issues and Troubleshooting

Bridge configuration occasionally encounters issues requiring systematic troubleshooting. If the bridge fails to obtain an IP address via DHCP, verify the physical interface is correctly enslaved:

bridge link show

Check NetworkManager service status:

systemctl status NetworkManager

Review system logs for error messages:

journalctl -xe | grep -E 'bridge|NetworkManager|netplan'

Network connectivity loss during configuration is common, particularly with SSH sessions. Always have console access or use netplan try for safe testing. Netplan try automatically reverts changes after 120 seconds unless confirmed.

NetworkManager and Netplan conflicts arise when both attempt to manage the same interface. Disable NetworkManager management of specific interfaces by editing connection files or configuring Netplan to use NetworkManager as renderer.

Permission errors with Netplan files prevent configuration application. Ensure proper ownership and permissions:

sudo chmod 600 /etc/netplan/*.yaml
sudo chown root:root /etc/netplan/*.yaml

If the bridge fails to start after reboot, verify systemd-networkd or NetworkManager starts properly:

systemctl status systemd-networkd
systemctl status NetworkManager

Virtual machines unable to access the physical network may indicate incorrect bridge selection or missing libvirt network definitions. Verify the VM’s network configuration points to the correct bridge.

DNS resolution failures after bridge creation often result from missing nameserver configuration. Add DNS servers explicitly in bridge configuration. Test DNS resolution:

nslookup google.com
dig google.com

If the physical interface remains UP when it should be enslaved, manually bring it down before activating the bridge. Some systems require explicit interface shutdown.

Security Considerations

Bridge security requires attention to prevent unauthorized access and network attacks. Virtual machines connected to bridges appear as independent hosts on the network, inheriting security responsibilities. Implement firewall rules specific to bridge traffic using iptables or nftables.

Isolate different virtual machine groups on separate bridges when security boundaries are necessary. Create multiple bridges for different trust zones, preventing lateral movement between isolated networks.

MAC address spoofing allows malicious actors to impersonate other devices. Configure bridge filtering to prevent unauthorized MAC addresses:

sudo ip link set br0 type bridge mac_filter 1

Monitor bridge traffic for anomalies using tools like tcpdump or wireshark. Regular monitoring detects unusual patterns indicating security issues:

sudo tcpdump -i br0

Limit bridge forwarding database size to prevent resource exhaustion attacks. Set aging time appropriately to balance memory usage and connectivity.

Best Practices

Successful bridge management follows established best practices. Always create backups of configuration files before modifications. This enables quick recovery from configuration errors:

sudo cp /etc/netplan/01-netcfg.yaml /etc/netplan/01-netcfg.yaml.$(date +%F)

Use descriptive naming conventions for bridge interfaces and connections. Clear names simplify troubleshooting and documentation. Document network topology and configuration decisions in a central repository or wiki.

Test configurations in non-production environments before deploying to production systems. Virtual machines or test servers provide safe spaces for experimentation.

Choose NetworkManager for desktop systems and Netplan for servers. Each tool optimizes for its intended use case. Desktop users benefit from NetworkManager’s GUI integration, while server administrators appreciate Netplan’s declarative approach.

Prefer iproute2 commands over deprecated bridge-utils when possible. While bridge-utils remains functional, iproute2 represents the modern standard for Linux networking.

Keep systems and packages updated with regular security patches and feature updates. Subscribe to Ubuntu security announcements and apply updates promptly.

Monitor bridge performance regularly using tools like iftop, nethogs, or system monitoring solutions. Performance degradation may indicate configuration issues or capacity constraints.

Implement proper access controls and permissions. Restrict network configuration capabilities to authorized administrators only. Use sudo logging to track configuration changes.

Disable STP only in simple topologies. Complex networks with multiple bridges and redundant paths require STP for loop prevention.

Removing or Disabling a Bridge

Circumstances sometimes require bridge removal or temporary deactivation. With nmcli, deactivate the bridge connection:

sudo nmcli connection down bridge-br0

Delete the bridge and slave connections:

sudo nmcli connection delete bridge-br0
sudo nmcli connection delete bridge-slave-enp4s0

Reactivate the original Ethernet connection:

sudo nmcli connection up "Wired connection 1"

For bridges created with iproute2 commands, remove the bridge:

sudo ip link set br0 down
sudo ip link delete br0

The physical interface automatically returns to independent operation. With Netplan, edit the configuration file to remove bridge definitions and restore the original Ethernet configuration:

network:
  version: 2
  renderer: networkd
  ethernets:
    enp1s0:
      dhcp4: yes

Apply the reverted configuration:

sudo netplan apply

Remove bridge definitions from libvirt:

sudo virsh net-destroy br0
sudo virsh net-undefine br0

Verify complete removal by listing network interfaces:

ip link show

The bridge interface should no longer appear in the output.