How To Configuring Network Bridge on Ubuntu 24.04 LTS
Network bridges serve as essential components in modern Linux environments, particularly for virtualization and container deployments. A bridge interface acts as a virtual network switch, connecting multiple network segments and allowing virtual machines to communicate directly with physical networks. Understanding how to properly configure network bridges on Ubuntu 24.04 LTS opens doors to advanced networking capabilities, including KVM virtualization, container orchestration, and multi-host networking scenarios.
This comprehensive guide walks through multiple methods of creating and managing network bridges on Ubuntu 24.04 LTS. Whether running a desktop installation with NetworkManager or a server deployment using Netplan, the techniques covered here provide practical solutions for various use cases. The configuration approaches detailed in this article enable seamless integration of virtual machines with physical network infrastructure, ensuring optimal performance and connectivity.
Understanding Network Bridges
Network bridges operate at Layer 2 of the OSI model, functioning as intelligent switches that forward traffic between connected interfaces. When a bridge is created, it learns MAC addresses of devices on connected segments and makes forwarding decisions based on this information. This differs significantly from NAT (Network Address Translation) networking, where virtual machines sit behind a private network and access external resources through address translation.
The primary advantage of bridged networking lies in its transparency. Virtual machines connected to a bridge appear as distinct hosts on the physical network, receiving their own IP addresses from the network’s DHCP server or configured with static addresses. This setup proves invaluable for scenarios requiring direct network access, such as running production services, testing network applications, or creating development environments that mirror production topologies.
Common bridge interface names include br0 for custom bridges and virbr0 for libvirt’s default NAT bridge. Understanding these naming conventions helps when troubleshooting and managing multiple bridge configurations.
Prerequisites and Requirements
Before diving into bridge configuration, ensure the system meets basic requirements. Ubuntu 24.04 LTS must be installed, whether Desktop or Server edition. Administrative access through sudo privileges is mandatory for modifying network configurations. A fundamental understanding of networking concepts—including IP addressing, subnet masks, and default gateways—facilitates smoother configuration.
The system requires at least one physical or virtual network interface available for bridging. Active internet connectivity proves necessary for installing additional packages. For virtualization use cases, allocate sufficient system resources to support both the host operating system and any virtual machines that will utilize the bridge.
Identifying Your Network Configuration Tool
Ubuntu 24.04 LTS employs different network management systems depending on the installation type. Desktop installations typically use NetworkManager, providing graphical and command-line interfaces for network configuration. Server installations default to systemd-networkd with Netplan as the configuration front-end.
Determine which system manages network connections by checking NetworkManager status:
systemctl status NetworkManager
If NetworkManager is active and running, the system uses NetworkManager for network management. Alternatively, check for Netplan configuration files:
ls /etc/netplan/
The presence of YAML files in this directory indicates Netplan configuration. Understanding which tool the system uses determines the appropriate configuration method.
Installing Required Packages
System preparation begins with updating existing packages to ensure compatibility and security:
sudo apt update && sudo apt upgrade -y
Install bridge-utils, which provides traditional bridge management commands:
sudo apt install bridge-utils -y
For modern systems, iproute2 offers an updated approach to network configuration. Most Ubuntu installations include iproute2 by default, but verify its availability:
ip link show
For KVM virtualization scenarios, install additional packages:
sudo apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virt-manager -y
These packages provide the necessary tools for creating and managing virtual machines that utilize bridge networking. Verify successful installation by checking package versions and availability.
Identifying Network Interfaces
Before creating a bridge, identify available network interfaces. The ip
command displays all network interfaces and their current states:
ip link show
This command lists interfaces with names like enp1s0, enp4s0, or eth0 for Ethernet connections. Wireless interfaces typically appear as wlp3s0 or similar. Note the exact name of the interface currently providing network connectivity.
For detailed information including IP addresses and subnet masks, use:
ip addr show
The output reveals which interfaces are UP and currently active. Interface naming follows Predictable Network Interface Names convention, where names reflect physical location or hardware properties. Understanding these names ensures accurate configuration.
Method 1: Creating Bridge with NetworkManager (nmcli)
NetworkManager’s command-line interface, nmcli, provides powerful tools for creating and managing network bridges. This method suits Ubuntu Desktop installations and systems where NetworkManager handles network configuration.
Begin by viewing existing network connections:
nmcli connection show
This displays all configured connections with their names, UUIDs, types, and associated devices. Create the bridge interface with a descriptive connection name:
sudo nmcli connection add type bridge ifname br0 con-name bridge-br0
This command creates a bridge interface named br0 with the connection name bridge-br0. Next, add the physical Ethernet interface as a bridge slave. Replace enp4s0 with the actual interface name:
sudo nmcli connection add type ethernet ifname enp4s0 master br0 con-name bridge-slave-enp4s0
Disable Spanning Tree Protocol (STP) for improved performance in simple topologies:
sudo nmcli connection modify bridge-br0 bridge.stp no
STP prevents network loops but introduces delays during bridge activation. For single-host virtualization scenarios, disabling STP improves startup times.
Configure the bridge to obtain an IP address automatically via DHCP:
sudo nmcli connection modify bridge-br0 ipv4.method auto
Alternatively, configure a static IP address:
sudo nmcli connection modify bridge-br0 ipv4.addresses 192.168.1.100/24
sudo nmcli connection modify bridge-br0 ipv4.gateway 192.168.1.1
sudo nmcli connection modify bridge-br0 ipv4.dns "8.8.8.8,8.8.4.4"
sudo nmcli connection modify bridge-br0 ipv4.method manual
Set the DNS search domain for name resolution:
sudo nmcli connection modify bridge-br0 ipv4.dns-search example.com
Deactivate the original Ethernet connection:
sudo nmcli connection down "Wired connection 1"
Activate the bridge connection:
sudo nmcli connection up bridge-br0
The system may experience brief network interruption during this transition. Verify the bridge is active:
nmcli connection show --active
The output should display the bridge connection as active, with the Ethernet interface listed as a slave.
For KVM integration, define the bridge in libvirt. Create an XML file describing the bridge network:
cat > br0.xml << EOF
<network>
<name>br0</name>
<forward mode="bridge"/>
<bridge name="br0"/>
</network>
EOF
Define and start the network in virsh:
sudo virsh net-define br0.xml
sudo virsh net-start br0
sudo virsh net-autostart br0
This makes the bridge available for virtual machine network configurations.
Method 2: Creating Bridge with Netplan
Netplan provides declarative network configuration using YAML syntax, ideal for Ubuntu Server installations. The configuration approach emphasizes clarity and reproducibility.
Navigate to the Netplan configuration directory:
cd /etc/netplan/
ls -la
Locate the active configuration file, typically named 01-netcfg.yaml, 00-installer-config.yaml, or similar. Create a backup before making changes:
sudo cp 01-netcfg.yaml 01-netcfg.yaml.backup
Edit the configuration file with a text editor:
sudo nano /etc/netplan/01-netcfg.yaml
For a DHCP-configured bridge, use this structure:
network:
version: 2
renderer: networkd
ethernets:
enp1s0:
dhcp4: no
bridges:
br0:
dhcp4: yes
interfaces:
- enp1s0
This configuration disables DHCP on the physical interface and enables it on the bridge. The physical interface becomes a bridge member, passing all traffic through the bridge.
For static IP configuration, use this format:
network:
version: 2
renderer: networkd
ethernets:
enp1s0:
dhcp4: no
bridges:
br0:
addresses: [192.168.1.100/24]
routes:
- to: default
via: 192.168.1.1
nameservers:
addresses: [8.8.8.8, 8.8.4.4]
search: [example.com]
interfaces:
- enp1s0
parameters:
stp: false
forward-delay: 0
YAML syntax requires precise indentation using spaces, not tabs. Each level of nesting uses two spaces. The parameters section allows fine-tuning bridge behavior. Setting stp to false and forward-delay to 0 minimizes bridge activation time.
Save the file and set appropriate permissions:
sudo chmod 600 /etc/netplan/01-netcfg.yaml
Validate the configuration before applying:
sudo netplan generate
If no errors appear, apply the configuration:
sudo netplan apply
For safer testing, use netplan try, which automatically reverts changes after 120 seconds unless confirmed:
sudo netplan try
SSH sessions may disconnect during application. Wait 30-60 seconds for the bridge to initialize and obtain an IP address. Verify the bridge configuration:
ip addr show br0
The output displays the bridge interface with its assigned IP address.
Method 3: Creating Bridge with iproute2 Commands
Modern Linux systems support bridge creation using iproute2 commands, offering flexibility for temporary configurations or scripting scenarios.
Create a bridge interface:
sudo ip link add name br0 type bridge
Add the physical interface to the bridge:
sudo ip link set dev enp1s0 master br0
Activate both interfaces:
sudo ip link set dev enp1s0 up
sudo ip link set dev br0 up
Assign an IP address to the bridge:
sudo ip addr add 192.168.1.100/24 dev br0
Configure the default gateway:
sudo ip route add default via 192.168.1.1
These commands create a functional bridge immediately but don’t persist across reboots. For permanent configuration, combine iproute2 commands with systemd network units or integrate them into startup scripts.
The bridge command, part of iproute2, offers advanced management capabilities:
bridge link show
This displays all bridge ports and their states, useful for troubleshooting complex configurations.
Verifying Bridge Configuration
Thorough verification ensures the bridge operates correctly. Check the bridge interface status:
ip addr show br0
The output should display the bridge interface in UP state with an assigned IP address. Use brctl to examine bridge details:
sudo brctl show
This command lists all bridges with their associated interfaces and configuration parameters. The output shows which physical interfaces belong to each bridge.
Modern systems can use the bridge command for verification:
bridge link show
Test network connectivity with ping:
ping -c 4 8.8.8.8
ping -c 4 google.com
Successful responses confirm both network connectivity and DNS resolution. For KVM setups, verify the bridge appears in libvirt networks:
sudo virsh net-list --all
Review system logs for any error messages:
journalctl -xe | grep -i bridge
Check routing table configuration:
ip route show
Ensure the default route points through the bridge interface.
Configuring Bridge for KVM Virtualization
KVM virtualization benefits significantly from bridge networking, allowing virtual machines direct network access. Add the user account to the libvirt group:
sudo usermod -aG libvirt $USER
Log out and back in for group membership to take effect. The default virbr0 bridge provides NAT networking, suitable for isolated testing. Custom bridges like br0 enable direct physical network access.
When creating virtual machines with virt-manager, select the bridge network during network configuration. For virt-install command-line installations, specify the bridge:
virt-install --name test-vm \
--memory 2048 \
--vcpus 2 \
--disk size=20 \
--network bridge=br0,model=virtio \
--cdrom /path/to/ubuntu-24.04.iso
The virtio network model provides optimal performance for Linux guests. VirtualBox users may need to configure promiscuous mode for proper bridge operation, though KVM handles this automatically.
Configuring Static IP on Bridge Interface
Static IP addressing provides predictable network configuration, essential for servers and services requiring consistent addresses. With nmcli, configure static addressing during bridge creation or modify existing bridges:
sudo nmcli connection modify bridge-br0 ipv4.addresses 192.168.1.100/24
sudo nmcli connection modify bridge-br0 ipv4.gateway 192.168.1.1
sudo nmcli connection modify bridge-br0 ipv4.dns "8.8.8.8,1.1.1.1"
sudo nmcli connection modify bridge-br0 ipv4.method manual
Restart the connection to apply changes:
sudo nmcli connection down bridge-br0
sudo nmcli connection up bridge-br0
For Netplan configurations, edit the YAML file with static parameters as shown in the previous section. The addresses field accepts CIDR notation, while routes define the default gateway. DNS nameservers and search domains go in the nameservers section.
Static configuration proves particularly valuable in production environments where IP address changes could disrupt services or break firewall rules.
Advanced Bridge Configuration Options
Fine-tuning bridge parameters optimizes performance for specific scenarios. Spanning Tree Protocol (STP) prevents network loops by blocking redundant paths. For simple topologies with a single bridge, disabling STP reduces activation time:
sudo nmcli connection modify bridge-br0 bridge.stp no
In Netplan, set STP in the parameters section:
parameters:
stp: false
Forward-delay determines how long the bridge waits before forwarding traffic, allowing topology discovery. Reducing this value speeds up bridge activation:
parameters:
forward-delay: 0
Maximum Transmission Unit (MTU) configuration affects packet size. Match the MTU to the physical network for optimal performance:
parameters:
mtu: 1500
Bridge priority influences STP root bridge election in complex topologies. Lower values increase priority. Port cost affects STP path selection. These advanced parameters suit complex network designs with multiple bridges and redundant paths.
Common Issues and Troubleshooting
Bridge configuration occasionally encounters issues requiring systematic troubleshooting. If the bridge fails to obtain an IP address via DHCP, verify the physical interface is correctly enslaved:
bridge link show
Check NetworkManager service status:
systemctl status NetworkManager
Review system logs for error messages:
journalctl -xe | grep -E 'bridge|NetworkManager|netplan'
Network connectivity loss during configuration is common, particularly with SSH sessions. Always have console access or use netplan try for safe testing. Netplan try automatically reverts changes after 120 seconds unless confirmed.
NetworkManager and Netplan conflicts arise when both attempt to manage the same interface. Disable NetworkManager management of specific interfaces by editing connection files or configuring Netplan to use NetworkManager as renderer.
Permission errors with Netplan files prevent configuration application. Ensure proper ownership and permissions:
sudo chmod 600 /etc/netplan/*.yaml
sudo chown root:root /etc/netplan/*.yaml
If the bridge fails to start after reboot, verify systemd-networkd or NetworkManager starts properly:
systemctl status systemd-networkd
systemctl status NetworkManager
Virtual machines unable to access the physical network may indicate incorrect bridge selection or missing libvirt network definitions. Verify the VM’s network configuration points to the correct bridge.
DNS resolution failures after bridge creation often result from missing nameserver configuration. Add DNS servers explicitly in bridge configuration. Test DNS resolution:
nslookup google.com
dig google.com
If the physical interface remains UP when it should be enslaved, manually bring it down before activating the bridge. Some systems require explicit interface shutdown.
Security Considerations
Bridge security requires attention to prevent unauthorized access and network attacks. Virtual machines connected to bridges appear as independent hosts on the network, inheriting security responsibilities. Implement firewall rules specific to bridge traffic using iptables or nftables.
Isolate different virtual machine groups on separate bridges when security boundaries are necessary. Create multiple bridges for different trust zones, preventing lateral movement between isolated networks.
MAC address spoofing allows malicious actors to impersonate other devices. Configure bridge filtering to prevent unauthorized MAC addresses:
sudo ip link set br0 type bridge mac_filter 1
Monitor bridge traffic for anomalies using tools like tcpdump or wireshark. Regular monitoring detects unusual patterns indicating security issues:
sudo tcpdump -i br0
Limit bridge forwarding database size to prevent resource exhaustion attacks. Set aging time appropriately to balance memory usage and connectivity.
Best Practices
Successful bridge management follows established best practices. Always create backups of configuration files before modifications. This enables quick recovery from configuration errors:
sudo cp /etc/netplan/01-netcfg.yaml /etc/netplan/01-netcfg.yaml.$(date +%F)
Use descriptive naming conventions for bridge interfaces and connections. Clear names simplify troubleshooting and documentation. Document network topology and configuration decisions in a central repository or wiki.
Test configurations in non-production environments before deploying to production systems. Virtual machines or test servers provide safe spaces for experimentation.
Choose NetworkManager for desktop systems and Netplan for servers. Each tool optimizes for its intended use case. Desktop users benefit from NetworkManager’s GUI integration, while server administrators appreciate Netplan’s declarative approach.
Prefer iproute2 commands over deprecated bridge-utils when possible. While bridge-utils remains functional, iproute2 represents the modern standard for Linux networking.
Keep systems and packages updated with regular security patches and feature updates. Subscribe to Ubuntu security announcements and apply updates promptly.
Monitor bridge performance regularly using tools like iftop, nethogs, or system monitoring solutions. Performance degradation may indicate configuration issues or capacity constraints.
Implement proper access controls and permissions. Restrict network configuration capabilities to authorized administrators only. Use sudo logging to track configuration changes.
Disable STP only in simple topologies. Complex networks with multiple bridges and redundant paths require STP for loop prevention.
Removing or Disabling a Bridge
Circumstances sometimes require bridge removal or temporary deactivation. With nmcli, deactivate the bridge connection:
sudo nmcli connection down bridge-br0
Delete the bridge and slave connections:
sudo nmcli connection delete bridge-br0
sudo nmcli connection delete bridge-slave-enp4s0
Reactivate the original Ethernet connection:
sudo nmcli connection up "Wired connection 1"
For bridges created with iproute2 commands, remove the bridge:
sudo ip link set br0 down
sudo ip link delete br0
The physical interface automatically returns to independent operation. With Netplan, edit the configuration file to remove bridge definitions and restore the original Ethernet configuration:
network:
version: 2
renderer: networkd
ethernets:
enp1s0:
dhcp4: yes
Apply the reverted configuration:
sudo netplan apply
Remove bridge definitions from libvirt:
sudo virsh net-destroy br0
sudo virsh net-undefine br0
Verify complete removal by listing network interfaces:
ip link show
The bridge interface should no longer appear in the output.