]>
Commit | Line | Data |
---|---|---|
1 | .TH BRIDGE 8 "1 August 2012" "iproute2" "Linux" | |
2 | .SH NAME | |
3 | bridge \- show / manipulate bridge addresses and devices | |
4 | .SH SYNOPSIS | |
5 | ||
6 | .ad l | |
7 | .in +8 | |
8 | .ti -8 | |
9 | .B bridge | |
10 | .RI "[ " OPTIONS " ] " OBJECT " { " COMMAND " | " | |
11 | .BR help " }" | |
12 | .sp | |
13 | ||
14 | .ti -8 | |
15 | .IR OBJECT " := { " | |
16 | .BR link " | " fdb " | " mdb " | " vlan " | " monitor " }" | |
17 | .sp | |
18 | ||
19 | .ti -8 | |
20 | .IR OPTIONS " := { " | |
21 | \fB\-V\fR[\fIersion\fR] | | |
22 | \fB\-s\fR[\fItatistics\fR] | | |
23 | \fB\-n\fR[\fIetns\fR] name } | |
24 | \fB\-b\fR[\fIatch\fR] filename } | |
25 | ||
26 | .ti -8 | |
27 | .BR "bridge link set" | |
28 | .B dev | |
29 | .IR DEV | |
30 | .IR " [ " | |
31 | .B cost | |
32 | .IR COST " ] [ " | |
33 | .B priority | |
34 | .IR PRIO " ] [ " | |
35 | .B state | |
36 | .IR STATE "] [" | |
37 | .BR guard " { " on " | " off " } ] [ " | |
38 | .BR hairpin " { " on " | " off " } ] [ " | |
39 | .BR fastleave " { " on " | " off " } ] [ " | |
40 | .BR root_block " { " on " | " off " } ] [ " | |
41 | .BR learning " { " on " | " off " } ] [ " | |
42 | .BR learning_sync " { " on " | " off " } ] [ " | |
43 | .BR flood " { " on " | " off " } ] [ " | |
44 | .BR hwmode " { " vepa " | " veb " } ] [ " | |
45 | .BR self " ] [ " master " ] " | |
46 | ||
47 | .ti -8 | |
48 | .BR "bridge link" " [ " show " ] [ " | |
49 | .B dev | |
50 | .IR DEV " ]" | |
51 | ||
52 | .ti -8 | |
53 | .BR "bridge fdb" " { " add " | " append " | " del " | " replace " } " | |
54 | .I LLADDR | |
55 | .B dev | |
56 | .IR DEV " { " | |
57 | .BR local " | " static " | " dynamic " } [ " | |
58 | .BR self " ] [ " master " ] [ " router " ] [ " use " ] [ " | |
59 | .B dst | |
60 | .IR IPADDR " ] [ " | |
61 | .B vni | |
62 | .IR VNI " ] [" | |
63 | .B port | |
64 | .IR PORT " ] [" | |
65 | .B via | |
66 | .IR DEVICE " ]" | |
67 | ||
68 | .ti -8 | |
69 | .BR "bridge fdb" " [ " show " ] [ " | |
70 | .B dev | |
71 | .IR DEV " ]" | |
72 | ||
73 | .ti -8 | |
74 | .BR "bridge mdb" " { " add " | " del " } " | |
75 | .B dev | |
76 | .IR DEV | |
77 | .B port | |
78 | .IR PORT | |
79 | .B grp | |
80 | .IR GROUP " [ " | |
81 | .BR permanent " | " temp " ] [ " | |
82 | .B vid | |
83 | .IR VID " ] " | |
84 | ||
85 | .ti -8 | |
86 | .BR "bridge mdb show " [ " | |
87 | .B dev | |
88 | .IR DEV " ]" | |
89 | ||
90 | .ti -8 | |
91 | .BR "bridge vlan" " { " add " | " del " } " | |
92 | .B dev | |
93 | .IR DEV | |
94 | .B vid | |
95 | .IR VID " [ " | |
96 | .BR pvid " ] [ " untagged " ] [ " | |
97 | .BR self " ] [ " master " ] " | |
98 | ||
99 | .ti -8 | |
100 | .BR "bridge vlan" " [ " show " ] [ " | |
101 | .B dev | |
102 | .IR DEV " ]" | |
103 | ||
104 | .ti -8 | |
105 | .BR "bridge monitor" " [ " all " | " neigh " | " link " | " mdb " ]" | |
106 | ||
107 | .SH OPTIONS | |
108 | ||
109 | .TP | |
110 | .BR "\-V" , " -Version" | |
111 | print the version of the | |
112 | .B bridge | |
113 | utility and exit. | |
114 | ||
115 | .TP | |
116 | .BR "\-s" , " \-stats", " \-statistics" | |
117 | output more information. If this option | |
118 | is given multiple times, the amount of information increases. | |
119 | As a rule, the information is statistics or some time values. | |
120 | ||
121 | .TP | |
122 | .BR "\-d" , " \-details" | |
123 | print detailed information about MDB router ports. | |
124 | ||
125 | .TP | |
126 | .BR "\-n" , " \-net" , " \-netns " <NETNS> | |
127 | switches | |
128 | .B bridge | |
129 | to the specified network namespace | |
130 | .IR NETNS . | |
131 | Actually it just simplifies executing of: | |
132 | ||
133 | .B ip netns exec | |
134 | .IR NETNS | |
135 | .B bridge | |
136 | .RI "[ " OPTIONS " ] " OBJECT " { " COMMAND " | " | |
137 | .BR help " }" | |
138 | ||
139 | to | |
140 | ||
141 | .B bridge | |
142 | .RI "-n[etns] " NETNS " [ " OPTIONS " ] " OBJECT " { " COMMAND " | " | |
143 | .BR help " }" | |
144 | ||
145 | .TP | |
146 | .BR "\-b", " \-batch " <FILENAME> | |
147 | Read commands from provided file or standard input and invoke them. | |
148 | First failure will cause termination of bridge command. | |
149 | ||
150 | .TP | |
151 | .BR "\-force" | |
152 | Don't terminate bridge command on errors in batch mode. | |
153 | If there were any errors during execution of the commands, the application | |
154 | return code will be non zero. | |
155 | ||
156 | .SH BRIDGE - COMMAND SYNTAX | |
157 | ||
158 | .SS | |
159 | .I OBJECT | |
160 | ||
161 | .TP | |
162 | .B link | |
163 | - Bridge port. | |
164 | ||
165 | .TP | |
166 | .B fdb | |
167 | - Forwarding Database entry. | |
168 | ||
169 | .TP | |
170 | .B mdb | |
171 | - Multicast group database entry. | |
172 | ||
173 | .TP | |
174 | .B vlan | |
175 | - VLAN filter list. | |
176 | ||
177 | .SS | |
178 | .I COMMAND | |
179 | ||
180 | Specifies the action to perform on the object. | |
181 | The set of possible actions depends on the object type. | |
182 | As a rule, it is possible to | |
183 | .BR "add" , " delete" | |
184 | and | |
185 | .B show | |
186 | (or | |
187 | .B list | |
188 | ) objects, but some objects do not allow all of these operations | |
189 | or have some additional commands. The | |
190 | .B help | |
191 | command is available for all objects. It prints | |
192 | out a list of available commands and argument syntax conventions. | |
193 | .sp | |
194 | If no command is given, some default command is assumed. | |
195 | Usually it is | |
196 | .B list | |
197 | or, if the objects of this class cannot be listed, | |
198 | .BR "help" . | |
199 | ||
200 | .SH bridge link - bridge port | |
201 | ||
202 | .B link | |
203 | objects correspond to the port devices of the bridge. | |
204 | ||
205 | .P | |
206 | The corresponding commands set and display port status and bridge specific | |
207 | attributes. | |
208 | ||
209 | .SS bridge link set - set bridge specific attributes on a port | |
210 | ||
211 | .TP | |
212 | .BI dev " NAME " | |
213 | interface name of the bridge port | |
214 | ||
215 | .TP | |
216 | .BI cost " COST " | |
217 | the STP path cost of the specified port. | |
218 | ||
219 | .TP | |
220 | .BI priority " PRIO " | |
221 | the STP port priority. The priority value is an unsigned 8-bit quantity | |
222 | (number between 0 and 255). This metric is used in the designated port an | |
223 | droot port selectio algorithms. | |
224 | ||
225 | .TP | |
226 | .BI state " STATE " | |
227 | the operation state of the port. This is primarily used by user space STP/RSTP | |
228 | implementation. One may enter a lowercased port state name, or one of the | |
229 | numbers below. Negative inputs are ignored, and unrecognized names return an | |
230 | error. | |
231 | ||
232 | .B 0 | |
233 | - port is DISABLED. Make this port completely inactive. | |
234 | .sp | |
235 | ||
236 | .B 1 | |
237 | - STP LISTENING state. Only valid if STP is enabled on the brige. In this | |
238 | state the port for list for STP BPDUs and drop all other traffic. | |
239 | .sp | |
240 | ||
241 | .B 2 | |
242 | - STP LEARNING state. Only valid if STP is enabled on the bridge. In this | |
243 | state the port will accept traffic only for the purpose of updating MAC | |
244 | address tables. | |
245 | .sp | |
246 | ||
247 | .B 3 | |
248 | - STP FORWARDING state. Port is fully active. | |
249 | .sp | |
250 | ||
251 | .B 4 | |
252 | - STP BLOCKING state. Only valid if STP is enabled on the bridge. This state | |
253 | is used during the STP election process. In this state, port will only process | |
254 | STP BPDUs. | |
255 | .sp | |
256 | ||
257 | .TP | |
258 | .BR "guard on " or " guard off " | |
259 | Controls whether STP BPUDs will be processed by the bridge port. By default, | |
260 | the flag is turned off allowed BPDU processing. Turning this flag on will | |
261 | cause the port to stop processing STP BPDUs. | |
262 | ||
263 | .TP | |
264 | .BR "hairpin on " or " hairpin off " | |
265 | Controls whether traffic may be send back out of the port on which it was | |
266 | received. By default, this flag is turned off and the bridge will not forward | |
267 | traffic back out of the receiving port. | |
268 | ||
269 | .TP | |
270 | .BR "fastleave on " or " fastleave off " | |
271 | This flag allows the bridge to immediately stop multicast traffic on a port | |
272 | that receives IGMP Leave message. It is only used with IGMP snooping is | |
273 | enabled on the bridge. By default the flag is off. | |
274 | ||
275 | .TP | |
276 | .BR "root_block on " or " root_block off " | |
277 | Controls whether a given port is allowed to become root port or not. Only used | |
278 | when STP is enabled on the bridge. By default the flag is off. | |
279 | ||
280 | .TP | |
281 | .BR "learning on " or " learning off " | |
282 | Controls whether a given port will learn MAC addresses from received traffic or | |
283 | not. If learning if off, the bridge will end up flooding any traffic for which | |
284 | it has no FDB entry. By default this flag is on. | |
285 | ||
286 | .TP | |
287 | .BR "learning_sync on " or " learning_sync off " | |
288 | Controls whether a given port will sync MAC addresses learned on device port to | |
289 | bridge FDB. | |
290 | ||
291 | .TP | |
292 | .BR "flooding on " or " flooding off " | |
293 | Controls whether a given port will flood unicast traffic for which there is no FDB entry. By default this flag is on. | |
294 | ||
295 | .TP | |
296 | .BI hwmode | |
297 | Some network interface cards support HW bridge functionality and they may be | |
298 | configured in different modes. Currently support modes are: | |
299 | ||
300 | .B vepa | |
301 | - Data sent between HW ports is sent on the wire to the external | |
302 | switch. | |
303 | ||
304 | .B veb | |
305 | - bridging happens in hardware. | |
306 | ||
307 | .TP | |
308 | .BI self | |
309 | link setting is configured on specified physical device | |
310 | ||
311 | .TP | |
312 | .BI master | |
313 | link setting is configured on the software bridge (default) | |
314 | ||
315 | .TP | |
316 | .BR "\-t" , " \-timestamp" | |
317 | display current time when using monitor option. | |
318 | ||
319 | .SS bridge link show - list bridge port configuration. | |
320 | ||
321 | This command displays the current bridge port configuration and flags. | |
322 | ||
323 | .SH bridge fdb - forwarding database management | |
324 | ||
325 | .B fdb | |
326 | objects contain known Ethernet addresses on a link. | |
327 | ||
328 | .P | |
329 | The corresponding commands display fdb entries, add new entries, | |
330 | append entries, | |
331 | and delete old ones. | |
332 | ||
333 | .SS bridge fdb add - add a new fdb entry | |
334 | ||
335 | This command creates a new fdb entry. | |
336 | ||
337 | .TP | |
338 | .BI "LLADDR" | |
339 | the Ethernet MAC address. | |
340 | ||
341 | .TP | |
342 | .BI dev " DEV" | |
343 | the interface to which this address is associated. | |
344 | ||
345 | .B local | |
346 | - is a local permanent fdb entry | |
347 | .sp | |
348 | ||
349 | .B static | |
350 | - is a static (no arp) fdb entry | |
351 | .sp | |
352 | ||
353 | .B dynamic | |
354 | - is a dynamic reachable age-able fdb entry | |
355 | .sp | |
356 | ||
357 | .B self | |
358 | - the address is associated with the port drivers fdb. Usually hardware. | |
359 | .sp | |
360 | ||
361 | .B master | |
362 | - the address is associated with master devices fdb. Usually software (default). | |
363 | .sp | |
364 | ||
365 | .B router | |
366 | - the destination address is associated with a router. | |
367 | Valid if the referenced device is a VXLAN type device and has | |
368 | route shortcircuit enabled. | |
369 | .sp | |
370 | ||
371 | .B use | |
372 | - the address is in use. User space can use this option to | |
373 | indicate to the kernel that the fdb entry is in use. | |
374 | .sp | |
375 | ||
376 | .in -8 | |
377 | The next command line parameters apply only | |
378 | when the specified device | |
379 | .I DEV | |
380 | is of type VXLAN. | |
381 | .TP | |
382 | .BI dst " IPADDR" | |
383 | the IP address of the destination | |
384 | VXLAN tunnel endpoint where the Ethernet MAC ADDRESS resides. | |
385 | ||
386 | .TP | |
387 | .BI vni " VNI" | |
388 | the VXLAN VNI Network Identifier (or VXLAN Segment ID) | |
389 | to use to connect to the remote VXLAN tunnel endpoint. | |
390 | If omitted the value specified at vxlan device creation | |
391 | will be used. | |
392 | ||
393 | .TP | |
394 | .BI port " PORT" | |
395 | the UDP destination PORT number to use to connect to the | |
396 | remote VXLAN tunnel endpoint. | |
397 | If omitted the default value is used. | |
398 | ||
399 | .TP | |
400 | .BI via " DEVICE" | |
401 | device name of the outgoing interface for the | |
402 | VXLAN device driver to reach the | |
403 | remote VXLAN tunnel endpoint. | |
404 | ||
405 | .SS bridge fdb append - append a forwarding database entry | |
406 | This command adds a new fdb entry with an already known | |
407 | .IR LLADDR . | |
408 | Valid only for multicast link layer addresses. | |
409 | The command adds support for broadcast and multicast | |
410 | Ethernet MAC addresses. | |
411 | The Ethernet MAC address is added multiple times into | |
412 | the forwarding database and the vxlan device driver | |
413 | sends a copy of the data packet to each entry found. | |
414 | ||
415 | .PP | |
416 | The arguments are the same as with | |
417 | .BR "bridge fdb add" . | |
418 | ||
419 | .SS bridge fdb delete - delete a forwarding database entry | |
420 | This command removes an existing fdb entry. | |
421 | ||
422 | .PP | |
423 | The arguments are the same as with | |
424 | .BR "bridge fdb add" . | |
425 | ||
426 | .SS bridge fdb replace - replace a forwarding database entry | |
427 | If no matching entry is found, a new one will be created instead. | |
428 | ||
429 | .PP | |
430 | The arguments are the same as with | |
431 | .BR "bridge fdb add" . | |
432 | ||
433 | .SS bridge fdb show - list forwarding entries. | |
434 | ||
435 | This command displays the current forwarding table. | |
436 | ||
437 | .PP | |
438 | With the | |
439 | .B -statistics | |
440 | option, the command becomes verbose. It prints out the last updated | |
441 | and last used time for each entry. | |
442 | ||
443 | .SH bridge mdb - multicast group database management | |
444 | ||
445 | .B mdb | |
446 | objects contain known IP multicast group addresses on a link. | |
447 | ||
448 | .P | |
449 | The corresponding commands display mdb entries, add new entries, | |
450 | and delete old ones. | |
451 | ||
452 | .SS bridge mdb add - add a new multicast group database entry | |
453 | ||
454 | This command creates a new mdb entry. | |
455 | ||
456 | .TP | |
457 | .BI dev " DEV" | |
458 | the interface where this group address is associated. | |
459 | ||
460 | .TP | |
461 | .BI port " PORT" | |
462 | the port whose link is known to have members of this multicast group. | |
463 | ||
464 | .TP | |
465 | .BI grp " GROUP" | |
466 | the IP multicast group address whose members reside on the link connected to | |
467 | the port. | |
468 | ||
469 | .B permanent | |
470 | - the mdb entry is permanent | |
471 | .sp | |
472 | ||
473 | .B temp | |
474 | - the mdb entry is temporary (default) | |
475 | .sp | |
476 | ||
477 | .TP | |
478 | .BI vid " VID" | |
479 | the VLAN ID which is known to have members of this multicast group. | |
480 | ||
481 | .in -8 | |
482 | .SS bridge mdb delete - delete a multicast group database entry | |
483 | This command removes an existing mdb entry. | |
484 | ||
485 | .PP | |
486 | The arguments are the same as with | |
487 | .BR "bridge mdb add" . | |
488 | ||
489 | .SS bridge mdb show - list multicast group database entries | |
490 | ||
491 | This command displays the current multicast group membership table. The table | |
492 | is populated by IGMP and MLD snooping in the bridge driver automatically. It | |
493 | can be altered by | |
494 | .B bridge mdb add | |
495 | and | |
496 | .B bridge mdb del | |
497 | commands manually too. | |
498 | ||
499 | .TP | |
500 | .BI dev " DEV" | |
501 | the interface only whose entries should be listed. Default is to list all | |
502 | bridge interfaces. | |
503 | ||
504 | .PP | |
505 | With the | |
506 | .B -details | |
507 | option, the command becomes verbose. It prints out the ports known to have | |
508 | a connected router. | |
509 | ||
510 | .PP | |
511 | With the | |
512 | .B -statistics | |
513 | option, the command displays timer values for mdb and router port entries. | |
514 | ||
515 | .SH bridge vlan - VLAN filter list | |
516 | ||
517 | .B vlan | |
518 | objects contain known VLAN IDs for a link. | |
519 | ||
520 | .P | |
521 | The corresponding commands display vlan filter entries, add new entries, | |
522 | and delete old ones. | |
523 | ||
524 | .SS bridge vlan add - add a new vlan filter entry | |
525 | ||
526 | This command creates a new vlan filter entry. | |
527 | ||
528 | .TP | |
529 | .BI dev " NAME" | |
530 | the interface with which this vlan is associated. | |
531 | ||
532 | .TP | |
533 | .BI vid " VID" | |
534 | the VLAN ID that identifies the vlan. | |
535 | ||
536 | .TP | |
537 | .BI pvid | |
538 | the vlan specified is to be considered a PVID at ingress. | |
539 | Any untagged frames will be assigned to this VLAN. | |
540 | ||
541 | .TP | |
542 | .BI untagged | |
543 | the vlan specified is to be treated as untagged on egress. | |
544 | ||
545 | .TP | |
546 | .BI self | |
547 | the vlan is configured on the specified physical device. Required if the | |
548 | device is the bridge device. | |
549 | ||
550 | .TP | |
551 | .BI master | |
552 | the vlan is configured on the software bridge (default). | |
553 | ||
554 | .SS bridge vlan delete - delete a forwarding database entry | |
555 | This command removes an existing fdb entry. | |
556 | ||
557 | .PP | |
558 | The arguments are the same as with | |
559 | .BR "bridge vlan add". | |
560 | The | |
561 | .BR "pvid " and " untagged" | |
562 | flags are ignored. | |
563 | ||
564 | .SS bridge vlan show - list vlan configuration. | |
565 | ||
566 | This command displays the current VLAN filter table. | |
567 | ||
568 | .SH bridge monitor - state monitoring | |
569 | ||
570 | The | |
571 | .B bridge | |
572 | utility can monitor the state of devices and addresses | |
573 | continuously. This option has a slightly different format. | |
574 | Namely, the | |
575 | .B monitor | |
576 | command is the first in the command line and then the object list follows: | |
577 | ||
578 | .BR "bridge monitor" " [ " all " |" | |
579 | .IR OBJECT-LIST " ]" | |
580 | ||
581 | .I OBJECT-LIST | |
582 | is the list of object types that we want to monitor. | |
583 | It may contain | |
584 | .BR link ", " fdb ", and " mdb "." | |
585 | If no | |
586 | .B file | |
587 | argument is given, | |
588 | .B bridge | |
589 | opens RTNETLINK, listens on it and dumps state changes in the format | |
590 | described in previous sections. | |
591 | ||
592 | .P | |
593 | If a file name is given, it does not listen on RTNETLINK, | |
594 | but opens the file containing RTNETLINK messages saved in binary format | |
595 | and dumps them. | |
596 | ||
597 | .SH NOTES | |
598 | This command uses facilities added in Linux 3.0. | |
599 | ||
600 | Although the forwarding table is maintained on a per-bridge device basis | |
601 | the bridge device is not part of the syntax. This is a limitation of the | |
602 | underlying netlink neighbour message protocol. When displaying the | |
603 | forwarding table, entries for all bridges are displayed. | |
604 | Add/delete/modify commands determine the underlying bridge device | |
605 | based on the bridge to which the corresponding ethernet device is attached. | |
606 | ||
607 | ||
608 | .SH SEE ALSO | |
609 | .BR ip (8) | |
610 | .SH BUGS | |
611 | .RB "Please direct bugreports and patches to: " <netdev@vger.kernel.org> | |
612 | ||
613 | .SH AUTHOR | |
614 | Original Manpage by Stephen Hemminger |