Last updated on September 18, 2020 by Dan Nanni
An Ethernet bridge is a network component which interconnects multiple Ethernet networks by forwarding packets from one network to another. Linux has a software implementation of the Ethernet bridge (called Linux bridge) incorporated into the kernel since 2.6
. A Linux bridge is often used to set up a transparent proxy/firewall, or to work as a virtual switch which interconnects multiple virtual machines and containers created on a host.
Like a hardware Ethernet bridge, a Linux bridge comes with MAC address learning capability built-in. so that it knows how (i.e., to which port) to forward a network packet.
Suppose you would like to disable MAC address learning in a Linux bridge for whatever reason. For example, you want to inject artificial traffic into the bridge for experimental purposes. Or your network is under attack; a large amount of packets with different source MAC addresses are filling up the MAC learning table. Or you want to manage MAC forwarding table on your own, without relying on the default learning table.
This post describes who to disable MAC address learning in a Linux bridge.
Note: Once MAC learning is turned off, a Linux bridge will flood every incoming packet to the rest of the ports. Understand this implication before proceeding.
When a Linux bridge receives a packet with a new source MAC address from a particular bridge port, it stores the MAC address along with the port number in its MAC learning table. A timer is associated with each entry in the table, so that the entry expires after a certain period (so-called ageing time), unless it is refreshed before then. By default the ageing time in a Linux bridge is set to 300
seconds.
If you want to disable MAC address learning in a Linux bridge, you need to set the ageing time
to 0
. Let's find out how you can actually do it.
Without disabling MAC learning, a Linux bridge will learn and store one or more non-local MAC addresses in the MAC learning table. To check the current MAC learning table:
$ sudo brctl showmacs <bridge-interface>
To view the current ageing time of a bridge, run:
$ brctl showstp <bridge-interface>
To turn off the bridge's MAC address learning, set its ageing time to 0 as follows.
$ sudo brctl setageing <bridge-interface> 0
Once MAC learning is deactivated, the bridge's MAC learning table will no longer contain any non-local MAC address.
Note that any change made with the brctl
command (including MAC learning deactivation) does not survive reboots. If you want to turn off MAC learning permanently, read on.
If you configured a Linux bridge in /etc/network/interfaces
(e.g., on Debian-based system), add bridge_ageing 0
under the bridge configuration. For example:
auto br0 iface br0 inet static bridge_ports eth0 eth1 bridge_ageing 0 address 192.168.1.100 netmask 255.255.255.0 gateway 192.168.1.1
If you configure a Linux bridge with Network Manager, set Aging time
to 0
in the bridge editing menu.
This website is made possible by minimal ads and your gracious donation via PayPal or credit card
Please note that this article is published by Xmodulo.com under a Creative Commons Attribution-ShareAlike 3.0 Unported License. If you would like to use the whole or any part of this article, you need to cite this web page at Xmodulo.com as the original source.
Xmodulo © 2021 ‒ About ‒ Write for Us ‒ Feed ‒ Powered by DigitalOcean