Replace current interface configuration with a bridge device using nmcli (NetworkManager)

Author:

This article shows how the primary network interface could be replaced by a bridge device and the network interface becomes a part of the bridge as a slave device without reboot or restart of the server. Using nmcli under CentOS 8 (and probably any other Linux distribution like Ubuntu, which uses NetworkManager to configure network devices).
The main steps are:

  1. Create a connection profile of a bridge device.
  2. Set the same network configuration as the primary network to the bridge device.
  3. Create a connection profile for the primary interface device as a slave network device to the newly created bridge.
  4. Delete the current primary connection, which is using the primary network device and configuration.
  5. Reload the bridge connection profile to take effect. The bridge device will actually begin to work.

The main goal is not to reboot the server or lose the connection to the server. The primary network interface is the only connection on the server and losing it the server is going to be unreachable. So the last two steps should be performed in the background or a script or a detached terminal (like screen).
Here are all the commands in one place:

nmcli connection add type bridge ifname br0 con-name br0 ipv4.method manual ipv4.addresses "192.168.0.20/24" ipv4.gateway "192.168.0.1" ipv4.dns "8.8.8.8 1.1.1.1"
nmcli con add type bridge-slave ifname enp0s3 master br0
nmcli con del "enp0s3"; nmcli con reload "br0" &

Here is the detailed information for the above commands:

STEP 1) Show the current network configuration.

The command nmcli will show only activated configuration. “nmcli con” will show all the network connections, not only the active ones!

[root@srv ~]# nmcli 
enp0s3: connected to enp0s3
        "Intel 82540EM"
        ethernet (e1000), 08:00:27:03:C9:2E, hw, mtu 1500
        ip4 default
        inet4 192.168.0.20/24
        route4 192.168.0.0/24 metric 100
        route4 0.0.0.0/0 via 192.168.0.1 metric 100
        inet6 fe80::a00:27ff:fe03:c92e/64
        route6 fe80::/64 metric 100

lo: unmanaged
        "lo"
        loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536

DNS configuration:
        servers: 8.8.8.8 1.1.1.1
        interface: enp0s3

Use "nmcli device show" to get complete information about known devices and
"nmcli connection show" to get an overview on active connection profiles.

Consult nmcli(1) and nmcli-examples(7) manual pages for complete usage details.
[root@srv ~]# nmcli con
NAME    UUID                                  TYPE      DEVICE 
enp0s3  09497bbf-da59-42b7-a72c-d69369760b36  ethernet  enp0s3

STEP 2) Create a bridge network device and set its network configuration.

The nmcli support adding network configuration in one line when adding a bridge network interface. In this case, the manual method is important, because the DHCP will be applied immediately! Using the same IPv4 network configuration.

[root@srv ~]# nmcli connection add type bridge ifname br0 con-name br0 ipv4.method manual ipv4.addresses "192.168.0.20/24" ipv4.gateway "192.168.0.1"
Connection 'br0' (601a074e-f55e-48d6-9ac4-83f0ba17791c) successfully added.
[root@srv ~]# nmcli 
enp0s3: connected to enp0s3
        "Intel 82540EM"
        ethernet (e1000), 08:00:27:03:C9:2E, hw, mtu 1500
        ip4 default
        inet4 192.168.0.20/24
        route4 192.168.0.0/24 metric 100
        route4 0.0.0.0/0 via 192.168.0.1 metric 100
        inet6 fe80::a00:27ff:fe03:c92e/64
        route6 fe80::/64 metric 100

br0: connected to br0
        "br0"
        bridge, 76:93:DC:B3:1C:60, sw, mtu 1500
        inet4 192.168.0.20/24
        route4 192.168.0.0/24 metric 425
        route4 0.0.0.0/0 via 192.168.0.1 metric 425

lo: unmanaged
        "lo"
        loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536

DNS configuration:
        servers: 8.8.8.8 1.1.1.1
        interface: enp0s3

Use "nmcli device show" to get complete information about known devices and
"nmcli connection show" to get an overview on active connection profiles.

Consult nmcli(1) and nmcli-examples(7) manual pages for complete usage details.
[root@srv ~]# nmcli con
NAME    UUID                                  TYPE      DEVICE 
enp0s3  09497bbf-da59-42b7-a72c-d69369760b36  ethernet  enp0s3 
br0     601a074e-f55e-48d6-9ac4-83f0ba17791c  bridge    br0

The bridge is added and even the device is active.

STEP 3) Create a connection for the primary network interface, which is a slave to the bridge network interface.

This connection cannot be active, because the primary interface enp0s3 is in use by another connection profile (with the very same name as the physical network interface – “enp0s3”).

[root@srv ~]# nmcli con add type bridge-slave ifname enp0s3 master br0
Connection 'bridge-slave-enp0s3' (09de5c71-0df7-487f-8703-5862aead133c) successfully added.
[root@srv ~]# nmcli
enp0s3: connected to enp0s3
        "Intel 82540EM"
        ethernet (e1000), 08:00:27:03:C9:2E, hw, mtu 1500
        ip4 default
        inet4 192.168.0.20/24
        route4 192.168.0.0/24 metric 100
        route4 0.0.0.0/0 via 192.168.0.1 metric 100
        inet6 fe80::a00:27ff:fe03:c92e/64
        route6 fe80::/64 metric 100

br0: connected to br0
        "br0"
        bridge, 76:93:DC:B3:1C:60, sw, mtu 1500
        inet4 192.168.0.20/24
        route4 192.168.0.0/24 metric 425
        route4 0.0.0.0/0 via 192.168.0.1 metric 425

lo: unmanaged
        "lo"
        loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536

DNS configuration:
        servers: 8.8.8.8 1.1.1.1
        interface: enp0s3

Use "nmcli device show" to get complete information about known devices and
"nmcli connection show" to get an overview on active connection profiles.

Consult nmcli(1) and nmcli-examples(7) manual pages for complete usage details.
[root@srv ~]# nmcli con
NAME                 UUID                                  TYPE      DEVICE 
enp0s3               09497bbf-da59-42b7-a72c-d69369760b36  ethernet  enp0s3 
br0                  601a074e-f55e-48d6-9ac4-83f0ba17791c  bridge    br0    
bridge-slave-enp0s3  09de5c71-0df7-487f-8703-5862aead133c  ethernet  --

STEP 4) Delete the original network connection profile, which is used by the primary network interface, and reloads the bridge interface connection profile.

In simple words, the connection with name enp0s3 must be deleted and at the same time the connection with name br0 must be reloaded, which will bring up the slave connection bridge-slave-enp0s3, too. Using just the sign for background execution or a screen manager like screenhttps://en.wikipedia.org/wiki/GNU_Screen to be sure the two commands will be executed even after the network configuration resets (respectively the connection to the server).

[root@srv ~]# nmcli con del "enp0s3"; nmcli con reload "br0" &
Connection 'enp0s3' (09497bbf-da59-42b7-a72c-d69369760b36) successfully deleted.
[1] 1570
[root@srv ~]# 
[1]+  Done                    nmcli con reload "br0"
[root@srv ~]# 
[root@srv ~]# 
[root@srv ~]# 
[root@srv ~]# 
[root@srv ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000
    link/ether 08:00:27:03:c9:2e brd ff:ff:ff:ff:ff:ff
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 08:00:27:03:c9:2e brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.20/24 brd 192.168.0.255 scope global noprefixroute br0
       valid_lft forever preferred_lft forever
    inet6 fe80::6e1:79e:d5de:e294/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
[root@srv ~]# nmcli
br0: connected to br0
        "br0"
        bridge, 08:00:27:03:C9:2E, sw, mtu 1500
        ip4 default
        inet4 192.168.0.20/24
        route4 192.168.0.0/24 metric 425
        route4 0.0.0.0/0 via 192.168.0.1 metric 425
        inet6 fe80::6e1:79e:d5de:e294/64
        route6 fe80::/64 metric 425

enp0s3: connected to bridge-slave-enp0s3
        "Intel 82540EM"
        ethernet (e1000), 08:00:27:03:C9:2E, hw, mtu 1500
        master br0

lo: unmanaged
        "lo"
        loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536

Use "nmcli device show" to get complete information about known devices and
"nmcli connection show" to get an overview on active connection profiles.

Consult nmcli(1) and nmcli-examples(7) manual pages for complete usage details.
[root@srv ~]# nmcli con
NAME                 UUID                                  TYPE      DEVICE 
br0                  601a074e-f55e-48d6-9ac4-83f0ba17791c  bridge    br0    
bridge-slave-enp0s3  09de5c71-0df7-487f-8703-5862aead133c  ethernet  enp0s3

The terminal and the connection to the server could be blocked for 20 to 30 seconds, but then it will survive. And now the primary physical network device is part of a bridge device with the same old network configuration as before. Rebooting the server will keep the new bridged network configuration.

Categories: CentOS 8
Tags: , , , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *