This article shows how the primary network interface could be replaced by a bridge device and the network interface becomes a part of the bridge as a slave device without reboot or restart of the server. Using nmcli under CentOS 8 (and probably any other Linux distribution like Ubuntu, which uses NetworkManager to configure network devices).
The main steps are:
- Create a connection profile of a bridge device.
- Set the same network configuration as the primary network to the bridge device.
- Create a connection profile for the primary interface device as a slave network device to the newly created bridge.
- Delete the current primary connection, which is using the primary network device and configuration.
- Reload the bridge connection profile to take effect. The bridge device will actually begin to work.
The main goal is not to reboot the server or lose the connection to the server. The primary network interface is the only connection on the server and losing it the server is going to be unreachable. So the last two steps should be performed in the background or a script or a detached terminal (like screen).
Here are all the commands in one place:
nmcli connection add type bridge ifname br0 con-name br0 ipv4.method manual ipv4.addresses "192.168.0.20/24" ipv4.gateway "192.168.0.1" ipv4.dns "8.8.8.8 1.1.1.1" nmcli con add type bridge-slave ifname enp0s3 master br0 nmcli con del "enp0s3"; nmcli con reload "br0" &
Here is the detailed information for the above commands:
STEP 1) Show the current network configuration.
The command nmcli will show only activated configuration. “nmcli con” will show all the network connections, not only the active ones!
[root@srv ~]# nmcli
enp0s3: connected to enp0s3
"Intel 82540EM"
ethernet (e1000), 08:00:27:03:C9:2E, hw, mtu 1500
ip4 default
inet4 192.168.0.20/24
route4 192.168.0.0/24 metric 100
route4 0.0.0.0/0 via 192.168.0.1 metric 100
inet6 fe80::a00:27ff:fe03:c92e/64
route6 fe80::/64 metric 100
lo: unmanaged
"lo"
loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536
DNS configuration:
servers: 8.8.8.8 1.1.1.1
interface: enp0s3
Use "nmcli device show" to get complete information about known devices and
"nmcli connection show" to get an overview on active connection profiles.
Consult nmcli(1) and nmcli-examples(7) manual pages for complete usage details.
[root@srv ~]# nmcli con
NAME UUID TYPE DEVICE
enp0s3 09497bbf-da59-42b7-a72c-d69369760b36 ethernet enp0s3
STEP 2) Create a bridge network device and set its network configuration.
The nmcli support adding network configuration in one line when adding a bridge network interface. In this case, the manual method is important, because the DHCP will be applied immediately! Using the same IPv4 network configuration.
[root@srv ~]# nmcli connection add type bridge ifname br0 con-name br0 ipv4.method manual ipv4.addresses "192.168.0.20/24" ipv4.gateway "192.168.0.1"
Connection 'br0' (601a074e-f55e-48d6-9ac4-83f0ba17791c) successfully added.
[root@srv ~]# nmcli
enp0s3: connected to enp0s3
"Intel 82540EM"
ethernet (e1000), 08:00:27:03:C9:2E, hw, mtu 1500
ip4 default
inet4 192.168.0.20/24
route4 192.168.0.0/24 metric 100
route4 0.0.0.0/0 via 192.168.0.1 metric 100
inet6 fe80::a00:27ff:fe03:c92e/64
route6 fe80::/64 metric 100
br0: connected to br0
"br0"
bridge, 76:93:DC:B3:1C:60, sw, mtu 1500
inet4 192.168.0.20/24
route4 192.168.0.0/24 metric 425
route4 0.0.0.0/0 via 192.168.0.1 metric 425
lo: unmanaged
"lo"
loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536
DNS configuration:
servers: 8.8.8.8 1.1.1.1
interface: enp0s3
Use "nmcli device show" to get complete information about known devices and
"nmcli connection show" to get an overview on active connection profiles.
Consult nmcli(1) and nmcli-examples(7) manual pages for complete usage details.
[root@srv ~]# nmcli con
NAME UUID TYPE DEVICE
enp0s3 09497bbf-da59-42b7-a72c-d69369760b36 ethernet enp0s3
br0 601a074e-f55e-48d6-9ac4-83f0ba17791c bridge br0
The bridge is added and even the device is active.
STEP 3) Create a connection for the primary network interface, which is a slave to the bridge network interface.
This connection cannot be active, because the primary interface enp0s3 is in use by another connection profile (with the very same name as the physical network interface – “enp0s3”).
[root@srv ~]# nmcli con add type bridge-slave ifname enp0s3 master br0
Connection 'bridge-slave-enp0s3' (09de5c71-0df7-487f-8703-5862aead133c) successfully added.
[root@srv ~]# nmcli
enp0s3: connected to enp0s3
"Intel 82540EM"
ethernet (e1000), 08:00:27:03:C9:2E, hw, mtu 1500
ip4 default
inet4 192.168.0.20/24
route4 192.168.0.0/24 metric 100
route4 0.0.0.0/0 via 192.168.0.1 metric 100
inet6 fe80::a00:27ff:fe03:c92e/64
route6 fe80::/64 metric 100
br0: connected to br0
"br0"
bridge, 76:93:DC:B3:1C:60, sw, mtu 1500
inet4 192.168.0.20/24
route4 192.168.0.0/24 metric 425
route4 0.0.0.0/0 via 192.168.0.1 metric 425
lo: unmanaged
"lo"
loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536
DNS configuration:
servers: 8.8.8.8 1.1.1.1
interface: enp0s3
Use "nmcli device show" to get complete information about known devices and
"nmcli connection show" to get an overview on active connection profiles.
Consult nmcli(1) and nmcli-examples(7) manual pages for complete usage details.
[root@srv ~]# nmcli con
NAME UUID TYPE DEVICE
enp0s3 09497bbf-da59-42b7-a72c-d69369760b36 ethernet enp0s3
br0 601a074e-f55e-48d6-9ac4-83f0ba17791c bridge br0
bridge-slave-enp0s3 09de5c71-0df7-487f-8703-5862aead133c ethernet --
STEP 4) Delete the original network connection profile, which is used by the primary network interface, and reloads the bridge interface connection profile.
In simple words, the connection with name enp0s3 must be deleted and at the same time the connection with name br0 must be reloaded, which will bring up the slave connection bridge-slave-enp0s3, too. Using just the sign for background execution or a screen manager like screen – https://en.wikipedia.org/wiki/GNU_Screen to be sure the two commands will be executed even after the network configuration resets (respectively the connection to the server).
[root@srv ~]# nmcli con del "enp0s3"; nmcli con reload "br0" &
Connection 'enp0s3' (09497bbf-da59-42b7-a72c-d69369760b36) successfully deleted.
[1] 1570
[root@srv ~]#
[1]+ Done nmcli con reload "br0"
[root@srv ~]#
[root@srv ~]#
[root@srv ~]#
[root@srv ~]#
[root@srv ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000
link/ether 08:00:27:03:c9:2e brd ff:ff:ff:ff:ff:ff
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 08:00:27:03:c9:2e brd ff:ff:ff:ff:ff:ff
inet 192.168.0.20/24 brd 192.168.0.255 scope global noprefixroute br0
valid_lft forever preferred_lft forever
inet6 fe80::6e1:79e:d5de:e294/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@srv ~]# nmcli
br0: connected to br0
"br0"
bridge, 08:00:27:03:C9:2E, sw, mtu 1500
ip4 default
inet4 192.168.0.20/24
route4 192.168.0.0/24 metric 425
route4 0.0.0.0/0 via 192.168.0.1 metric 425
inet6 fe80::6e1:79e:d5de:e294/64
route6 fe80::/64 metric 425
enp0s3: connected to bridge-slave-enp0s3
"Intel 82540EM"
ethernet (e1000), 08:00:27:03:C9:2E, hw, mtu 1500
master br0
lo: unmanaged
"lo"
loopback (unknown), 00:00:00:00:00:00, sw, mtu 65536
Use "nmcli device show" to get complete information about known devices and
"nmcli connection show" to get an overview on active connection profiles.
Consult nmcli(1) and nmcli-examples(7) manual pages for complete usage details.
[root@srv ~]# nmcli con
NAME UUID TYPE DEVICE
br0 601a074e-f55e-48d6-9ac4-83f0ba17791c bridge br0
bridge-slave-enp0s3 09de5c71-0df7-487f-8703-5862aead133c ethernet enp0s3
The terminal and the connection to the server could be blocked for 20 to 30 seconds, but then it will survive. And now the primary physical network device is part of a bridge device with the same old network configuration as before. Rebooting the server will keep the new bridged network configuration.