logo

oasis-root

Compiled tree of Oasis Linux based on own branch at <https://hacktivis.me/git/oasis/> git clone https://anongit.hacktivis.me/git/oasis-root.git

bridge.8 (43589B)


  1. .TH BRIDGE 8 "1 August 2012" "iproute2" "Linux"
  2. .SH NAME
  3. bridge \- show / manipulate bridge addresses and devices
  4. .SH SYNOPSIS
  5. .ad l
  6. .in +8
  7. .ti -8
  8. .B bridge
  9. .RI "[ " OPTIONS " ] " OBJECT " { " COMMAND " | "
  10. .BR help " }"
  11. .sp
  12. .ti -8
  13. .IR OBJECT " := { "
  14. .BR link " | " fdb " | " mdb " | " vlan " | " vni " | " monitor " }"
  15. .sp
  16. .ti -8
  17. .IR OPTIONS " := { "
  18. \fB\-V\fR[\fIersion\fR] |
  19. \fB\-s\fR[\fItatistics\fR] |
  20. \fB\-n\fR[\fIetns\fR] name |
  21. \fB\-b\fR[\fIatch\fR] filename |
  22. \fB\-c\fR[\fIolor\fR] |
  23. \fB\-p\fR[\fIretty\fR] |
  24. \fB\-j\fR[\fIson\fR] |
  25. \fB\-o\fR[\fIneline\fR] }
  26. .ti -8
  27. .B "bridge link set"
  28. .B dev
  29. .IR DEV " [ "
  30. .B cost
  31. .IR COST " ] [ "
  32. .B priority
  33. .IR PRIO " ] [ "
  34. .B state
  35. .IR STATE " ] [ "
  36. .BR guard " { " on " | " off " } ] [ "
  37. .BR hairpin " { " on " | " off " } ] [ "
  38. .BR fastleave " { " on " | " off " } ] [ "
  39. .BR root_block " { " on " | " off " } ] [ "
  40. .BR learning " { " on " | " off " } ] [ "
  41. .BR learning_sync " { " on " | " off " } ] [ "
  42. .BR flood " { " on " | " off " } ] [ "
  43. .BR hwmode " { " vepa " | " veb " } ] [ "
  44. .BR bcast_flood " { " on " | " off " } ] [ "
  45. .BR mcast_flood " { " on " | " off " } ] [ "
  46. .BR mcast_max_groups
  47. .IR MAX_GROUPS " ] ["
  48. .BR mcast_router
  49. .IR MULTICAST_ROUTER " ] ["
  50. .BR mcast_to_unicast " { " on " | " off " } ] [ "
  51. .BR neigh_suppress " { " on " | " off " } ] [ "
  52. .BR neigh_vlan_suppress " { " on " | " off " } ] [ "
  53. .BR vlan_tunnel " { " on " | " off " } ] [ "
  54. .BR isolated " { " on " | " off " } ] [ "
  55. .BR locked " { " on " | " off " } ] [ "
  56. .BR mab " { " on " | " off " } ] [ "
  57. .B backup_port
  58. .IR DEVICE " ] ["
  59. .BR nobackup_port " ] [ "
  60. .B backup_nhid
  61. .IR NHID " ] ["
  62. .BR self " ] [ " master " ]"
  63. .ti -8
  64. .BR "bridge link" " [ " show " ] [ "
  65. .B dev
  66. .IR DEV " ] ["
  67. .B master
  68. .IR DEVICE " ]"
  69. .ti -8
  70. .BR "bridge fdb" " { " add " | " append " | " del " | " replace " } "
  71. .I LLADDR
  72. .B dev
  73. .IR DEV " { "
  74. .BR local " | " static " | " dynamic " } [ "
  75. .BR self " ] [ " master " ] [ " router " ] [ " use " ] [ " extern_learn " ] [ " sticky " ] [ "
  76. .B src_vni
  77. .IR VNI " ] { ["
  78. .B dst
  79. .IR IPADDR " ] [ "
  80. .B vni
  81. .IR VNI " ] ["
  82. .B port
  83. .IR PORT " ] ["
  84. .B via
  85. .IR DEVICE " ] | "
  86. .B nhid
  87. .IR NHID " } "
  88. .ti -8
  89. .BR "bridge fdb" " [ [ " show " ] [ "
  90. .B br
  91. .IR BRDEV " ] [ "
  92. .B brport
  93. .IR DEV " ] [ "
  94. .B vlan
  95. .IR VID " ] [ "
  96. .B state
  97. .IR STATE " ] ["
  98. .B dynamic
  99. .IR "] ]"
  100. .ti -8
  101. .BR "bridge fdb get" " ["
  102. .B to
  103. .IR "]"
  104. .I LLADDR "[ "
  105. .B br
  106. .IR BRDEV " ]"
  107. .B { brport | dev }
  108. .IR DEV " [ "
  109. .B vlan
  110. .IR VID " ] [ "
  111. .B vni
  112. .IR VNI " ] ["
  113. .BR self " ] [ " master " ] [ " dynamic " ]"
  114. .ti -8
  115. .BR "bridge fdb flush"
  116. .B dev
  117. .IR DEV " [ "
  118. .B brport
  119. .IR DEV " ] [ "
  120. .B vlan
  121. .IR VID " ] [ "
  122. .B src_vni
  123. .IR VNI " ] [ "
  124. .B nhid
  125. .IR NHID " ] ["
  126. .B vni
  127. .IR VNI " ] [ "
  128. .B port
  129. .IR PORT " ] ["
  130. .B dst
  131. .IR IPADDR " ] [ "
  132. .BR self " ] [ " master " ] [ "
  133. .BR [no]permanent " | " [no]static " | " [no]dynamic " ] [ "
  134. .BR [no]added_by_user " ] [ " [no]extern_learn " ] [ "
  135. .BR [no]sticky " ] [ " [no]offloaded " ] [ " [no]router " ]"
  136. .ti -8
  137. .BR "bridge mdb" " { " add " | " del " | " replace " } "
  138. .B dev
  139. .I DEV
  140. .B port
  141. .I PORT
  142. .B grp
  143. .IR GROUP " [ "
  144. .B src
  145. .IR SOURCE " ] [ "
  146. .BR permanent " | " temp " ] [ "
  147. .B vid
  148. .IR VID " ] [ "
  149. .BR filter_mode " { " include " | " exclude " } ] [ "
  150. .B source_list
  151. .IR SOURCE_LIST " ] [ "
  152. .B proto
  153. .IR PROTO " ] [ "
  154. .B dst
  155. .IR IPADDR " ] [ "
  156. .B dst_port
  157. .IR DST_PORT " ] [ "
  158. .B vni
  159. .IR VNI " ] [ "
  160. .B src_vni
  161. .IR SRC_VNI " ] [ "
  162. .B via
  163. .IR DEV " ]
  164. .ti -8
  165. .BR "bridge mdb show" " [ "
  166. .B dev
  167. .IR DEV " ]"
  168. .ti -8
  169. .B "bridge mdb get"
  170. .BI dev " DEV " grp " GROUP "
  171. .RB "[ " src
  172. .IR SOURCE " ]"
  173. .RB "[ " vid
  174. .IR VID " ]"
  175. .RB "[ " src_vni
  176. .IR SRC_VNI " ]"
  177. .ti -8
  178. .B "bridge mdb flush"
  179. .BI dev " DEV "
  180. .RB "[ " port
  181. .IR PORT " ]"
  182. .RB "[ " vid
  183. .IR VID " ]"
  184. .RB "[ " src_vni
  185. .IR SRC_VNI " ]"
  186. .RB "[ " proto
  187. .IR PROTO " ]"
  188. .RB "[ " [no]permanent " ]"
  189. .RB "[ " dst
  190. .IR IPADDR " ]"
  191. .RB "[ " dst_port
  192. .IR DST_PORT " ]"
  193. .RB "[ " vni
  194. .IR VNI " ]"
  195. .ti -8
  196. .BR "bridge vlan" " { " add " | " del " } "
  197. .B dev
  198. .I DEV
  199. .B vid
  200. .IR VID " [ "
  201. .B tunnel_info
  202. .IR TUNNEL_ID " ] [ "
  203. .BR pvid " ] [ " untagged " ] [ "
  204. .BR self " ] [ " master " ] "
  205. .ti -8
  206. .BR "bridge vlan set"
  207. .B dev
  208. .I DEV
  209. .B vid
  210. .IR VID " [ "
  211. .B state
  212. .IR STP_STATE " ] [ "
  213. .B mcast_max_groups
  214. .IR MAX_GROUPS " ] [ "
  215. .B mcast_router
  216. .IR MULTICAST_ROUTER " ] [ "
  217. .BR neigh_suppress " { " on " | " off " } ]"
  218. .ti -8
  219. .BR "bridge vlan" " [ " show " | " tunnelshow " ] [ "
  220. .B dev
  221. .IR DEV " ]"
  222. .ti -8
  223. .BR "bridge vlan global set"
  224. .B dev
  225. .I DEV
  226. .B vid
  227. .IR VID " [ "
  228. .B mcast_snooping
  229. .IR MULTICAST_SNOOPING " ] [ "
  230. .B mcast_querier
  231. .IR MULTICAST_QUERIER " ] [ "
  232. .B mcast_igmp_version
  233. .IR IGMP_VERSION " ] [ "
  234. .B mcast_mld_version
  235. .IR MLD_VERSION " ] [ "
  236. .B mcast_last_member_count
  237. .IR LAST_MEMBER_COUNT " ] [ "
  238. .B mcast_last_member_interval
  239. .IR LAST_MEMBER_INTERVAL " ] [ "
  240. .B mcast_startup_query_count
  241. .IR STARTUP_QUERY_COUNT " ] [ "
  242. .B mcast_startup_query_interval
  243. .IR STARTUP_QUERY_INTERVAL " ] [ "
  244. .B mcast_membership_interval
  245. .IR MEMBERSHIP_INTERVAL " ] [ "
  246. .B mcast_querier_interval
  247. .IR QUERIER_INTERVAL " ] [ "
  248. .B mcast_query_interval
  249. .IR QUERY_INTERVAL " ] [ "
  250. .B mcast_query_response_interval
  251. .IR QUERY_RESPONSE_INTERVAL " ]"
  252. .ti -8
  253. .BR "bridge vlan global" " [ " show " ] [ "
  254. .B dev
  255. .IR DEV " ] [ "
  256. .B vid
  257. .IR VID " ]"
  258. .ti -8
  259. .BR "bridge vlan" " show " [ "
  260. .B dev
  261. .IR DEV " ]"
  262. .ti -8
  263. .BR "bridge vni" " { " add " | " del " } "
  264. .B dev
  265. .I DEV
  266. .B vni
  267. .IR VNI " [ { "
  268. .B group | remote "} "
  269. .IR IPADDR " ] "
  270. .ti -8
  271. .BR "bridge vni" " show " [ "
  272. .B dev
  273. .IR DEV " ]"
  274. .ti -8
  275. .BR "bridge monitor" " [ " all " | " neigh " | " link " | " mdb " | " vlan " ]"
  276. .SH OPTIONS
  277. .TP
  278. .BR "\-V" , " -Version"
  279. print the version of the
  280. .B bridge
  281. utility and exit.
  282. .TP
  283. .BR "\-s" , " \-stats", " \-statistics"
  284. output more information. If this option
  285. is given multiple times, the amount of information increases.
  286. As a rule, the information is statistics or some time values.
  287. .TP
  288. .BR "\-d" , " \-details"
  289. print detailed information about bridge vlan filter entries or MDB router ports.
  290. .TP
  291. .BR "\-n" , " \-net" , " \-netns " <NETNS>
  292. switches
  293. .B bridge
  294. to the specified network namespace
  295. .IR NETNS .
  296. Actually it just simplifies executing of:
  297. .B ip netns exec
  298. .I NETNS
  299. .B bridge
  300. .RI "[ " OPTIONS " ] " OBJECT " { " COMMAND " | "
  301. .BR help " }"
  302. to
  303. .B bridge
  304. .RI "-n[etns] " NETNS " [ " OPTIONS " ] " OBJECT " { " COMMAND " | "
  305. .BR help " }"
  306. .TP
  307. .BR "\-b", " \-batch " <FILENAME>
  308. Read commands from provided file or standard input and invoke them.
  309. First failure will cause termination of bridge command.
  310. .TP
  311. .B "\-force"
  312. Don't terminate bridge command on errors in batch mode.
  313. If there were any errors during execution of the commands, the application
  314. return code will be non zero.
  315. .TP
  316. .BR \-c [ color ][ = { always | auto | never }
  317. Configure color output. If parameter is omitted or
  318. .BR always ,
  319. color output is enabled regardless of stdout state. If parameter is
  320. .BR auto ,
  321. stdout is checked to be a terminal before enabling color output. If parameter is
  322. .BR never ,
  323. color output is disabled. If specified multiple times, the last one takes
  324. precedence. This flag is ignored if
  325. .B \-json
  326. is also given.
  327. .TP
  328. .BR "\-j", " \-json"
  329. Output results in JavaScript Object Notation (JSON).
  330. .TP
  331. .BR "\-p", " \-pretty"
  332. When combined with -j generate a pretty JSON output.
  333. .TP
  334. .BR "\-o", " \-oneline"
  335. output each record on a single line, replacing line feeds
  336. with the
  337. .B '\e'
  338. character. This is convenient when you want to count records
  339. with
  340. .BR wc (1)
  341. or to
  342. .BR grep (1)
  343. the output.
  344. .SH BRIDGE - COMMAND SYNTAX
  345. .SS
  346. .I OBJECT
  347. .TP
  348. .B link
  349. - Bridge port.
  350. .TP
  351. .B fdb
  352. - Forwarding Database entry.
  353. .TP
  354. .B mdb
  355. - Multicast group database entry.
  356. .TP
  357. .B vlan
  358. - VLAN filter list.
  359. .TP
  360. .B vni
  361. - VNI filter list.
  362. .SS
  363. .I COMMAND
  364. Specifies the action to perform on the object.
  365. The set of possible actions depends on the object type.
  366. As a rule, it is possible to
  367. .BR "add" , " delete"
  368. and
  369. .B show
  370. (or
  371. .B list
  372. ) objects, but some objects do not allow all of these operations
  373. or have some additional commands. The
  374. .B help
  375. command is available for all objects. It prints
  376. out a list of available commands and argument syntax conventions.
  377. .sp
  378. If no command is given, some default command is assumed.
  379. Usually it is
  380. .B list
  381. or, if the objects of this class cannot be listed,
  382. .BR "help" .
  383. .SH bridge link - bridge port
  384. .B link
  385. objects correspond to the port devices of the bridge.
  386. .P
  387. The corresponding commands set and display port status and bridge specific
  388. attributes.
  389. .SS bridge link set - set bridge specific attributes on a port
  390. .TP
  391. .BI dev " NAME "
  392. interface name of the bridge port
  393. .TP
  394. .BI cost " COST "
  395. the STP path cost of the specified port.
  396. .TP
  397. .BI priority " PRIO "
  398. the STP port priority. The priority value is an unsigned 8-bit quantity
  399. (number between 0 and 255). This metric is used in the designated port an
  400. droot port selection algorithms.
  401. .TP
  402. .BI state " STATE "
  403. the operation state of the port. Except state 0 (disable STP or BPDU filter feature),
  404. this is primarily used by user space STP/RSTP
  405. implementation. One may enter port state name (case insensitive), or one of the
  406. numbers below. Negative inputs are ignored, and unrecognized names return an
  407. error.
  408. .B 0
  409. - port is in STP
  410. .B DISABLED
  411. state. Make this port completely inactive for STP. This is also called
  412. BPDU filter and could be used to disable STP on an untrusted port, like
  413. a leaf virtual devices.
  414. .sp
  415. .B 1
  416. - port is in STP
  417. .B LISTENING
  418. state. Only valid if STP is enabled on the bridge. In this
  419. state the port listens for STP BPDUs and drops all other traffic frames.
  420. .sp
  421. .B 2
  422. - port is in STP
  423. .B LEARNING
  424. state. Only valid if STP is enabled on the bridge. In this
  425. state the port will accept traffic only for the purpose of updating MAC
  426. address tables.
  427. .sp
  428. .B 3
  429. - port is in STP
  430. .B FORWARDING
  431. state. Port is fully active.
  432. .sp
  433. .B 4
  434. - port is in STP
  435. .B BLOCKING
  436. state. Only valid if STP is enabled on the bridge. This state
  437. is used during the STP election process. In this state, port will only process
  438. STP BPDUs.
  439. .sp
  440. .TP
  441. .BR "guard on " or " guard off "
  442. Controls whether STP BPDUs will be processed by the bridge port. By default,
  443. the flag is turned off allowed BPDU processing. Turning this flag on will
  444. disables
  445. the bridge port if a STP BPDU packet is received.
  446. If running Spanning Tree on bridge, hostile devices on the network
  447. may send BPDU on a port and cause network failure. Setting
  448. .B guard on
  449. will detect and stop this by disabling the port.
  450. The port will be restarted if link is brought down, or
  451. removed and reattached. For example if guard is enable on
  452. eth0:
  453. .B ip link set dev eth0 down; ip link set dev eth0 up
  454. .TP
  455. .BR "hairpin on " or " hairpin off "
  456. Controls whether traffic may be send back out of the port on which it was
  457. received. This option is also called reflective relay mode, and is used to support
  458. basic VEPA (Virtual Ethernet Port Aggregator) capabilities.
  459. By default, this flag is turned off and the bridge will not forward
  460. traffic back out of the receiving port.
  461. .TP
  462. .BR "fastleave on " or " fastleave off "
  463. This flag allows the bridge to immediately stop multicast traffic on a port
  464. that receives IGMP Leave message. It is only used with IGMP snooping is
  465. enabled on the bridge. By default the flag is off.
  466. .TP
  467. .BR "root_block on " or " root_block off "
  468. Controls whether a given port is allowed to become root port or not. Only used
  469. when STP is enabled on the bridge. By default the flag is off.
  470. This feature is also called root port guard.
  471. If BPDU is received from a leaf (edge) port, it should not
  472. be elected as root port. This could be used if using STP on a bridge and the downstream bridges are not fully
  473. trusted; this prevents a hostile guest from rerouting traffic.
  474. .TP
  475. .BR "learning on " or " learning off "
  476. Controls whether a given port will learn MAC addresses from received traffic or
  477. not. If learning if off, the bridge will end up flooding any traffic for which
  478. it has no FDB entry. By default this flag is on.
  479. .TP
  480. .BR "learning_sync on " or " learning_sync off "
  481. Controls whether a given port will sync MAC addresses learned on device port to
  482. bridge FDB.
  483. .TP
  484. .BR "flood on " or " flood off "
  485. Controls whether unicast traffic for which there is no FDB entry will be
  486. flooded towards this given port. By default this flag is on.
  487. .TP
  488. .B hwmode
  489. Some network interface cards support HW bridge functionality and they may be
  490. configured in different modes. Currently support modes are:
  491. .B vepa
  492. - Data sent between HW ports is sent on the wire to the external
  493. switch.
  494. .B veb
  495. - bridging happens in hardware.
  496. .TP
  497. .BR "bcast_flood on " or " bcast_flood off "
  498. Controls flooding of broadcast traffic on the given port.
  499. By default this flag is on.
  500. .TP
  501. .BR "mcast_flood on " or " mcast_flood off "
  502. Controls whether multicast traffic for which there is no MDB entry will be
  503. flooded towards this given port. By default this flag is on.
  504. .TP
  505. .BI mcast_max_groups " MAX_GROUPS "
  506. Sets the maximum number of MDB entries that can be registered for a given
  507. port. Attempts to register more MDB entries at the port than this limit
  508. allows will be rejected, whether they are done through netlink (e.g. the
  509. \fBbridge\fR tool), or IGMP or MLD membership reports. Setting a limit to 0
  510. has the effect of disabling the limit. The default value is 0. See also the
  511. \fBip link\fR option \fBmcast_hash_max\fR.
  512. .TP
  513. .BI mcast_router " MULTICAST_ROUTER "
  514. This flag is almost the same as the per-VLAN flag, see below, except its
  515. value can only be set in the range 0-2. The default is
  516. .B 1
  517. where the bridge figures out automatically where an IGMP/MLD querier,
  518. MRDISC capable device, or PIM router, is located. Setting this flag to
  519. .B 2
  520. is useful in cases where the multicast router does not indicate its
  521. presence in any meaningful way (e.g. older versions of SMCRoute, or
  522. mrouted), or when there is a need for forwarding both known and unknown
  523. IP multicast to a secondary/backup router.
  524. .TP
  525. .BR "mcast_to_unicast on " or " mcast_to_unicast off "
  526. Controls whether a given port will replicate packets using unicast
  527. instead of multicast. By default this flag is off.
  528. This is done by copying the packet per host and
  529. changing the multicast destination MAC to a unicast one accordingly.
  530. .B mcast_to_unicast
  531. works on top of the multicast snooping feature of
  532. the bridge. Which means unicast copies are only delivered to hosts which
  533. are interested in it and signalized this via IGMP/MLD reports
  534. previously.
  535. This feature is intended for interface types which have a more reliable
  536. and/or efficient way to deliver unicast packets than broadcast ones
  537. (e.g. WiFi).
  538. However, it should only be enabled on interfaces where no IGMPv2/MLDv1
  539. report suppression takes place. IGMP/MLD report suppression issue is usually
  540. overcome by the network daemon (supplicant) enabling AP isolation and
  541. by that separating all STAs.
  542. Delivery of STA-to-STA IP multicast is made possible again by
  543. enabling and utilizing the bridge hairpin mode, which considers the
  544. incoming port as a potential outgoing port, too (see
  545. .B hairpin
  546. option).
  547. Hairpin mode is performed after multicast snooping, therefore leading to
  548. only deliver reports to STAs running a multicast router.
  549. .TP
  550. .BR "neigh_suppress on " or " neigh_suppress off "
  551. Controls whether neigh discovery (arp and nd) proxy and suppression is
  552. enabled on the port. By default this flag is off.
  553. .TP
  554. .BR "neigh_vlan_suppress on " or " neigh_vlan_suppress off "
  555. Controls whether per-VLAN neigh discovery (arp and nd) proxy and suppression is
  556. enabled on the port. When on, the \fBbridge link\fR option \fBneigh_suppress\fR
  557. has no effect and the per-VLAN state is set using the \fBbridge vlan\fR option
  558. \fBneigh_suppress\fR. By default this flag is off.
  559. .TP
  560. .BR "vlan_tunnel on " or " vlan_tunnel off "
  561. Controls whether vlan to tunnel mapping is enabled on the port. By
  562. default this flag is off.
  563. .TP
  564. .BR "isolated on " or " isolated off "
  565. Controls whether a given port will be isolated, which means it will be
  566. able to communicate with non-isolated ports only. By default this
  567. flag is off.
  568. .TP
  569. .BR "locked on " or " locked off "
  570. Controls whether a port is locked or not. When locked, non-link-local frames
  571. received through the port are dropped unless an FDB entry with the MAC source
  572. address points to the port. The common use case is IEEE 802.1X where hosts can
  573. authenticate themselves by exchanging EAPOL frames with an authenticator. After
  574. authentication is complete, the user space control plane can install a matching
  575. FDB entry to allow traffic from the host to be forwarded by the bridge. When
  576. learning is enabled on a locked port, the
  577. .B no_linklocal_learn
  578. bridge option needs to be on to prevent the bridge from learning from received
  579. EAPOL frames. By default this flag is off.
  580. .TP
  581. .BR "mab on " or " mab off "
  582. Controls whether MAC Authentication Bypass (MAB) is enabled on the port or not.
  583. MAB can only be enabled on a locked port that has learning enabled. When
  584. enabled, FDB entries are learned from received traffic and have the "locked"
  585. FDB flag set. The flag can only be set by the kernel and it indicates that the
  586. FDB entry cannot be used to authenticate the corresponding host. User space can
  587. decide to authenticate the host by replacing the FDB entry and clearing the
  588. "locked" FDB flag. Locked FDB entries can roam to unlocked (authorized) ports
  589. in which case the "locked" flag is cleared. FDB entries cannot roam to locked
  590. ports regardless of MAB being enabled or not. Therefore, locked FDB entries are
  591. only created if an FDB entry with the given {MAC, VID} does not already exist.
  592. This behavior prevents unauthenticated hosts from disrupting traffic destined
  593. to already authenticated hosts. Locked FDB entries act like regular dynamic
  594. entries with respect to forwarding and aging. By default this flag is off.
  595. .TP
  596. .BI backup_port " DEVICE"
  597. If the port loses carrier all traffic will be redirected to the
  598. configured backup port
  599. .TP
  600. .B nobackup_port
  601. Removes the currently configured backup port
  602. .TP
  603. .BI backup_nhid " NHID"
  604. The FDB nexthop object ID (see \fBip-nexthop\fR(8)) to attach to packets being
  605. redirected to a backup port that has VLAN tunnel mapping enabled (via the
  606. \fBvlan_tunnel\fR option). Setting a value of 0 (default) has the effect of not
  607. attaching any ID.
  608. .TP
  609. .B self
  610. link setting is configured on specified physical device
  611. .TP
  612. .B master
  613. link setting is configured on the software bridge (default)
  614. .TP
  615. .BR "\-t" , " \-timestamp"
  616. display current time when using monitor option.
  617. .SS bridge link show - list ports configuration for all bridges.
  618. This command displays ports configuration and flags for all bridges by default.
  619. .TP
  620. .BI dev " DEV"
  621. only display the specific bridge port named DEV.
  622. .TP
  623. .BI master " DEVICE"
  624. only display ports of the bridge named DEVICE. This is similar to
  625. "ip link show master <bridge_device>" command.
  626. .SH bridge fdb - forwarding database management
  627. .B fdb
  628. objects contain known Ethernet addresses on a link.
  629. .P
  630. The corresponding commands display fdb entries, add new entries,
  631. append entries,
  632. and delete old ones.
  633. .SS bridge fdb add - add a new fdb entry
  634. This command creates a new fdb entry.
  635. .TP
  636. .B LLADDR
  637. the Ethernet MAC address.
  638. .TP
  639. .BI dev " DEV"
  640. the interface to which this address is associated.
  641. .B local
  642. - is a local permanent fdb entry, which means that the bridge will not forward
  643. frames with this destination MAC address and VLAN ID, but terminate them
  644. locally. This flag is default unless "static" or "dynamic" are explicitly
  645. specified.
  646. .sp
  647. .B permanent
  648. - this is a synonym for "local"
  649. .sp
  650. .B static
  651. - is a static (no arp) fdb entry
  652. .sp
  653. .B dynamic
  654. - is a dynamic reachable age-able fdb entry
  655. .sp
  656. .B self
  657. - the operation is fulfilled directly by the driver for the specified network
  658. device. If the network device belongs to a master like a bridge, then the
  659. bridge is bypassed and not notified of this operation (and if the device does
  660. notify the bridge, it is driver-specific behavior and not mandated by this
  661. flag, check the driver for more details). The "bridge fdb add" command can also
  662. be used on the bridge device itself, and in this case, the added fdb entries
  663. will be locally terminated (not forwarded). In the latter case, the "self" flag
  664. is mandatory. The flag is set by default if "master" is not specified.
  665. .sp
  666. .B master
  667. - if the specified network device is a port that belongs to a master device
  668. such as a bridge, the operation is fulfilled by the master device's driver,
  669. which may in turn notify the port driver too of the address. If the specified
  670. device is a master itself, such as a bridge, this flag is invalid.
  671. .sp
  672. .B router
  673. - the destination address is associated with a router.
  674. Valid if the referenced device is a VXLAN type device and has
  675. route short circuit enabled.
  676. .sp
  677. .B use
  678. - the address is in use. User space can use this option to
  679. indicate to the kernel that the fdb entry is in use.
  680. .sp
  681. .B extern_learn
  682. - this entry was learned externally. This option can be used to
  683. indicate to the kernel that an entry was hardware or user-space
  684. controller learnt dynamic entry. Kernel will not age such an entry.
  685. .sp
  686. .B sticky
  687. - this entry will not change its port due to learning.
  688. .sp
  689. .in -8
  690. The next command line parameters apply only
  691. when the specified device
  692. .I DEV
  693. is of type VXLAN.
  694. .TP
  695. .BI dst " IPADDR"
  696. the IP address of the destination
  697. VXLAN tunnel endpoint where the Ethernet MAC ADDRESS resides.
  698. .TP
  699. .BI src_vni " VNI"
  700. the src VNI Network Identifier (or VXLAN Segment ID)
  701. this entry belongs to. Used only when the vxlan device is in
  702. external or collect metadata mode. If omitted the value specified at
  703. vxlan device creation will be used.
  704. .TP
  705. .BI vni " VNI"
  706. the VXLAN VNI Network Identifier (or VXLAN Segment ID)
  707. to use to connect to the remote VXLAN tunnel endpoint.
  708. If omitted the value specified at vxlan device creation
  709. will be used.
  710. .TP
  711. .BI port " PORT"
  712. the UDP destination PORT number to use to connect to the
  713. remote VXLAN tunnel endpoint.
  714. If omitted the default value is used.
  715. .TP
  716. .BI via " DEVICE"
  717. device name of the outgoing interface for the
  718. VXLAN device driver to reach the
  719. remote VXLAN tunnel endpoint.
  720. .TP
  721. .BI nhid " NHID "
  722. ecmp nexthop group for the VXLAN device driver
  723. to reach remote VXLAN tunnel endpoints.
  724. .SS bridge fdb append - append a forwarding database entry
  725. This command adds a new fdb entry with an already known
  726. .IR LLADDR .
  727. Valid only for multicast link layer addresses.
  728. The command adds support for broadcast and multicast
  729. Ethernet MAC addresses.
  730. The Ethernet MAC address is added multiple times into
  731. the forwarding database and the vxlan device driver
  732. sends a copy of the data packet to each entry found.
  733. .PP
  734. The arguments are the same as with
  735. .BR "bridge fdb add" .
  736. .SS bridge fdb delete - delete a forwarding database entry
  737. This command removes an existing fdb entry.
  738. .PP
  739. The arguments are the same as with
  740. .BR "bridge fdb add" .
  741. .SS bridge fdb replace - replace a forwarding database entry
  742. If no matching entry is found, a new one will be created instead.
  743. .PP
  744. The arguments are the same as with
  745. .BR "bridge fdb add" .
  746. .SS bridge fdb show - list forwarding entries.
  747. This command displays the current forwarding table.
  748. .PP
  749. With the
  750. .B -statistics
  751. option, the command becomes verbose. It prints out the last updated
  752. and last used time for each entry.
  753. .SS bridge fdb get - get bridge forwarding entry.
  754. lookup a bridge forwarding table entry.
  755. .TP
  756. .B LLADDR
  757. the Ethernet MAC address.
  758. .TP
  759. .BI dev " DEV"
  760. the interface to which this address is associated.
  761. .TP
  762. .BI brport " DEV"
  763. the bridge port to which this address is associated. same as dev above.
  764. .TP
  765. .BI br " DEV"
  766. the bridge to which this address is associated.
  767. .TP
  768. .B self
  769. - the address is associated with the port drivers fdb. Usually hardware.
  770. .TP
  771. .B master
  772. - the address is associated with master devices fdb. Usually software (default).
  773. .SS bridge fdb flush - flush bridge forwarding table entries.
  774. flush the matching bridge forwarding table entries. Some options below have a negated
  775. form when "no" is prepended to them (e.g. permanent and nopermanent).
  776. .TP
  777. .BI dev " DEV"
  778. the target device for the operation. If the device is a bridge port and "master"
  779. is set then the operation will be fulfilled by its master device's driver and
  780. all entries pointing to that port will be deleted.
  781. .TP
  782. .BI brport " DEV"
  783. the target bridge port for the operation. If the bridge device is specified then only
  784. entries pointing to the bridge itself will be deleted. Note that the target device
  785. specified by this option will override the one specified by dev above.
  786. .TP
  787. .BI vlan " VID"
  788. the target VLAN ID for the operation. Match forwarding table entries only with the
  789. specified VLAN ID.
  790. .TP
  791. .BI src_vni " VNI"
  792. the src VNI Network Identifier (or VXLAN Segment ID) for the operation. Match
  793. forwarding table entries only with the specified VNI. Valid if the referenced
  794. device is a VXLAN type device.
  795. .TP
  796. .BI nhid " NHID"
  797. the ECMP nexthop group for the operation. Match forwarding table entries only
  798. with the specified NHID. Valid if the referenced device is a VXLAN type device.
  799. .TP
  800. .BI vni " VNI"
  801. the VXLAN VNI Network Identifier (or VXLAN Segment ID) for the operation. Match
  802. forwarding table entries only with the specified VNI. Valid if the referenced
  803. device is a VXLAN type device.
  804. .TP
  805. .BI port " PORT"
  806. the UDP destination PORT number for the operation. Match forwarding table
  807. entries only with the specified PORT. Valid if the referenced device is a VXLAN
  808. type device.
  809. .TP
  810. .BI dst " IPADDR"
  811. the IP address of the destination VXLAN tunnel endpoint for the operation. Match
  812. forwarding table entries only with the specified IPADDR. Valid if the referenced
  813. device is a VXLAN type device.
  814. .TP
  815. .B self
  816. the operation is fulfilled directly by the driver for the specified network
  817. device. If the network device belongs to a master like a bridge, then the
  818. bridge is bypassed and not notified of this operation. The "bridge fdb flush"
  819. command can also be used on the bridge device itself. The flag is set by default if
  820. "master" is not specified.
  821. .TP
  822. .B master
  823. if the specified network device is a port that belongs to a master device
  824. such as a bridge, the operation is fulfilled by the master device's driver.
  825. Flush with both 'master' and 'self' is not recommended with attributes that are
  826. not supported by all devices (e.g., vlan, vni). Such command will be handled by
  827. bridge or VXLAN driver, but will return an error from the driver that does not
  828. support the attribute. Instead, run flush twice - once with 'self' and once
  829. with 'master', and each one with the supported attributes.
  830. .TP
  831. .B [no]permanent
  832. if specified then only permanent entries will be deleted or respectively if "no"
  833. is prepended then only non-permanent entries will be deleted.
  834. .TP
  835. .B [no]static
  836. if specified then only static entries will be deleted or respectively if "no"
  837. is prepended then only non-static entries will be deleted.
  838. .TP
  839. .B [no]dynamic
  840. if specified then only dynamic entries will be deleted or respectively if "no"
  841. is prepended then only non-dynamic (static or permanent) entries will be deleted.
  842. .TP
  843. .B [no]added_by_user
  844. if specified then only entries with added_by_user flag will be deleted or respectively
  845. if "no" is prepended then only entries without added_by_user flag will be deleted.
  846. .TP
  847. .B [no]extern_learn
  848. if specified then only entries with extern_learn flag will be deleted or respectively
  849. if "no" is prepended then only entries without extern_learn flag will be deleted.
  850. .TP
  851. .B [no]sticky
  852. if specified then only entries with sticky flag will be deleted or respectively
  853. if "no" is prepended then only entries without sticky flag will be deleted.
  854. .TP
  855. .B [no]offloaded
  856. if specified then only entries with offloaded flag will be deleted or respectively
  857. if "no" is prepended then only entries without offloaded flag will be deleted.
  858. .sp
  859. .TP
  860. .B [no]router
  861. if specified then only entries with router flag will be deleted or respectively
  862. if "no" is prepended then only entries without router flag will be deleted. Valid
  863. if the referenced device is a VXLAN type device.
  864. .sp
  865. .SH bridge mdb - multicast group database management
  866. .B mdb
  867. objects contain known IP or L2 multicast group addresses on a link.
  868. .P
  869. The corresponding commands display mdb entries, add new entries, replace
  870. entries and delete old ones.
  871. .SS bridge mdb add - add a new multicast group database entry
  872. This command creates a new mdb entry.
  873. .TP
  874. .BI dev " DEV"
  875. the interface where this group address is associated.
  876. .TP
  877. .BI port " PORT"
  878. the port whose link is known to have members of this multicast group.
  879. .TP
  880. .BI grp " GROUP"
  881. the multicast group address (IPv4, IPv6 or L2 multicast) whose members reside
  882. on the link connected to the port.
  883. .B permanent
  884. - the mdb entry is permanent. Optional for IPv4 and IPv6, mandatory for L2.
  885. .sp
  886. .B temp
  887. - the mdb entry is temporary (default)
  888. .sp
  889. .TP
  890. .BI src " SOURCE"
  891. optional source IP address of a sender for this multicast group. If IGMPv3 for IPv4, or
  892. MLDv2 for IPv6 respectively, are enabled it will be included in the lookup when
  893. forwarding multicast traffic.
  894. .TP
  895. .BI vid " VID"
  896. the VLAN ID which is known to have members of this multicast group.
  897. .TP
  898. .BR "filter_mode include " or " filter_mode exclude "
  899. controls whether the sources in the entry's source list are in INCLUDE or
  900. EXCLUDE mode. Can only be set for (*, G) entries.
  901. .TP
  902. .BI source_list " SOURCE_LIST"
  903. optional list of source IP addresses of senders for this multicast group,
  904. separated by a ','. Whether the entry forwards packets from these senders or
  905. not is determined by the entry's filter mode, which becomes a mandatory
  906. argument. Can only be set for (*, G) entries.
  907. .TP
  908. .BI proto " PROTO"
  909. the routing protocol identifier of this mdb entry. Can be a number or a string
  910. from the file /etc/iproute2/rt_protos. If the routing protocol is not given,
  911. then
  912. .B static
  913. is assumed.
  914. .in -8
  915. The next command line parameters apply only
  916. when the specified device
  917. .I DEV
  918. is of type VXLAN.
  919. .TP
  920. .BI dst " IPADDR"
  921. the IP address of the destination
  922. VXLAN tunnel endpoint where the multicast receivers reside.
  923. .TP
  924. .BI dst_port " DST_PORT"
  925. the UDP destination port number to use to connect to the remote VXLAN tunnel
  926. endpoint. If omitted, the value specified at VXLAN device creation will be
  927. used.
  928. .TP
  929. .BI vni " VNI"
  930. the VXLAN VNI Network Identifier to use to connect to the remote VXLAN tunnel
  931. endpoint. If omitted, the value specified at VXLAN device creation will be used
  932. or the source VNI when the VXLAN device is in external mode.
  933. .TP
  934. .BI src_vni " SRC_VNI"
  935. the source VNI Network Identifier this entry belongs to. Used only when the
  936. VXLAN device is in external mode. If omitted, the value specified at VXLAN
  937. device creation will be used.
  938. .TP
  939. .BI via " DEV"
  940. device name of the outgoing interface for the VXLAN device to reach the remote
  941. VXLAN tunnel endpoint.
  942. .in -8
  943. The 0.0.0.0 and :: MDB entries are special catchall entries used to flood IPv4
  944. and IPv6 unregistered multicast packets, respectively. Therefore, when these
  945. entries are programmed, the catchall 00:00:00:00:00:00 FDB entry will only
  946. flood broadcast, unknown unicast and link-local multicast.
  947. .in -8
  948. .SS bridge mdb delete - delete a multicast group database entry
  949. This command removes an existing mdb entry.
  950. .PP
  951. The arguments are the same as with
  952. .BR "bridge mdb add" .
  953. .SS bridge mdb replace - replace a multicast group database entry
  954. If no matching entry is found, a new one will be created instead.
  955. .PP
  956. The arguments are the same as with
  957. .BR "bridge mdb add" .
  958. .SS bridge mdb show - list multicast group database entries
  959. This command displays the current multicast group membership table. The table
  960. is populated by IGMP and MLD snooping in the bridge driver automatically. It
  961. can be altered by
  962. .B bridge mdb add
  963. and
  964. .B bridge mdb del
  965. commands manually too.
  966. .TP
  967. .BI dev " DEV"
  968. the interface only whose entries should be listed. Default is to list all
  969. bridge interfaces.
  970. .PP
  971. With the
  972. .B -details
  973. option, the command becomes verbose. It prints out the ports known to have
  974. a connected router.
  975. .PP
  976. With the
  977. .B -statistics
  978. option, the command displays timer values for mdb and router port entries.
  979. .SS bridge mdb get - get multicast group database entry.
  980. This command retrieves a multicast group database entry based on its key.
  981. .TP
  982. .BI dev " DEV"
  983. the interface where this group address is associated.
  984. .TP
  985. .BI grp " GROUP"
  986. the multicast group address (IPv4, IPv6 or L2 multicast).
  987. .TP
  988. .BI src " SOURCE"
  989. the source IP address. Only relevant when retrieving an (S, G) entry.
  990. .TP
  991. .BI vid " VID"
  992. the VLAN ID. Only relevant when the bridge is VLAN-aware.
  993. .TP
  994. .BI src_vni " SRC_VNI"
  995. the source VNI Network Identifier. Only relevant when the VXLAN device is in
  996. external mode.
  997. .SS bridge mdb flush - flush multicast group database entries.
  998. This command flushes the matching multicast group database entries.
  999. .TP
  1000. .BI dev " DEV"
  1001. the interface where this group address is associated.
  1002. .TP
  1003. .BI port " PORT"
  1004. the target port for the operation. If the bridge device is specified then only
  1005. entries pointing to the bridge itself will be deleted.
  1006. .TP
  1007. .BI vid " VID"
  1008. the VLAN ID for the operation. Match entries only with the specified VLAN ID.
  1009. .TP
  1010. .BI src_vni " SRC_VNI"
  1011. the source VNI Network Identifier for the operation. Match entries only with
  1012. the specified source VNI.
  1013. .TP
  1014. .BI proto " PROTO"
  1015. the routing protocol identifier for the operation. Match entries only with the
  1016. specified routing protocol. Can be a number or a string from the file
  1017. /etc/iproute2/rt_protos.
  1018. .TP
  1019. .B [no]permanent
  1020. if specified then only permanent entries will be deleted or respectively if
  1021. "no" is prepended then only non-permanent (temp) entries will be deleted.
  1022. .TP
  1023. .BI dst " IPADDR"
  1024. the IP address of the destination VXLAN tunnel endpoint where the multicast
  1025. receivers reside. Match entries only with the specified destination IP.
  1026. .TP
  1027. .BI dst_port " DST_PORT"
  1028. the UDP destination port number to use to connect to the remote VXLAN tunnel
  1029. endpoint. Match entries only with the specified destination port number.
  1030. .TP
  1031. .BI vni " VNI"
  1032. the VXLAN VNI Network Identifier to use to connect to the remote VXLAN tunnel
  1033. endpoint. Match entries only with the specified destination VNI.
  1034. .SH bridge vlan - VLAN filter list
  1035. .B vlan
  1036. objects contain known VLAN IDs for a link.
  1037. .P
  1038. The corresponding commands display vlan filter entries, add new entries,
  1039. and delete old ones.
  1040. .SS bridge vlan add - add a new vlan filter entry
  1041. This command creates a new vlan filter entry.
  1042. .TP
  1043. .BI dev " NAME"
  1044. the interface with which this vlan is associated.
  1045. .TP
  1046. .BI vid " VID"
  1047. the VLAN ID that identifies the vlan.
  1048. .TP
  1049. .BI tunnel_info " TUNNEL_ID"
  1050. the TUNNEL ID that maps to this vlan. The tunnel id is set in
  1051. dst_metadata for every packet that belongs to this vlan (applicable to
  1052. bridge ports with vlan_tunnel flag set).
  1053. .TP
  1054. .B pvid
  1055. the vlan specified is to be considered a PVID at ingress.
  1056. Any untagged frames will be assigned to this VLAN.
  1057. .TP
  1058. .B untagged
  1059. the vlan specified is to be treated as untagged on egress.
  1060. .TP
  1061. .B self
  1062. the vlan is configured on the specified physical device. Required if the
  1063. device is the bridge device.
  1064. .TP
  1065. .B master
  1066. the vlan is configured on the software bridge (default).
  1067. .SS bridge vlan delete - delete a vlan filter entry
  1068. This command removes an existing vlan filter entry.
  1069. .PP
  1070. The arguments are the same as with
  1071. .BR "bridge vlan add".
  1072. The
  1073. .BR "pvid " and " untagged"
  1074. flags are ignored.
  1075. .SS bridge vlan set - change vlan filter entry's options
  1076. This command changes vlan filter entry's options.
  1077. .TP
  1078. .BI dev " NAME"
  1079. the interface with which this vlan is associated.
  1080. .TP
  1081. .BI vid " VID"
  1082. the VLAN ID that identifies the vlan.
  1083. .TP
  1084. .BI state " STP_STATE "
  1085. the operation state of the vlan. One may enter STP state name (case insensitive), or one of the
  1086. numbers below. Negative inputs are ignored, and unrecognized names return an
  1087. error. Note that the state is set only for the vlan of the specified device, e.g. if it is
  1088. a bridge port then the state will be set only for the vlan of the port.
  1089. .B 0
  1090. - vlan is in STP
  1091. .B DISABLED
  1092. state. Make this vlan completely inactive for STP. This is also called
  1093. BPDU filter and could be used to disable STP on an untrusted vlan.
  1094. .sp
  1095. .B 1
  1096. - vlan is in STP
  1097. .B LISTENING
  1098. state. Only valid if STP is enabled on the bridge. In this
  1099. state the vlan listens for STP BPDUs and drops all other traffic frames.
  1100. .sp
  1101. .B 2
  1102. - vlan is in STP
  1103. .B LEARNING
  1104. state. Only valid if STP is enabled on the bridge. In this
  1105. state the vlan will accept traffic only for the purpose of updating MAC
  1106. address tables.
  1107. .sp
  1108. .B 3
  1109. - vlan is in STP
  1110. .B FORWARDING
  1111. state. This is the default vlan state.
  1112. .sp
  1113. .B 4
  1114. - vlan is in STP
  1115. .B BLOCKING
  1116. state. Only valid if STP is enabled on the bridge. This state
  1117. is used during the STP election process. In this state, the vlan will only process
  1118. STP BPDUs.
  1119. .sp
  1120. .TP
  1121. .BI mcast_max_groups " MAX_GROUPS "
  1122. Sets the maximum number of MDB entries that can be registered for a given
  1123. VLAN on a given port. A VLAN-specific equivalent of the per-port option of
  1124. the same name, see above for details.
  1125. Note that this option is only available when \fBip link\fR option
  1126. \fBmcast_vlan_snooping\fR is enabled.
  1127. .TP
  1128. .BI mcast_router " MULTICAST_ROUTER "
  1129. configure this vlan and interface's multicast router mode, note that only modes
  1130. 0 - 2 are available for bridge devices.
  1131. A vlan and interface with a multicast router will receive all multicast traffic.
  1132. .I MULTICAST_ROUTER
  1133. may be either
  1134. .sp
  1135. .B 0
  1136. - to disable multicast router.
  1137. .sp
  1138. .B 1
  1139. - to let the system detect the presence of routers (default).
  1140. .sp
  1141. .B 2
  1142. - to permanently enable multicast traffic forwarding on this vlan and interface.
  1143. .sp
  1144. .B 3
  1145. - to temporarily mark this vlan and port as having a multicast router, i.e.
  1146. enable multicast traffic forwarding. This mode is available only for ports.
  1147. .sp
  1148. .TP
  1149. .BR "neigh_suppress on " or " neigh_suppress off "
  1150. Controls whether neigh discovery (arp and nd) proxy and suppression is enabled
  1151. for a given VLAN on a given port. By default this flag is off.
  1152. Note that this option only takes effect when \fBbridge link\fR option
  1153. \fBneigh_vlan_suppress\fR is enabled for a given port.
  1154. .SS bridge vlan show - list vlan configuration.
  1155. This command displays the current VLAN filter table.
  1156. .PP
  1157. With the
  1158. .B -details
  1159. option, the command becomes verbose. It displays the per-vlan options.
  1160. .PP
  1161. With the
  1162. .B -statistics
  1163. option, the command displays per-vlan traffic statistics.
  1164. .SS bridge vlan tunnelshow - list vlan tunnel mapping.
  1165. This command displays the current vlan tunnel info mapping.
  1166. .SS bridge vlan global set - change vlan filter entry's global options
  1167. This command changes vlan filter entry's global options.
  1168. .TP
  1169. .BI dev " NAME"
  1170. the interface with which this vlan is associated. Only bridge devices are
  1171. supported for global options.
  1172. .TP
  1173. .BI vid " VID"
  1174. the VLAN ID that identifies the vlan.
  1175. .TP
  1176. .BI mcast_snooping " MULTICAST_SNOOPING "
  1177. turn multicast snooping for VLAN entry with VLAN ID on
  1178. .RI ( MULTICAST_SNOOPING " > 0) "
  1179. or off
  1180. .RI ( MULTICAST_SNOOPING " == 0). Default is on. "
  1181. .TP
  1182. .BI mcast_querier " MULTICAST_QUERIER "
  1183. enable
  1184. .RI ( MULTICAST_QUERIER " > 0) "
  1185. or disable
  1186. .RI ( MULTICAST_QUERIER " == 0) "
  1187. IGMP/MLD querier, ie sending of multicast queries by the bridge. Default is disabled.
  1188. .TP
  1189. .BI mcast_igmp_version " IGMP_VERSION "
  1190. set the IGMP version. Default is 2.
  1191. .TP
  1192. .BI mcast_mld_version " MLD_VERSION "
  1193. set the MLD version. Default is 1.
  1194. .TP
  1195. .BI mcast_last_member_count " LAST_MEMBER_COUNT "
  1196. set multicast last member count, ie the number of queries the bridge
  1197. will send before stopping forwarding a multicast group after a "leave"
  1198. message has been received. Default is 2.
  1199. .TP
  1200. .BI mcast_last_member_interval " LAST_MEMBER_INTERVAL "
  1201. interval between queries to find remaining members of a group,
  1202. after a "leave" message is received.
  1203. .TP
  1204. .BI mcast_startup_query_count " STARTUP_QUERY_COUNT "
  1205. set the number of queries to send during startup phase. Default is 2.
  1206. .TP
  1207. .BI mcast_startup_query_interval " STARTUP_QUERY_INTERVAL "
  1208. interval between queries in the startup phase.
  1209. .TP
  1210. .BI mcast_membership_interval " MEMBERSHIP_INTERVAL "
  1211. delay after which the bridge will leave a group,
  1212. if no membership reports for this group are received.
  1213. .TP
  1214. .BI mcast_querier_interval " QUERIER_INTERVAL "
  1215. interval between queries sent by other routers. If no queries are seen
  1216. after this delay has passed, the bridge will start to send its own queries
  1217. (as if
  1218. .BI mcast_querier
  1219. was enabled).
  1220. .TP
  1221. .BI mcast_query_interval " QUERY_INTERVAL "
  1222. interval between queries sent by the bridge after the end of the
  1223. startup phase.
  1224. .TP
  1225. .BI mcast_query_response_interval " QUERY_RESPONSE_INTERVAL "
  1226. set the Max Response Time/Maximum Response Delay for IGMP/MLD
  1227. queries sent by the bridge.
  1228. .SS bridge vlan global show - list global vlan options.
  1229. This command displays the global VLAN options for each VLAN entry.
  1230. .TP
  1231. .BI dev " DEV"
  1232. the interface only whose VLAN global options should be listed. Default is to list
  1233. all bridge interfaces.
  1234. .TP
  1235. .BI vid " VID"
  1236. the VLAN ID only whose global options should be listed. Default is to list
  1237. all vlans.
  1238. .SH bridge vni - VNI filter list
  1239. .B vni
  1240. objects contain known VNI IDs for a dst metadata vxlan link.
  1241. .P
  1242. The corresponding commands display vni filter entries, add new entries,
  1243. and delete old ones.
  1244. .SS bridge vni add - add a new vni filter entry
  1245. This command creates a new vni filter entry.
  1246. .TP
  1247. .BI dev " NAME"
  1248. the interface with which this vni is associated.
  1249. .TP
  1250. .BI vni " VNI"
  1251. the VNI ID that identifies the vni.
  1252. .TP
  1253. .BI remote " IPADDR"
  1254. specifies the unicast destination IP address to use in outgoing packets
  1255. when the destination link layer address is not known in the VXLAN device
  1256. forwarding database. This parameter cannot be specified with the group.
  1257. .TP
  1258. .BI group " IPADDR"
  1259. specifies the multicast IP address to join for this VNI
  1260. .SS bridge vni del - delete a new vni filter entry
  1261. This command removes an existing vni filter entry.
  1262. .PP
  1263. The arguments are the same as with
  1264. .BR "bridge vni add".
  1265. .SS bridge vni show - list vni filtering configuration.
  1266. This command displays the current vni filter table.
  1267. .PP
  1268. With the
  1269. .B -statistics
  1270. option, the command displays per-vni traffic statistics.
  1271. .TP
  1272. .BI dev " NAME"
  1273. shows vni filtering table associated with the vxlan device
  1274. .SH bridge monitor - state monitoring
  1275. The
  1276. .B bridge
  1277. utility can monitor the state of devices and addresses
  1278. continuously. This option has a slightly different format.
  1279. Namely, the
  1280. .B monitor
  1281. command is the first in the command line and then the object list follows:
  1282. .BR "bridge monitor" " [ " all " |"
  1283. .IR OBJECT-LIST " ]"
  1284. .I OBJECT-LIST
  1285. is the list of object types that we want to monitor.
  1286. It may contain
  1287. .BR link ", " fdb ", " vlan " and " mdb "."
  1288. If no
  1289. .B file
  1290. argument is given,
  1291. .B bridge
  1292. opens RTNETLINK, listens on it and dumps state changes in the format
  1293. described in previous sections.
  1294. .P
  1295. If a file name is given, it does not listen on RTNETLINK,
  1296. but opens the file containing RTNETLINK messages saved in binary format
  1297. and dumps them.
  1298. .SH NOTES
  1299. This command uses facilities added in Linux 3.0.
  1300. Although the forwarding table is maintained on a per-bridge device basis
  1301. the bridge device is not part of the syntax. This is a limitation of the
  1302. underlying netlink neighbour message protocol. When displaying the
  1303. forwarding table, entries for all bridges are displayed.
  1304. Add/delete/modify commands determine the underlying bridge device
  1305. based on the bridge to which the corresponding ethernet device is attached.
  1306. .SH SEE ALSO
  1307. .BR ip (8)
  1308. .SH BUGS
  1309. .RB "Please direct bugreports and patches to: " <netdev@vger.kernel.org>
  1310. .SH AUTHOR
  1311. Original Manpage by Stephen Hemminger