Also check out Open vSwitch http://openvswitch.org/

We use it to add bridged adapters with VLAN tags to our hypervisors

I'm not sure if this is still the case but the linux bridge had(has?) a limit of 1024 ports. OVS does not have this. Also OVS can give you GRE and VXVLAN as well.

Yeah, it's pretty neat as well.

You would probably prefer the netlink interface these days over the old ioctl interface to configure bridges. But for an introduction the older one is probably easier to explain.

Any reason netlink would be preferable if you're only making these calls <10 per minute?

You have access to far more parameters through Netlink than through ioctl. For bridges, this includes VLAN tagging, flood behavior, filtering behavior, per-port MAC learning, etc. Any recent development on bridges for Linux is only accessible through sysfs and netlink.

FYI: You can do this on the small scale using ProxyARP. I did this once on a network interface connected to the DSL modem, and then proxy ARPed between that interface and another DMZ interface, and it worked just fine. For the router, I set up an ARP on the DMZ interface with that interface's MAC for the router IP, and for each machine in the DMZ I set up the DSL network's MAC with the systems IPs. So each side would see the routers MAC when doing ARP, but when the router received it it would know to send it on to the other interface.

Bridging works great, but it's kind of fun to see this at the proxy ARP level.

My initial impression is that this is like netgraph[1] but for Linux ?

[1] https://www.freebsd.org/cgi/man.cgi?netgraph(4)

Isn't it more like https://www.freebsd.org/cgi/man.cgi?if_bridge(4) ?

What are the use cases for this tech? I've tried web searching and only got technical explanations on how to do it, not what.

One of the use cases for bridge is to provide networking in containers. Docker has bridge networking that you can check out: https://docs.docker.com/engine/userguide/networking/#default...

This would have been a nice link to have back when I was building my own Linux-routers.

Very well written, and I like how he used strace on all those examples.

This only works with dedicated hardware, right? I can't just take an arbitrary board like the raspberry pi and do this?

No dedicated hardware required. Bridges can be placed on virtual interfaces. You often see this happen with things like VMs and containers but you don't even need that specifically.

Works fine on a pi with either usb interfaces or virtual ones.

If you want to experiment at a low cost, though, there's the Banana PI BPI-R1. A ~$70 linux ARM dev board with 5 GB ethernet interfaces.

You can even bridge an interface to a tun/tap device, which is quite useful for VPNs and doing your own packet-twiddling code.

It's a linux software bridge, and should work on raspberry pi.

Bridge works very well on a RaspberryPi within the physical hardware limits.

An example using bridge to packet capture. https://github.com/williamknows/PiTap

Yep. Just finished teaching a networking course using the pi as the basis for labs and projects. Had a scenario that required students to set up a bridge. Just plug in a couple of usb network adapters.

You can also do this with a VLAN interface. At my recommendation, a friend set up Raspberry Pi at home connected to a VLAN capable switch to break that one Ethernet interface out to 7.