Log in
Request Support

How to Create Linux Bridge using Open vSwitch

  • Blog
  • How to Create Linux Bridge using Open vSwitch

In virtual and cloud environments, efficient and flexible networking is required in order to interconnect virtual machines (VMs) with each other and with the outside world. Until now, Linux administrators employed the Linux bridge as a move aimed at realizing that functionality. Although a light and efficient utility, the Linux bridge does not suffice in matters relating to more complex functionality such as traffic shaping, VLAN tagging, and interoperation with software-defined network systems (SDN systems).

That is where Open vSwitch (OVS) comes in. OVS is a multilayer production-quality virtual switch designed to work toward the goal of having added network automation functionality without having to sacrifice support for a typical management interface and protocols, including NetFlow, sFlow, SPAN, RSPAN, LACP, and 802.1Q VLAN tagging.

When setting up a Linux bridge with OVS, admins achieve:

  • Enhanced flexibility during interconnecting VMs, containers, and NICsphysical
  • Supporting SDN platforms as OpenStack and network solutions in Kubernetes
  • Enhanced transparency and governance through monitoring and traffic policy
  • Large-scale scalability in virtualization clusters
🔥 TRENDING - Our #1 Selling eBook

Mastering KVM Virtualization - The Ultimate eBook

From home labs to production clouds - master KVM Host management, automating KVM administration using Terraform, Vagrant, and cloud automation. This eBook will enable you to build scalable virtual infrastructure that works whether you're learning at home or deploying enterprise solutions. Get your full copy today

Only $10 $20
Get Instant Access →

In this guide, we will walk through the steps of installing Open vSwitch and creating a Linux bridge that can be used to connect KVM virtual machines to external networks.

If you don’t have Open vSwitch installed, refer to our guide below:

Then, list physical network interfaces in your machine.

ip link show

Here is a sample output from the command:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
    link/ether bc:24:11:25:bc:77 brd ff:ff:ff:ff:ff:ff
    altname enp0s18
3: ens19: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether bc:24:11:f0:a8:fc brd ff:ff:ff:ff:ff:ff
    altname enp0s19

We shall configure ens19 network interface.

1. Create a bridge on Debian

On Debian systems, Open vSwitch bridges and ports are configured via /etc/network/interfaces.

Bridge and Port Configuration
  • Use allow-ovs followed by the bridge name to define a bridge. Example: allow-ovs br0
  • Use allow-<bridge-name> followed by the port name to define a port. Example: allow-br0 eth0
Supported ovs_* Options
  • ovs_type: Type of interface. Must be one of: OVSBridge, OVSPort, OVSIntPort, OVSBond, OVSPatchPort, OVSTunnel. (Required)
  • ovs_ports: Lists all ports in a bridge.
  • ovs_bridge: Name of the bridge a port belongs to. (Required for ports)
  • ovs_bonds: Physical interfaces to bond together.
  • ovs_patch_peer: For OVSPatchPort, defines the peer patch port.
  • ovs_tunnel_type: For OVSTunnel, sets the tunnel type (e.g., gre, vxlan).
  • ovs_tunnel_options: Tunnel options like remote_ip, key, etc.
  • ovs_options: Extra arguments for ovs-vsctl.
  • ovs_extra: Additional ovs-vsctl commands, separated by --

List available physical network interfaces on your Debian system:

ip link show
ip addr show
Example 1. Create a standalone bridge.

The following configuration sets up a single, standalone OVS bridge named br0 with a static IP address. This bridge is not connected to any physical network interface and is useful for internal networking between virtual machines or containers.

allow-ovs br0
iface br0 inet static
    address 192.168.1.1
    netmask 255.255.255.0
    ovs_type OVSBridge

Explanation:

  • allow-ovs br0: Ensures that the br0 interface is managed by Open vSwitch when using ifup.
  • iface br0 inet static: Defines a static IP configuration for the br0 interface.
  • address 192.168.1.1: Assigns the IP address 192.168.1.1 to the bridge.
  • netmask 255.255.255.0: Specifies the subnet mask for the network.
  • ovs_type OVSBridge: Indicates that this interface is an Open vSwitch bridge.
Example 2. Create a bridge with one port.

In this example, we will configure an Open vSwitch (OVS) bridge using the ens8 network interface.

auto ovsbr0
iface ovsbr0 inet static
	ovs_type OVSBridge
	ovs_ports ens8
  address 172.35.1.2
  netmask 255.255.255.0

auto ens8
iface ens8 inet manual
	ovs_bridge ovsbr0
	ovs_type OVSPort

Test the activation of the OVS bridge by running the ifup command:

sudo apt install ifupdown
sudo ifup ovsbr0
Example 3. Create a bridge with multiple ports.

The following configuration creates an Open vSwitch (OVS) bridge named br10 and attaches two physical network interfaces, ens10 and ens11, as ports. The bridge is configured to obtain an IP address via DHCP.

allow-ovs br10
iface br10 inet dhcp
    ovs_type OVSBridge
    ovs_ports ens10 ens11

allow-br10 ens10
iface ens10 inet manual
    ovs_bridge br10
    ovs_type OVSPort

allow-br10 ens11
iface ens11 inet manual
    ovs_bridge br10
    ovs_type OVSPort
Example 3. Create OVS bridge with bonded interfaces

The following configuration demonstrates how to create an Open vSwitch bridge (br100) with a bonded interface (bond0) that aggregates two physical network interfaces (ens7 and ens8). This setup enables high availability and increased throughput using LACP (Link Aggregation Control Protocol).

In an Open vSwitch (OVS) setup, the bond is created by OVS itself, not by traditional Linux bonding modules

allow-ovs br100
iface br100 inet static
    address 192.170.1.1
    netmask 255.255.255.0
    ovs_type OVSBridge
    ovs_ports bond0

allow-br100 bond0
iface bond0 inet manual
    ovs_bridge br100
    ovs_type OVSBond
    ovs_bonds ens7 ens8
    ovs_options bond_mode=balance-tcp lacp=active
  • ovs_ports bond0: Attaches the bonded interface bond0 as a port on the bridge.
  • allow-br100 bond0: Associates the bond interface with the br100 bridge.
  • iface bond0 inet manual: Indicates no IP is assigned directly to the bond (it’s handled via the bridge).
  • ovs_bridge br100: Links bond0 to br100.
  • ovs_type OVSBond: Specifies that this is a bonded OVS port.
  • ovs_bonds ens7 ens8: Lists the physical interfaces to be bonded.
  • bond_mode=balance-tcp: Distributes traffic based on TCP hash (MAC/IP/port).
  • lacp=active: Enables LACP in active mode for dynamic link aggregation.

This setup is ideal for:

  • High-availability: Ensuring network connectivity continues even if one NIC fails.
  • High-throughput: Aggregating bandwidth across multiple interfaces.
  • Data centers or production deployments that use LACP-compatible switches.
Example 4. Connecting OVS Bridges with Patch Ports

This example demonstrates how to connect two Open vSwitch (OVS) bridges, br20 and br30, using OVS patch ports. Patch ports are virtual links between two OVS bridges, allowing traffic to flow between them as if connected by a physical cable.

# Define OVS Bridge br20 and attach patch0
allow-ovs br20
iface br20 inet manual
    ovs_type OVSBridge
    ovs_ports patch0

# Define patch0 and link it to patch1 on br30
allow-br20 patch0
iface patch0 inet manual
    ovs_bridge br20
    ovs_type OVSPatchPort
    ovs_patch_peer patch1

# Define OVS Bridge br30 and attach patch1
allow-ovs br30
iface br30 inet manual
    ovs_type OVSBridge
    ovs_ports patch1

# Define patch1 and link it back to patch0 on br20
allow-br30 patch1
iface patch1 inet manual
    ovs_bridge br30
    ovs_type OVSPatchPort
    ovs_patch_peer patch0
  • br20 and br30 are two separate OVS bridges.
  • patch0 is a virtual patch port on br20, connected to patch1 on br30.
  • patch1 is the counterpart patch port on br1, connected back to patch0.
Example 5. Configuring a GRE Tunnel in Open vSwitch (OVS)

This example demonstrates how to set up a GRE tunnel using Open vSwitch, which allows Layer 2 connectivity across Layer 3 networks. The configuration connects an OVS bridge (br1) on a local host to a remote OVS endpoint at 192.168.1.20.

# Define the OVS bridge with a static IP address
allow-ovs br1
iface br1 inet static
    address 192.168.1.10
    netmask 255.255.255.0
    ovs_type OVSBridge
    ovs_ports gre1

# Define the GRE tunnel interface and attach it to br1
allow-br1 gre1
iface gre1 inet manual
    ovs_bridge br1
    ovs_type OVSTunnel
    ovs_tunnel_type gre
    ovs_tunnel_options options:remote_ip=192.168.1.20 options:key=1

Explanation:

  • ovs_ports gre1: Specifies that the GRE tunnel interface gre1 is part of this bridge.
  • iface gre1 inet manual: No IP address is assigned directly to the tunnel.
  • ovs_type OVSTunnel: Marks gre1 as a tunnel port.
  • ovs_tunnel_type gre: Specifies the use of GRE encapsulation.
  • ovs_tunnel_options: remote_ip=192.168.1.20: The IP of the remote GRE tunnel endpoint. And key=1: A tunnel identifier (can be used to distinguish between multiple tunnels).

2. Creating OVS bridges on RHEL-based systems using NMCLI

In this section, we will focus on configuring OVS bridges on RHEL-based Linux systems that use NetworkManager to manage network settings. We will explore different types of bridges and provide practical examples for each.

Before you perform any OVS configurations, install OVS integration package for NetworkManager:

sudo dnf install NetworkManager-ovs

Restart NetworkManager service after making the change:

sudo systemctl restart NetworkManager

List all existing connections and delete any that are not needed—especially if you plan to use pre-configured interfaces.

nmcli con show
Example 1: Create a standalone bridge

Let’s create a standalone bridge in /etc/sysconfig/network-scripts/ifcfg-ovsbr0:

nmcli conn add type ovs-bridge conn.interface ovsbr0
nmcli conn add type ovs-port conn.interface port0 controller ovsbr0

nmcli conn add type ovs-interface port-type ovs-port conn.interface iface0 \
controller port0 ipv4.method manual ipv4.address 172.39.1.9/24

Even for a single interface, a Port must be created. Until the Interface is added, the Bridge and Port may appear active but aren’t yet in OVSDB. Use ovs-vsctl show to confirm.

ovs-vsctl show

Sample output:

9a7bf9f2-1ff1-4667-97b2-f44723f41278
    Bridge ovsbr0
        Port port0
            Interface iface0
                type: internal
    ovs_version: "3.5.1-16.el9"
Example 2: Create an OVS bridge with physical interface eth1

This example demonstrates how to create an Open vSwitch (OVS) bridge that utilizes the physical network interface eth1.

# Create the OVS bridge named ovsbr1
nmcli conn add type ovs-bridge conn.interface ovsbr1 autoconnect yes

# Add a port to the bridge for the internal OVS interface (iface0)
nmcli conn add type ovs-port conn.interface port0 master ovsbr1 autoconnect yes

# Add the internal OVS interface to the created port port0
nmcli conn add type ovs-interface conn.interface iface0 master port0 autoconnect yes \
ipv4.method manual ipv4.address 172.35.1.12/24

# Add another port to the bridge for the Ethernet interface
nmcli conn add type ovs-port conn.interface port1 master ovsbr1 autoconnect yes

# Connect the Ethernet interface to the created port
nmcli conn add type ethernet conn.interface eth1 master port1 autoconnect yes

nmcli con show
ovs-vsctl show

To enable DHCP, set ipv4.method to auto and remove any manually assigned IPv4 addresses.

Example 3: Configuring a VLAN-Tagged Interface on OVS bridge ovsbr1

This setup creates a tagged VLAN interface on the OVS bridge ovsbr1, allowing it to handle traffic for a specific VLAN over a shared physical or virtual interface. It’s useful for network segmentation and multi-tenant environments.

# Create the OVS bridge named ovsbr1
nmcli conn add type ovs-bridge conn.interface ovsbr1 autoconnect yes

# Add a port to the bridge for the internal OVS interface (iface0)
nmcli conn add type ovs-port conn.interface port0 master ovsbr1 autoconnect yes

# Add the internal OVS interface to the created port port0
nmcli conn add type ovs-interface conn.interface iface0 master port0 autoconnect yes \
ipv4.method manual ipv4.address 172.35.1.12/24

# Add another port to the bridge for the Ethernet interface with VLAN tag
nmcli conn add type ovs-port conn.interface port1 master ovsbr1 autoconnect yes ovs-port.tag 200

# Connect the Ethernet interface to the created port
nmcli conn add type ethernet conn.interface eth1 master port1 autoconnect yes

nmcli con show
ovs-vsctl show
Example 4: Create OVS bridge with Bond

This setup creates an Open vSwitch (OVS) bridge with a bonded interface, combining multiple physical NICs for increased bandwidth and redundancy. It’s ideal for high-availability and performance-critical environments.

# Create an Open vSwitch (OVS) bridge named 'ovsbr2'
nmcli conn add type ovs-bridge conn.interface ovsbr2 autoconnect yes

# Add a logical OVS port 'port0' to the bridge 'ovsbr2'
nmcli conn add type ovs-port conn.interface port0 master ovsbr2 autoconnect yes

# Create an internal OVS interface 'iface0' under 'port0' with a static IP
# This is typically used for internal communication or routing
nmcli conn add type ovs-interface conn.interface iface0 master port0 autoconnect yes \
ipv4.method manual ipv4.address 172.35.1.14/24

# Add another logical OVS port 'port1' to a different bridge 'ovsbr1' (assumes ovsbr1 already exists)
# This port might be used for VLAN-tagged traffic or additional interface configurations
nmcli conn add type ovs-port conn.interface port1 master ovsbr1 autoconnect yes

# Create a bonded interface 'bond0' as an OVS port attached to 'ovsbr2'
# This bond aggregates multiple Ethernet interfaces for redundancy and throughput
nmcli conn add type ovs-port conn.interface bond0 master ovsbr2 autoconnect yes

# Add physical Ethernet interfaces 'eth1' and 'eth2' as slaves to the bonded port 'bond0'
# This enables LACP or other bonding modes for high availability and bandwidth
nmcli conn add type ethernet conn.interface eth1 master bond0 autoconnect yes
nmcli conn add type ethernet conn.interface eth2 master bond0 autoconnect yes

# Check connections
nmcli con show
ovs-vsctl show

An OVS KVM network bridge XML will look like below:

<network>
  <name>br0-net</name>
  <forward mode='bridge'/>
  <bridge name='br0'/>
  <virtualport type='openvswitch'/>
</network>

If this was helpful, don’t forget to check out our KVM eBook. Whether at work or on the go, access Mastering KVM Virtualization anytime, in the book you will learn:

  • Host Network Management using Netplan: bridges, VLANs, Bonded interfaces
  • Host Network Management using Network Manager (NMCLI) – bridged, VLANs, Bonds/Teamed
  • Host Network Management using Networking Scripts
  • Host Network Management using Open vSwitch
Twitter Facebook Linkedin Whatsapp Reddit

Join our Linux and open source community. Subscribe to our newsletter for tips, tricks, and collaboration opportunities!

Recent Post

Categories

Unlock the Right Solutions with Confidence

At CloudSpinx, we don’t just offer services - we deliver clarity, direction, and results. Whether you're navigating cloud adoption, scaling infrastructure, or solving DevOps challenges, our seasoned experts help you make smart, strategic decisions with total confidence. Let us turn complexity into opportunity and bring your vision to life.

Email us
Chat with us

Leave a Comment

Your email address will not be published. Required fields are marked *

Related Post

How to Install Open vSwitch on Debian-based, RHEL-based, and Generic Linux OS

When working with KVM, traditional Linux bridges offer a simple and effective way to provide networking to virtual machines (VMs). […]

  • NO COMMENTS
  • September 8, 2025
How to Manage KVM Host Network using Networking Scripts

Configuring networks on Linux systems is achievable with numerous tools and frameworks. Although today’s releases like RHEL, CentOS Stream, and […]

  • NO COMMENTS
  • September 6, 2025
KVM Host Network Management using Network Manager (NMCLI)

While administering a KVM host, one of the crucial things is network configuration. Virtual machines (VMs) rely on stable connectivity […]

  • NO COMMENTS
  • September 5, 2025

Let's Connect

Unleash the full potential of your business with CloudSpinx. Our expert solutions specialists are standing by to answer your questions and tailor a plan that perfectly aligns with your unique needs.
You will get a response from our solutions specialist within 12 hours
We understand emergencies can be stressful. For immediate assistance, chat with us now

Contact CloudSpinx today!

Download CloudSpinx Profile

Discover the full spectrum of our expertise and services by downloading our detailed Company Profile. Simply enter your first name, last name, and email address.