[Answered] Technical Reason for "Bridging Everything"

It has long puzzled my as to why it seems to be OpenWRT/LEDE configuration practice to immediately associate each physical interface with a bridge as well as to assign IP addresses to the bridge rather than the underlying "physical" interface. I'll admit most of my experience is with FreeBSD and netgraph, but I doesn't seem to be common practice on Linux, at least with what I've seen with Fedora/RedHat or Debian/Ubuntu.

At least in the situation where a physical interface is not bridged to another interface (for example, it only sends and receives packets through the physical switch), it seems as though putting the interface into promiscuous mode, registering the rx handler, then the overhead of the bridge itself (arguably small, but still potentially sees a large number of MACs and needs to handle STP and other control-plane packets) aren't "needed" from an operational perspective.

Similarly, it seems "strange" to me to assign the IP address to the bridge's pseudo-interface rather than the physical interface. While creating a bridge is certainly an "easy" way to create a virtual interface without needing another kernel driver, when you've got a physical interface, I'm hard pressed to find a compelling reason to assign the IP address to the bridge, rather than the physical interface.

I can see how consistency would make laying a GUI on top of a configuration that always dealt with bridges a lot easier than one that had to deal one way with interfaces and another with bridges.

Is there a gap in my thinking that would make assignment of IP addresses directly to the underlying interfaces (and, for example, their VLAN sub-interfaces) a bad plan going forward?

When using a bridge in Linux you have to assign IP addresses to the bridge interface. Assigning them to interfaces which are part of the bridge won't work.

And the bridge is needed if you want the wired ports to be in the same broadcast domain, i.e. local network, as the wireless network. Using all switch ports as lan ports is also what most users expect I guess.

1 Like

Thanks! That was the clue that made it all click for me. Linux bridges "swallow" the entire interface.

It's a little different than the way netgraph handles ng_ether and ng_bridge