Lately I’ve had some conversations about how Linux sucks at bridging tagged VLANs into VMs, which just isn’t true anymore.
With recent Kernels Linux bridges have become vlan-aware and now allow configuring any bridge port like a port of any decent network switch with respect to 802.1q VLANS. A port can present a VLAN as untagged traffic as well as a number of VLANs in tagged mode. As can be expected, SVIs can be configured as vlan interfaces of a bridge, too.
The old brctl utility has been integrated within the iproute suite as part of of ip link. The commands map as follows:
brctl addbr br0
ip link add br0 type bridge
[ forward_delay FORWARD_DELAY ]
...
[ vlan_filtering VLAN_FILTERING ]
[ vlan_default_pvid VLAN_D_PVID ]
...
[ nf_call_iptables NF_CALL_IPT ]
[ nf_call_ip6tables NF_CALL_IP6TABLES ]
[ nf_call_arptables NF_CALL_ARPTABLES ]
brctl addif br0 eth0
ip link set eth0 master br0