diff --git a/cleanup.sh b/cleanup.sh
index 0a0488f..ea395c3 100755
--- a/cleanup.sh
+++ b/cleanup.sh
@@ -1,6 +1,12 @@
 #!/bin/sh
 
+set -eu
+
 for mach in machines/*; do
 	statedir="state/${mach##*/}"
 	rm -rvf "$statedir"
 done
+
+for net in networks/*; do
+	test -e $net/down.sh && $net/down.sh
+done
diff --git a/init.sh b/init.sh
index 805f6a1..9186ccd 100755
--- a/init.sh
+++ b/init.sh
@@ -1,6 +1,11 @@
 #!/bin/sh
 
 set -eu
+
+for net in networks/*; do
+	$net/up.sh
+done
+
 for mach in machines/*; do
 	$mach/run-shim.sh
 done
diff --git a/lib.shs b/lib.shs
index 3031f74..b085df9 100644
--- a/lib.shs
+++ b/lib.shs
@@ -5,6 +5,15 @@ mach=$(basename $(dirname "$0"))
 netns=netns
 nethorror_root="`pwd`" # and hope?
 
+warn() {
+	echo >&2 "Warning:" "$@"
+}
+
+die() {
+	echo >&2 "DIE:" "$@"
+	exit 42
+}
+
 ensure_started() {
 	test -e state/$mach/$netns || machines/$mach/start.sh
 }
@@ -22,3 +31,26 @@ setup_statedir() {
 	done
 }
 
+bridge_name() {
+	echo "br_$1"
+}
+
+make_bridge() {
+	br="$(bridge_name "$mach")"
+	ip link add name "$br" type bridge
+	ip link set dev "$br" up
+}
+
+veth_to_bridge() {
+	ifname="$1"
+	br_raw="$2"
+	br="$(bridge_name "$br_raw")"
+	ve_br_orig="ve_${mach}_${br_raw}"
+	ve_br="${ve_br_orig::15}"
+	test "$ve_br" != "$ve_br_orig" && warn "interface name $ve_br_orig shortened to $ve_br"
+	ip link show dev "$ve_br" >/dev/null && die "interface $ve_br already exists!"
+	ip link add name "$ifname" type veth peer "$ve_br"
+	ip link set dev "$ve_br" master "$br"
+	ip link set dev "$ve_br" up
+	ip link set dev "$ifname" netns ./state/$mach/netns # FIXME: hardcoded
+}
diff --git a/machines/iana/setup.sh b/machines/iana/setup.sh
index 667db30..bb09af1 100755
--- a/machines/iana/setup.sh
+++ b/machines/iana/setup.sh
@@ -2,7 +2,6 @@
 set -eu
 
 # typically: bring up the networks
-# TODO: veth naming?
+ip addr add 100.100.0.1/29 dev vps_ve
+ip link set vps_ve up
 
-# dummy for now:
-ip route add unreachable 192.168.3.0/24
diff --git a/machines/iana/start.sh b/machines/iana/start.sh
index 9a0474c..0d74b12 100755
--- a/machines/iana/start.sh
+++ b/machines/iana/start.sh
@@ -7,4 +7,4 @@ setup_statedir
 
 unshare $namespaces /bin/true # just create the namespaces
 
-# TODO: connect to the bridges
+veth_to_bridge vps_ve vpsuplink
diff --git a/networks/vpsuplink/up.sh b/networks/vpsuplink/up.sh
new file mode 100755
index 0000000..19c7ca2
--- /dev/null
+++ b/networks/vpsuplink/up.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+set -eu
+
+. ./lib.shs
+make_bridge