Create and Configure Bridge Networking For KVM in Linux

There are various ways of configuring Bridge Networking in Linux for use in KVM. The default network used by a Virtual Machine launched in KVM is NAT network. With NAT networking, a virtual network is created for the guest machines which is then mapped to host network to provide internet connectivity.

Original content from computingforgeeks.com - post 37

When you configure and use Bridged networking, guest operating systems access external network connected directly to the host machine. A bridge can be created either using Virtual Machine Manager, using virsh command line tool, by directly editing network scripts or using Linux Network management tools.

Method 1: Creating Bridge Network with NAT

Follow these steps to create a Linux bridge from Virtual Machine Manager (GUI). You need to have installed KVM on your system. The demonstration done in this method is for NATed bridge setups.

How to install KVM on RHEL/CentOS 8, Fedora, Arch Linux, CentOS, Ubuntu/Debian, SLES

Open Virtual Machine Manager, and go to Edit > Connection Details > Virtual Networks

Configure a new network interface by clicking the + at the bottom of the window. Give the virtual network a name.

Click the Forward button, on next window, provide virtual network information.

Click forward and choose if to enable IPv6.

Select the network type and forwarding policy.

Finish the setting and save your configurations. The new Virtual network should show on the overview page.

A bridge on the host system is automatically created for the network.

$ brctl show virbr4      
bridge name	bridge id		STP enabled	interfaces
virbr4		8000.525400c2410a	yes		virbr4-nic

Method 2: Create KVM bridge with virsh command.

Create a new bridge XML file.

vim br10.xml

Add bridge details to the file.

<network>
  <name>br10</name>
  <forward mode='nat'>
    <nat>
      <port start='1024' end='65535'/>
    </nat>
  </forward>
  <bridge name='br10' stp='on' delay='0'/>
  <ip address='192.168.30.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.30.50' end='192.168.30.200'/>
    </dhcp>
  </ip>
</network>

To define a network from an XML file without starting it, use:

$ sudo virsh net-define  br10.xml
Network br1 defined from br10.xml

To start a (previously defined) inactive network, use:

$ sudo virsh net-start br10
Network br10 started

To set network to autostart at service start:

$ sudo virsh net-autostart br10
Network br10 marked as autostarted

Check to Confirm if autostart flag is turned to yes – Persistent should read yes as well.

$ sudo virsh net-list --all
 Name              State    Autostart   Persistent
----------------------------------------------------
 br10              active   yes         yes
 default           active   yes         yes
 docker-machines   active   yes         yes
 fed290            active   no          yes
 vagrant-libvirt   active   no          yes

Confirm bridge creation and IP address.

$ ip addr show dev br10
28: br10: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:94:00:f5 brd ff:ff:ff:ff:ff:ff
    inet 192.168.30.1/24 brd 192.168.30.255 scope global br10
       valid_lft forever preferred_lft forever

Method 3: Create a bridge by editing network scripts

We’ll consider two systems.

1) RHEL based Linux systems

Below script will create a bridge called br10.

sudo vim /etc/sysconfig/network-scripts/ifcfg-br10

With:

DEVICE=br10
STP=no
TYPE=Bridge
BOOTPROTO=none
DEFROUTE=yes
NAME=br10
ONBOOT=yes
DNS1=8.8.8.8
DNS2=192.168.30.1
IPADDR=192.168.30.3
PREFIX=24
GATEWAY=192.168.30.1

The configuration of eth0 interface that I’m bridging to will be:

$ cat /etc/sysconfig/network-scripts/ifcfg-eth0 
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
BRIDGE=br10

Bring up the interfaces:

sudo ifdown br10
sudo ifup br10

2) Debian based Linux systems

Configure Bridging interface:

$ sudo vim  /etc/network/interfaces
auto br10 
iface br10 inet static
address 192.168.1.10
network 192.168.1.1
netmask 255.255.255.0
broadcast 192.168.1.255
gateway 192.168.1.1
dns-nameservers 192.168.1.1
bridge_ports eth0
bridge_stp off

Disable all lines on eth0 interface section to look something like below:

auto eth0
iface eth0 inet manual

Restart your networking service.

 sudo systemctl restart networking.service

Method 5: Using Nmcli tool

Use the nmcli network management command line tool to create a Linux bridge on the desired interface. Let’s first list all available connections.

$ sudo nmcli connection show 
NAME                UUID                                  TYPE      DEVICE 
enp1s0              498869bb-0d88-4a4c-a83a-c491d1040b0b  ethernet  enp1s0 
Wired connection 1  0977f29f-fa2e-3d7f-831c-6f41f8782be3  ethernet  enp7s0 

Since my bridge will be created on the second device enp7s0, I’ll delete the existing connection then create a bridge with this device.

$ sudo nmcli connection delete 0977f29f-fa2e-3d7f-831c-6f41f8782be3
Connection 'Wired connection 1' (0977f29f-fa2e-3d7f-831c-6f41f8782be3) successfully deleted.

1. Save bridge related information to variables.

BR_NAME="br10"
BR_INT="enp7s0"
SUBNET_IP="192.168.30.10/24"
GW="192.168.30.1"
DNS1="8.8.8.8"
DNS2="8.8.4.4"

Where:

• BR_NAME: The name of the bridge to be created.
• BR_INT: the physical network device to be used as bridge slave.
• SUBNET_IP: IP address and subnet assigned to the bridge created.
• GW: The IP address of the default gateway
• DNS1 and DNS2: IP addresses of DNS servers to be used.

2. Define new bridge connection.

sudo nmcli connection add type bridge autoconnect yes con-name ${BR_NAME} ifname ${BR_NAME}

Output:

Connection 'br0' (be6d4520-0257-49c6-97c2-f515d6554980) successfully added.

3. Modify bridge to add IP address, Gateway and DNS

sudo nmcli connection modify ${BR_NAME} ipv4.addresses ${SUBNET_IP} ipv4.method manual
sudo nmcli connection modify ${BR_NAME} ipv4.gateway ${GW}
sudo nmcli connection modify ${BR_NAME} ipv4.dns ${DNS1} +ipv4.dns ${DNS2}

4. Add the network device as bridge slave.

sudo nmcli connection delete ${BR_INT}
sudo nmcli connection add type bridge-slave autoconnect yes con-name ${BR_INT} ifname ${BR_INT} master ${BR_NAME}

Sample output.

Connection 'enp7s0' (f033dbc9-a90e-4d4c-83a9-63fd7ec1cdc1) successfully added.

Check connections.

$ sudo nmcli connection show 
NAME    UUID                                  TYPE      DEVICE 
br0     be6d4520-0257-49c6-97c2-f515d6554980  bridge    br0    
enp1s0  498869bb-0d88-4a4c-a83a-c491d1040b0b  ethernet  enp1s0 
enp7s0  f033dbc9-a90e-4d4c-83a9-63fd7ec1cdc1  ethernet  enp7s0 

Step 2: Bring up network bridge

Once the network bridge connection has been created, bring it up.

$ sudo nmcli connection up br10
Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)

View bridge details by running.

sudo nmcli connection show br10

The ip addr command should give output similar to below.

$ ip ad
3: enp7s0:  mtu 1500 qdisc fq_codel master br10 state UP group default qlen 1000
     link/ether 52:54:00:a2:f6:a8 brd ff:ff:ff:ff:ff:ff
 4: br10:  mtu 1500 qdisc noqueue state UP group default qlen 1000
     link/ether 52:54:00:a2:f6:a8 brd ff:ff:ff:ff:ff:ff
     inet 192.168.122.10/24 brd 192.168.122.255 scope global noprefixroute br10
        valid_lft forever preferred_lft forever
     inet6 fe80::4f2f:ce6d:dc6b:2101/64 scope link noprefixroute 
        valid_lft forever preferred_lft forever

Congratulations!!. You have successfully created and configured Bridge Networking for KVM on a Linux system.

Recommended Linux Books  to read;

• Best Linux Books for Beginners & Experts
• Best Linux Kernel Programming Books
• Best Linux Bash Scripting Books
• Top RHCSA / RHCE Certification Study Books

Check KVM related articles below.

• How to extend/increase KVM Virtual Machine (VM) disk size
• virsh commands cheatsheet to manage KVM guest virtual machines
• How to Provision VMs on KVM with Terraform
• How to Create CentOS / Fedora / RHEL VM Templates on KVM