There are many choices for network configurations in the KVM host. In this post, I’ll guide you through two main choices to configure KVM networking. We’ll consider internal networking and external networking for Guest operating systems running on KVM.
The two ways to configure KVM networking we’ll cover are:
- Using a Linux bridge with NAT for KVM guests
- Using a Linux bridge (without NAT) for KVM guests
The other available ways to configure KVM networking that we won’t cover on this post are:
- Using an Open vSwitch bridge with KVM guests
- Using the MacVTap driver with KVM guests
Creating KVM Linux NAT-based bridge network
This network configuration uses a Linux bridge in combination with Network Address Translation (NAT) to enable a guest OS to get outbound connectivity regardless of the type of networking (wired, wireless, dial-up, and so on) used in the KVM host without requiring any specific administrator configuration. Using this method to configure KVM networking is simple and straightforward.
The diagram below illustrate how NAT networking works under the hood in KVM.
The quickest way to get started is by utilizing existing
default network configuration. Dump default network xml configuration using below command.
# virsh net-dumpxml default > br.xml
You can edit this file accordingly and use it to define new network interface
Manually create xml file
Have a look at below file for general overview of how the file should look like:
Create a new file
# vim br1.xml
Add following content, edit to your liking, then save.
<network> <name>br1</name> <forward mode='nat'> <nat> <port start='1024' end='65535'/> </nat> </forward> <bridge name='br1' stp='on' delay='0'/> <ip address='192.168.10.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.10.10' end='192.168.10.100'/> </dhcp> </ip> </network>
To define a network from an XML file without starting it, use:
# virsh net-define br1.xml Network br1 defined from br1.xml
To start a (previously defined) inactive network, use:
# virsh net-start br1 Network br1 started
To create transient network that cannot be set to autostart use:
# virsh net-create br1.xml Network br1 created from br1.xml
To autostart a network, use:
# virsh net-autostart br1 Network br1 marked as autostarted
Check to Confirm if autostart flag is turned to
yes – Persistent should read yes as well.
# virsh net-list --all Name State Autostart Persistent ---------------------------------------------------------- br1 active yes yes default active yes yes
To convert a network name to network UUID – previously defined UUID, use:
# virsh net-uuid br1 ed90dfcf-c895-4d5c-9d34-bd307f8c3ec0
Confirm that the bridge was successfully created
You can use
brctlcommand provided by
bridge-utils package to check available bridges on your Linux system
# brctl show br1 bridge name bridge id STP enabled interfaces br1 8000.525400515825 yes br1-nic
Checking Ip address assigned to the interface
You can use
ip command for this:
# ip addr show dev br1 19: br1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:51:58:25 brd ff:ff:ff:ff:ff:ff inet 192.168.10.1/24 brd 192.168.10.255 scope global br1 valid_lft forever preferred_lft forever
Attaching an interface to a VM
In this example, I’ll attach
br1 interface to the vm
pxe that will be configured as Preboot eXecution Environment server.
- This takes effect immediately, and the NIC will be persistent on further reboots.
- Attach the interface as below:
# virsh attach-interface --domain pxe --type bridge --source br1 --model virtio --config --live # virsh domiflist pxe Interface Type Source Model MAC ------------------------------------------------------- vnet0 bridge virbr0 virtio 52:54:00:e9:ad:17 vnet1 bridge br1 virtio 52:54:00:47:2f:eb
Detaching an interface attached to a VM
# virsh detach-interface --domain pxe --type bridge --mac 52:54:00:47:2f:eb --config # virsh domiflist pxe Interface Type Source Model MAC ------------------------------------------------------- vnet0 bridge virbr0 virtio 52:54:00:e9:ad:17
Removing a network
To fully remove a network , follow steps below:
- First destroy the network to put it in inactive mode:
# virsh net-destroy br1 Network br1 destroyed
- Next, undefine the network.
# virsh net-undefine br1 Network br1 has been undefined
- Confirm that the network is not listed as inactive/active.
# virsh net-list --all Name State Autostart Persistent ---------------------------------------------------------- default active yes yes
- You can as well use
brctlcommand to check:
# brctl show br1 bridge br1 does not exist!
Creating KVM Linux bridge (without NAT) for KVM guests
An alternative to using a NAT-based network to configure KVM networking would be to use a standard Linux network bridge.
A network bridge is a Link Layer device which forwards traffic between networks based on MAC addresses and is therefore also referred to as a Layer 2 device. It makes forwarding decisions based on tables of MAC addresses which it builds by learning what hosts are connected to each network.
A software bridge can be used within a Linux host in order to emulate a hardware bridge, for example in virtualization applications for sharing a NIC with one or more virtual NICs.
Create Linux Bridge using nmcli
Nmcli is a command-line client for NetworkManager. It allows controlling NetworkManager and reporting its status.
To create a Linux bridge called
br0 using nmcli, run the following commands:
nmcli con add type bridge con-name br0 ifname br0 autoconnect yesnmcli con add type ethernet con-name br0-slave-1 ifname ens3 master br0 autoconnect yes nmcli con modify br0 bridge.stp no
This example demonstrates adding a bridge master connection and one slave.
- The first command adds a master bridge connection, naming the bridge interface and the profile as
- The second command add slaves profile enslaved to
br0. The slave will be tied to
- The last command will disable
802.1DSTP for the
Furthe modify the bridge to enable autoconnect, add ipv4 address and gateway:
nmcli connection modify br0 ipv4.addresses 192.168.10.5/24 \ ipv4.method manual ipv4.gateway 192.168.10.1 ipv4.dns 188.8.131.52
Bring up the interface:
# nmcli con up br0 Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/15) # brctl show br0 bridge namebridge idurlSTP enabledinterfaces br0-slave-18000.000000000000no
Create Linux Bridge using brctl
If you don’t have networkmanager installed, you can use
brctl command installed with installation of
bridge-utils to configure Linux bridge that we’ll use to configure KVM networking.
- Create a new bridge:
# brctl addbr br0
- Add a device to a bridge, for example eth0:
# brctl addif br0 eth0
- Assigning an IP address
# ip addr add dev br0 192.168.2.4/24 # ip route add default via 192.168.2.1 dev br0
- Show current bridges and what interfaces they are connected to:
# brctl show
- Set the bridge device up:
# ip link set up dev br0
- Delete a bridge, you need to first set it to down:
# ip link set dev br0 down # brctl delbr br0 # brctl delbr br0
Reference and Further reading