In this article I will outline how to configure bridged networking to a tap interface on a Fedora KVM host as there seems to be a lack of good documentation on how to do this. It also turns out that bridged networking using a tap interface provides much better network performance compared to userspace networking. Combine paravirtual drivers with bridging to a tap interface and you should expect near native network performance. So let's begin.

Install Fedora Packages

There are two packages that you will need to install on your Fedora host; bridge-utils and openvpn. You can install these using the following commands.

# yum -y install bridge-utils
# yum -y install openvpn

The openvpn package actually provides the tap interface which will be added to the bridge. After installing openvpn package, verify the tun device exists with the following command.

[root@localhost network-scripts]# ls -la /dev/net/tun
crw------- 1 root root 10, 200 2008-04-09 11:53 /dev/net/tun

Create Virtual Bridge

Next you need to create the virtual bridge to which the physical and the tap interface will be added. We create the virtual bridge with the following command

# /usr/sbin/brctl addbr br0

At this point we can verify that the bridge has no interfaces attached to it using the brctl command:

[root@localhost network-scripts]# brctl show 
bridge name     bridge id               STP enabled     interfaces 
                   br0             8000.000000000000       no 

The output shows the bridge called br0 now exists and a randomly generated bridge-id. Also note that there are no interfaces attached to the bridge. STP is not important and should not be enabled. STP refers to spanning tree protocol and is a protocol used for loop prevention in a switched network when there are redundant links between switches. Since you have only one bridge here it doesn't apply. At this point the bridge device will show up in the Network management GUI tool. To view the device in the GUI, type the command system-config-network.

[root@localhost network-scripts]# system-config-network

When you type this you should see the bridge device br0 as shown below.

Add the Physical and tap interfaces to the bridge

Next you need to add the tap and physical interface to the bridge. There are two interfaces that you typically want to add to the bridge. These are

• eth0 ( or whatever physical interface your VM will be bridging through ) and
• tap0

Before we can add the tap interface, you first need to create it. Create it using the following command.

[root@localhost network-scripts]# openvpn --mktun --dev tap0 
Wed Apr  9 20:22:49 2008 TUN/TAP device tap0 opened 
Wed Apr  9 20:22:49 2008 Persist state set to: ON 

Now set the tap interface to an up state using the following command.

[root@localhost network-scripts]# ifconfig tap0 up 

Verify that it is up with the following command

[root@localhost network-scripts]# ifconfig tap0 

tap0      Link encap:Ethernet  HWaddr 00:FF:B2:54:F1:31   
          inet6 addr: fe80::2ff:b2ff:fe54:f131/64 Scope:Link 
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1 
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0 
          TX packets:0 errors:0 dropped:6 overruns:0 carrier:0 
          collisions:0 txqueuelen:100  
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b) 

Now add both the interfaces to the bridge as follows

[root@localhost network-scripts]# brctl addif br0 eth0 
[root@localhost network-scripts]# brctl addif br0 tap0 

Now when you issue the brctl show command, you will see the two interfaces added to the bridge

[root@localhost network-scripts]# brctl show

bridge name     bridge id               STP enabled     interfaces 
br0             8000.0019b97ec863       no              eth0 
                                                        tap0 

Configure Startup scripts

There are three scripts that need to be modified . These are

• /etc/sysconfig/network-scripts/ifcfg-br0
• /etc/sysconfig/network-scripts/ifcfg-eth0
• /somelocation/qemu-ifup 

The last script, qemu-ifup can be placed anywhere you like on the filesystem. I placed this script in my home directory. Lets configure the br0 script first. Create the file /etc/sysconfig/network-scripts/ifcfg-br0 with the following contents:

DEVICE=br0
TYPE=Bridge
BOOTPROTO=dhcp
ONBOOT=yes

The eth0 script should be automatically configured and yours should look like the following. The important line to note is the line with BRIDGE=br0.

# Broadcom Corporation BCM4401-B0 100Base-TX 
DEVICE=eth0 
BRIDGE=br0 
BOOTPROTO=dhcp 
HWADDR=00:19:b9:7e:c8:63 
ONBOOT=yes 
TYPE=Ethernet 
USERCTL=no 
IPV6INIT=no 
PEERDNS=yes 
NM_CONTROLLED=no 

Next create a script called qemu-ifup with the following contents. Make a note of where you store this file as it will be used as an option during qemu/kvm startup.

#!/bin/sh 
 switch=$(/sbin/ip route list | awk '/^default / { print $NF }') 
/sbin/ifconfig $1 0.0.0.0 up 
/usr/sbin/brctl addif ${switch} $1 

Now activate your br0 using the GUI, activate and save your configuration. It will prompt you to restart your computer or network configuration. Restart your network configuration.

[root@localhost scripts]# /etc/rc.d/init.d/network restart 
Shutting down interface br0:                               [  OK  ] 
Shutting down interface eth0:                              [  OK  ] 
Shutting down loopback interface:                          [  OK  ] 
Bringing up loopback interface:                            [  OK  ] 
Bringing up interface eth0:                                [  OK  ] 
Bringing up interface br0:   
Determining IP information for br0... done. 
                                                           [  OK  ] 

Your br0 interface should show an up state when network script is restarted as shown above. Now if you type an ip route list command, you should see output similar to below.

[root@localhost scripts]# ip route list 
172.16.26.0/24 dev br0  proto kernel  scope link  src 172.16.26.110  
169.254.0.0/16 dev br0  scope link  
default via 172.16.26.1 dev br0  

Note the default route via br0.

Generate MAC address and startup KVM Virtual Machine

Now before you can start kvm to use bridge networking, you need to generate a random mac address to bind to your virtual machine's nic. I use the following script to generate a random mac-address.

#!/usr/bin/python
# macgen.py script to generate a MAC address for Red Hat Virtualization guests
#
import random
#
def randomMAC():
	mac = [ 0x00, 0x16, 0x3e,
		random.randint(0x00, 0x7f),
		random.randint(0x00, 0xff),
		random.randint(0x00, 0xff) ]
	return ':'.join(map(lambda x: "%02x" % x, mac))
#
print randomMAC()

The script called macgen.py is borrwoed from Red Hat in generating random mac addresses and you can execute it as follows:

[root@localhost scripts]# ./macgen.py
00:16:3e:75:09:aa

As you can see the script generated the random mac address 00:16:3e:75:09:aa. You will use this mac-address in your qemu start script for bridged networking. Below is an example of my startup script.

/usr/local/kvm/bin/qemu-system-x86_64 \
-hda windowsxp.img \
-m 512 \
-net nic,macaddr=00:16:3e:75:09:aa \
-net tap,script=/home/user/software/scripts/qemu-ifup &

Two things to note in this start script are the mac-address and the reference to the qemu-ifup script that you configured earlier. The above script still uses an emulated nic. In order for maximum performance, configure your kvm startup script to use paravirtual drivers with bridged networking as follows:

/usr/local/kvm/bin/qemu-system-x86_64 \ 
-hda windowsxp.img \ 
-m 512 \ 
-net nic,model=virtio,macaddr=00:16:3e:75:09:aa \ 
-net tap,script=/home/hsolomon/software/scripts/qemu-ifup & 

Your virtual machine will now start in bridged mode using paravirtual device drivers if you already have them installed in your virtual machine. To see how to install paravirtual drivers see related posts here. Now you can enjoy near native virtual machine networking performance. macgen.py qemu-ifup ifcfg-br0