KVM - The Linux Kernel-Based Virtual Machine
News, Blogs and Resources on the Linux (KVM) Kernel-Based Virtual Machine

Using bridged networking with Virt-manager

Friday, September 19, 2008 - 08:08 Haydn Solomon

In previous posts you can find instructions on how to configure bridged networking when managing your kvm guests by command line. However for many users experimenting with kvm, the virt-manager GUI tool is the preferred method of managing kvm guests in which case bridged networking configuration might pose a challenge. If you fall into the camp of users who prefer virt-manager and have ever wondered how to configure bridged networking , you’ll be able to use bridged networking with virt-manager after reading this post.

 

 

1. Configure your bridge

Your libvirt installation will provide default bridges for use with xen, qemu and other types of domains. For qemu/kvm, the default bridge should be called vnet0 and you can verify this by issuing the following command on your system.

# brctl show

bridge name     bridge id               STP enabled     interfaces
pan0            8000.000000000000       no
virbr0          8000.000000000000       yes
vnet0           8000.000000000000       yes

Th first thing you need to do is add a network script for your vnet0 bridge. On Fedora this script will be located under /etc/sysconfig/network-scripts/ but may differ for other linux distributions. So go ahead and create a new script at /etc/sysconfig/network-scripts/ifcfg-vnet0 as root user and edit the contents so that it looks like the following.

DEVICE=vnet0
TYPE=Bridge
BOOTPROTO=dhcp
ONBOOT=yes

This completes set up of your vnet0 bridge.

 

2. Add your physical interface to the bridge

The next step is to add the physical interface that your kvm guest will be sharing to the vnet0 bridge configured above. For this post, we’ll assume that you’ll be using eth0 so to add eth0 to vnet0 bridge, issue the following command.

# brctl addif vnet0 eth0

You can verify that your eth0 was added to the vnet0 bridge issuing the brctl show command. Your output should look similar to the following.

# brctl show

bridge name     bridge id               STP enabled     interfaces
pan0            8000.000000000000       no
virbr0          8000.000000000000       yes
vnet0           8000.0019b97ec863       yes             eth0

Now you need to configure your network script for eth0. You will already have a script for eth0, but you’ll need to modify it by adding one line as BRIDGE=vnet0 so that it looks similar to the following script.

# Broadcom Corporation BCM4401-B0 100Base-TX
DEVICE=eth0
BRIDGE=vnet0
BOOTPROTO=dhcp
HWADDR=00:19:b9:7e:c8:63
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
NM_CONTROLLED=no
…
…

 

3. Restart your network services

In order for all the network script modifications to take effect, you need to restart your network services. Your command may differ slightly but for most linux distributions the following command will restart your network services.

# /etc/rc.d/init.d/network restart

Shutting down interface vnet0:  [  OK  ]
Shutting down interface eth0:  [  OK  ]
Shutting down loopback interface:  [  OK  ]
Bringing up loopback interface:  [  OK  ]
Bringing up interface eth0:  [  OK  ]
Bringing up interface vnet0:  
Determining IP information for vnet0... done.
[  OK  ]

My experience is that the dhcp on the bridge device usually takes a little longer than the other scripts so don’t worry if the line that says “determining ip information for vnet0” sits there for a min or two. Once this script completes, you’re finished with your system network configurations. Now, onto actually using bridged networking with virt-manager.

 

4. Configure Bridged Networking in Virt-Manager

Now comes the easy part. Configure your kvm guest in virt-manager as you normally would. When you get to the part that asks about your network type, choose to share with a physical device and you will be able to select the eth0 on bridge vnet0. Below is a screenshot of what you should see. You don’t need to specify a specific mac address unless you need to for some kind of static mapping.

 

 

Boot up your kvm guest which will be now connected to your local network. Your brctl show command will now show your kvm guest network added to your vnet0 bridge. Below is a sample output.

# brctl show

bridge name     bridge id               STP enabled     interfaces
pan0            8000.000000000000       no
virbr0          8000.000000000000       yes
vnet0           8000.0019b97ec863       yes             eth0
                                                        vnet1

 

Summary

Bridged networking with virt-manager is simpler than configuring bridged networking when managing kvm guests with command line since you don’t have to worry about things like qemu network scripts and generating random mac addresses. Virt-manager takes care of these things behind the scenes. What will be nice to see someday would be GUI tools for managing the bridges which would make the procedure even simpler.
 

See Also

Comments

Just to understand things...

Monday, September 22, 2008 - 12:57 Rodd Ahrenstorff (not verified)

Is this available as of virt-manager 0.6.0-1 or earlier releases? How does this effect the Debain /etc/kvm/kvm-ifup script that is already in place in that distro?

Regards,

Rodd Ahrenstorff

Re: just to understand..

Monday, September 22, 2008 - 13:30 Haydn Solomon

This is available from the earlier virt-manager release (0.5.4) and the snapshots I did was actually from that version. I don't think it should affect your script but I'm not too familiar with debian.

Some issues

Wednesday, September 24, 2008 - 23:58 David Cartwright

Haydn, a couple of additional points that may help some users (albeit, I know this is not the only way of achieving the same result):

1. A default installation of Fedora 9 uses the NetworkManager daemon rather than the network daemon. Hence, the services would need to be set to have NetworkManager not start and network start, e.g. as root:

/sbin/chkconfig --level 345 NetworkManager off
/sbin/chkconfig --level 345 network on

2. If the Host is running iptables, some changes would need to be made for the VM to obtain a DHCP address, e.g. I have used:

/sbin/iptables -F FORWARD
/sbin/iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
/sbin/iptables-save > /etc/sysconfig/iptables

3. IP Forwarding to be set in /etc/sysctl.conf, e.g. set:

net.ipv4.ip_forward=1

4. Reboot system for all changes to become active.

### ### ###

I presume that there is a plan by the developers to support this type of bridging within NetworkManager. For example, I note that oVirt sets up some files in /etc/libvirt/qemu/networks that include an XML configuration file that is also replicated in /etc/libvirt/qemu/networks/autostart

Any feedback you come across about configuration of bridging for a system using NetworkManager would be of great interest.

Re: network manager

Thursday, September 25, 2008 - 08:18 Haydn Solomon

David,

I remember you did mention that fedora was planning to include some bridge control features in future release of network manager. I will keep an eye on it and post any developments.

Good tips on the iptables.

In previous posts...

Monday, October 20, 2008 - 06:34 Anonymous (not verified)

Could you put a link to the previous posts, I'm needing the bit on setting up a bridged network. Thanks.

Previous post on bridging

Monday, October 20, 2008 - 08:37 Haydn Solomon

Here is the link..

Configuring Bridged Networking

No vnet0

Saturday, November 29, 2008 - 19:18 alphadog (not verified)

According to your post, there should be, by default, pan0, virbr0 and vnet0 bridges. On my fresh F10 install, I only have virbr0. Was vnet0 setup by you? If so, how?

Re: vnet0

Monday, December 1, 2008 - 01:13 Haydn Solomon

Alphadog,

I didn't setup the vnet0, it was there by default and my tests were done on Fedora 9. Since you enquired, I decided to have a look and now there is no more vnet0, only pan0 and virbr0 on my F9 system. I believe these bridges were setup by libvirt and at the time of writing the post, I was running libvirt 0.4.4. Since then libvirt has gone through a release and could possibly be an explanation if libvirt made some changes in how the bridges are setup. I will have to investigate and post a comment since it would make the post irrelevant if this is the case.

same boat, no vnet0, no bridgee

Sunday, December 7, 2008 - 18:28 grempuppy (not verified)

I'm in the same boat as alphadog. I have a fresh Fedora10 install and don't have a vnet0. My new virtual machines don't have access to a network at all. None of the interfaces present are bridged and available in the virtual machine creation wizard.

@grempuppy: The vnet0

Sunday, December 14, 2008 - 22:10 alphadog (not verified)

@grempuppy: The vnet0 bridge(s) gets created by VMM. You shouldn't have one in a fresh install of F10.

corrections (on Fedora 10)

Friday, December 26, 2008 - 02:53 Allen (not verified)

I have been at this for an entire day.

Your point #1 is does not seem to be necessary. The line NM_CONTROLLED=no takes care of it... I think.

As for point #2 it can be taken care of quite simply by setting the bridge to be a trusted interface. I don't know if this is safe but it is simple. Also, my virtuals are controlled by me anyway. The application to do this with is system-config-firewall.

Re: same boat, no vnet0, no bridgee

Friday, December 26, 2008 - 02:55 Allen (not verified)

No problem!

Just make one up.

# brctl addbr foobar

And voila! The foobar bridge is born.

Then just continue as indicated.

NetworkManager

Tuesday, January 13, 2009 - 10:58 chronical (not verified)

Because all internet activity is processed through the bridge the ethernet card won't show an IP address so in this case, the NetworkManager daemon is useless

This is an ugly drawback when having several VPN connection configured through NetworkManager that are now unusable

bridged networking

Thursday, January 15, 2009 - 12:50 markmc (not verified)

This page:

http://wiki.libvirt.org/page/Networking

is the canonical resource for details on how to set up bridged networking

See also the feature request to add support to NetworkManager:

http://bugzilla.gnome.org/show_bug.cgi?id=543232

Fedora 11: vnet0 already an _interface_

Monday, April 27, 2009 - 17:53 Sean Darcy (not verified)

On F11, I've used virt-manager to create a Windows XP virtual machine. Now I'm trying to set up bridged networking (because it's better/faster and permits paravirtualization - right?).

But:

brctl show
bridge name bridge id STP enabled interfaces
pan0 8000.000000000000 no
virbr0 8000.b2074401a177 yes vnet0

so vnet0 is already configured ( by what?) to be an interface to bridge virbr0. So, of course:

brctl addif vnet0 eth0
can't add eth0 to bridge vnet0: Operation not supported

Is bridged networking already set up? Just out-of-the-box, or should I create a new bridge, and add eth0 to that new bridge?

sean

Okay, that was wrong. I had

Monday, April 27, 2009 - 21:22 Sean Darcy (not verified)

Okay, that was wrong. I had the virtual machine running. I assume that's why interface vnet0 was connected to bridge vibr0.

But if no vm is running:

brctl show
bridge name bridge id STP enabled interfaces
pan0 8000.000000000000 no
virbr0 8000.000000000000 yes

so there's still no vnet0 bridge.

Am I supposed to add vnet0 as a bridge ( brctl addbr vnet0)? It seems you assumed fedora would do that.

sean

I really still am not sure

Tuesday, April 28, 2009 - 11:43 Haydn Solomon

I really still am not sure why it was showing by default on my fedora 9 but I believe that you should have to create your vnet 0 with the brctl command you specified. Currently on my fedora 10 it does not show up by default.

Not working in F11

Friday, June 12, 2009 - 12:20 bodhi.zazen (not verified)

First , thank you for the information.

Unfortunately it does not work in Fedora 11.

As indicated:

brctl show

Does not list vnet0

So I added vnet0 , and users your scripts, as is, to bring up vnet0 bridged to eth0.

Host networking is fine (it the bridge works and is assigned an IP address and eth0 is indeed bridged)

But guest networking is not working. Once can select bridged networking in virt-manager (eth0 bridge vnet0 )

but when starting a guest, no external networking (the bridge does not work).

Furthermore, when restarting virt-manager now creates yet another device , vnet1 :(

I did not have time last night to revert and try a more "standard" approach with a tap, but will research this issue and *try* to post back.

Re: F11 Networking with Virt-manager

Friday, June 12, 2009 - 12:56 Haydn Solomon

bodhi,

I too noticed that the new Virt-manager works a little differently and I will be doing some updated posts about this. Will also appreciate any findings from your research. Thanks.

got it :)

Saturday, June 13, 2009 - 00:10 bodhi.zazen (not verified)

See this link :

http://wiki.libvirt.org/page/Networking#Bridged_networking_.28aka_.22sha...

got it :)

Saturday, June 13, 2009 - 00:11 bodhi.zazen (not verified)

See this link :

http://wiki.libvirt.org/page/Networking#Bridged_networking_.28aka_.22sha...

Failed to add tap...

Wednesday, June 17, 2009 - 10:06 Christian (not verified)

Hello guys, I followed the setup here and on the previous link. But I have the error when launching a second VM:
Error: Failed to add tap device vnet%d to br0: device or ressource is busy.

Anybody with a hint? Tkx.

FEDORA 9
KVM
First VM successfully loaded

[root@virtualserver ~]# service NetworkManager status
NetworkManager is stopped

[root@virtualserver ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.002354c28130 no eth0
vnet0

DEVICE=br0
TYPE=Bridge
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.0.253
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
STP=off
DELAY=0

#eth0
DEVICE=eth0
BRIDGE=br0
HWADDR=00:23:54:C2:81:30
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
NM_CONTROLLED=no
BOOTPROTO=none
PEERDNS=yes

Loading a new VM with virt-manager and network option "eth0 (bridge br0)"

Error: Failed to add tap device vnet%d to br0: device or ressource is busy.

BTW, later I deleted all vnetx and launched a new VM from DVD, and it created vnet0 and added it auto.

After creating a new VM, I

Wednesday, June 17, 2009 - 10:32 Christian (not verified)

After creating a new VM, I launched the first one and It fails to start Internal error. It seems that the qemu does not increment the vnetx, like vnet0, then vnet1, etc. Is there a file where I can check this out?

Bridge to Virtual Network?

Monday, September 7, 2009 - 18:30 Magnus (not verified)

Hi,

Do you know if it's possible to create a network bridge to a virtual interface (eg. eth0:1) and get that to work in virt-manager?

I have a laptop setup where I cannot use eth0 (it needs to be controlled by NetworkManager due to practical reasons), and no other physical interfaces are available.

Works from inside, but not outside

Friday, October 16, 2009 - 13:37 Fidoo (not verified)

Thank you for your instructions. I'm having trouble pinging my guest from other physical machines. Can anyone help?

I set up a bridge and I can ping and ssh into the hypervisor from my laptop. From the hypervisor, I can also ping the hosted virtual guest using its public static IP address. And, the guest can ping the hypervisor using its static IP. The counters on ifconfig show that packets are flowing through the bridge and vnet0.

However, if I go onto another machine (e.g. a 2nd laptop), I cannot ping the guest.

The MAC inside the guest is listed in /sbin/arp. And "/usr/sbin/brctl showmacs" shows that MAC with a "no" in the isLocal column.

How do things work when the vnetX interface has a different MAC than its paired ethY. And, doesn't the bridge need to think that the inside-guest MAC is local so that packets can be directed to it. How would the bridge know to hand off packets destined to ethY to vnetX?

Post new comment

The content of this field is kept private and will not be shown publicly.