I wanted to set up some virtual servers using libvirt on Fedora 17 but was having trouble getting bridged networking to not trash my connectivity. The main problem was how long it took for me to find practical examples on the Internet.
The key to getting the way I needed was to give my bridge device a static IP address (there is a note in the above-cited Red Hat Enteprise documentation to this effect, but they don’t provide an example).
Along the way I found some particularly helpful articles like those on Graham Shaw’s microhowto, Nixcraft, serverfault, and Uwe Böhme’s Linux BRIDGE STP HOWTO (that’s STP as in “Spanning Tree Protocol“, something you’ll be thankful for once you realize what it does).
Needless to say NetworkManager needs to be put down and disabled.
[Note: Make sure to put the directive “NM_CONTROLLED=no” in all interface scripts, including ifcfg-lo, to avoid having NM come back to haunt the system.]
Next, I had to replace any existing ifcfg-em1/ifcfg-p5p1 scripts under /etc/sysconfig/network-scripts with what follows.
Physical device (for example, p5p1):
# ifcfg-p5p1 UUID="6723457b-45c7-32bc-bf84-cc14fcd831bf" DEVICE=p5p1 HWADDR=D5:4E:6C:11:1F:8B ONBOOT=yes TYPE=Ethernet DEFROUTE=yes IPV6INIT=no NM_CONTROLLED=no BRIDGE=br0
Note the UUID and HWADDR addresses are completely made up, you should use the real ones that NetworkManager first reported.
# ifcfg-br0 DEVICE=br0 TYPE=Bridge DELAY=0 STP=yes ONBOOT=yes BOOTPROTO=static IPADDR=10.1.0.22 NETMASK=255.255.255.0 NETWORK=10.1.0.0 GATEWAY=10.1.0.1 BROADCAST=10.1.0.255 PEERDNS=yes IPV6INIT=no NM_CONTROLLED=no
Once these are in you should able to just do a “service network restart”. In my case things had gotten so hosed up that a reboot was necessary.
Once that’s done the redefined interface and bridge should look something like this on an “ifconfig”:
[root@mine network-scripts]% ifconfig br0: flags=4163 mtu 1500 inet 10.1.0.22 netmask 255.255.255.0 broadcast 10.1.0.255 inet6 fe81::e62d:6efb:fe15:3e7b prefixlen 64 scopeid 0x20 ether d4:3e:5c:21:1e:8d txqueuelen 0 (Ethernet) RX packets 727 bytes 112695 (110.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 352 bytes 81792 (79.8 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73 mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10 loop txqueuelen 0 (Local Loopback) RX packets 8 bytes 400 (400.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8 bytes 400 (400.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 p5p1: flags=4163 mtu 1500 inet6 fe81::d53d:7eff:fb16:3b7a prefixlen 64 scopeid 0x20 ether d4:4e:6c:11:1f:8b txqueuelen 1000 (Ethernet) RX packets 9559 bytes 4091583 (3.9 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 8647 bytes 2004219 (1.9 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 virbr0: flags=4099 mtu 1500 inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.1202.255 ether 0e:b2:fe:cf:20:02 txqueuelen 0 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 (0.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
A “brctl show” should also validate that everything is correct:
[root@mine network-scripts]% brctl show bridge name bridge id STP enabled interfaces br0 8000.d44e6c111f8b yes p5p1 virbr0 8000.000000000000 yes
Check to make sure you can reach stuff on your network and the Internet, as well as be reached from a remote host (like a desktop computer with an ssh client).