Bridged networking for libvirt

Figuring out how to set up bridged networking for libvirt (KVM) took awhile, mostly because of my poor Googling skills.

I wanted to set up some virtual servers using libvirt on Fedora 17 but was having trouble getting bridged networking to not trash my connectivity. The main problem was how long it took for me to find practical examples on the Internet.

The key to getting the way I needed was to give my bridge device a static IP address (there is a note in the above-cited Red Hat Enteprise documentation to this effect, but they don’t provide an example).

Along the way I found some particularly helpful articles like those on Graham Shaw’s microhowto, Nixcraft, serverfault, and Uwe B√∂hme’s Linux BRIDGE STP HOWTO (that’s STP as in “Spanning Tree Protocol“, something you’ll be thankful for once you realize what it does).

Needless to say NetworkManager needs to be put down and disabled.

[Note: Make sure to put the directive “NM_CONTROLLED=no” in all interface scripts, including ifcfg-lo, to avoid having NM come back to haunt the system.]

Next, I had to replace any existing ifcfg-em1/ifcfg-p5p1 scripts under /etc/sysconfig/network-scripts with what follows.

Physical device (for example, p5p1):

# ifcfg-p5p1
UUID="6723457b-45c7-32bc-bf84-cc14fcd831bf"
DEVICE=p5p1
HWADDR=D5:4E:6C:11:1F:8B
ONBOOT=yes
TYPE=Ethernet
DEFROUTE=yes
IPV6INIT=no
NM_CONTROLLED=no
BRIDGE=br0

Note the UUID and HWADDR addresses are completely made up, you should use the real ones that NetworkManager first reported.

Bridge device:

# ifcfg-br0
DEVICE=br0
TYPE=Bridge
DELAY=0
STP=yes
ONBOOT=yes
BOOTPROTO=static
IPADDR=10.1.0.22
NETMASK=255.255.255.0
NETWORK=10.1.0.0
GATEWAY=10.1.0.1
BROADCAST=10.1.0.255
PEERDNS=yes
IPV6INIT=no
NM_CONTROLLED=no

Once these are in you should able to just do a “service network restart”. In my case things had gotten so hosed up that a reboot was necessary.

Once that’s done the redefined interface and bridge should look something like this on an “ifconfig”:

[root@mine network-scripts]% ifconfig
br0: flags=4163  mtu 1500
        inet 10.1.0.22  netmask 255.255.255.0  broadcast 10.1.0.255
        inet6 fe81::e62d:6efb:fe15:3e7b  prefixlen 64  scopeid 0x20
        ether d4:3e:5c:21:1e:8d  txqueuelen 0  (Ethernet)
        RX packets 727  bytes 112695 (110.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 352  bytes 81792 (79.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10
        loop  txqueuelen 0  (Local Loopback)
        RX packets 8  bytes 400 (400.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8  bytes 400 (400.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

p5p1: flags=4163  mtu 1500
        inet6 fe81::d53d:7eff:fb16:3b7a  prefixlen 64  scopeid 0x20
        ether d4:4e:6c:11:1f:8b  txqueuelen 1000  (Ethernet)
        RX packets 9559  bytes 4091583 (3.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8647  bytes 2004219 (1.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.1202.255
        ether 0e:b2:fe:cf:20:02  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

A “brctl show” should also validate that everything is correct:

[root@mine network-scripts]% brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.d44e6c111f8b	yes		p5p1
virbr0		8000.000000000000	yes		

Check to make sure you can reach stuff on your network and the Internet, as well as be reached from a remote host (like a desktop computer with an ssh client).