Using a Linux Bridge

Edit online

An alternative to using a NAT-based network would be to use a standard Linux® network bridge.

A network bridge is a Link Layer device which forwards traffic between networks based on MAC addresses and is therefore also referred to as a Layer 2 device. It makes forwarding decisions based on tables of MAC addresses which it builds by learning what hosts are connected to each network. A software bridge can be used within a Linux host in order to emulate a hardware bridge, for example in virtualization applications for sharing a NIC with one or more virtual NICs.1

In the context of KVM, a Linux bridge is used to connect the KVM guest interface to a KVM host network interface.

To create a Linux Bridge on a KVM host, use the following command:
[root@kvmhost ~] # brctl addbr <bridge-name>
Next, if KVM guest interfaces that will be connecting to the bridge need to communicate with other systems external to the KVM host, the Linux bridge must be instructed which KVM host interface to use. To attach a Linux bridge to an OSA interface in the KVM host, use the following command:
[root@kvmhost ~] # brctl addif <bridge-name> <host-interface-name>
If the bridge needs to send or receive network traffic from external systems, changes in the KVM host will need to be configured to enable this. As discussed in OSA interface traffic forwarding, there are two ways to do this:
  • By registering the bridge device with the OSA card.
  • By configuring the OSA card for Bridgeport mode and enabling promiscuous mode in the KVM host kernel.
To configure a KVM guest interface to use a Linux bridge, the XML stanza to define the interface for the KVM guest in the libvirt XML configuration file should include the following:

<interface type=bridge>
    <mac address=11:22:33:44:55:66/>
    <source bridge=bridge-name/>  
    <model type=virtio/>
    <driver name=vhost/>
</interface>

For a KVM guest interface to connect to a bridge, use <interface type=”bridge”> and specify the name of the bridge using the <source bridge= keyword.

For better performance throughput and latency, it is recommended that KVM guests use the newer vhost-net driver, rather than the older para-virtualized virtio-net driver, by specifying the keyword <driver name="vhost"/> in the guest's libvirt configuration file. vhost-net uses an in-kernel guest networking performance enhancement which moves network packets between the guest and the host system using the Linux kernel rather than QEMU. This avoids context switches from the kernel to user space to improve overall performance.

The MAC address field is optional and if omitted, the libvirt daemon will generate a unique value.

After the changes have been saved in the libvirt XML configuration file for the KVM guest, the libvirt daemon needs to be informed by using the following commands:
[root@kvmhost ~] # virsh undefine <kvm-guest-name>
[root@kvmhost ~] # virsh define <kvm-guest-libvirt-xml-file>

And finally, remember to restart the KVM guest for the changes to take affect.

1 https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-networkscripts-interfaces_network-bridge.html