olly - Fotolia

Tip

Adding an additional virtual bridge to a KVM environment

Virtualization expert Sander Van Vugt offers tips to simplify the process of adding a second software bridge to your KVM environment to run VMs in an isolated SDN.

A software bridge is an essential element of any kernel-based virtual machine environment. This software bridge works like an Ethernet switch, connecting virtual machines to external network interfaces. In this article, we'll take an in-depth look at more of its options. 

After installing a Kernel-based Virtual Machine and some VMs, you'll work with a configuration in which the virtual bridge connects to the physical network card, and all VMs connect to the virtual bridge. The IP addresses in the virtual network will be used internally -- meaning they aren't visible to any computer outside of the KVM host -- and the VMs will use Network Address Translation (NAT) as a default to connect to the Internet. While this works well in a simple setup, some configurations require a more advanced setup. To help get you started, I'll show you how to add a second virtual bridge to the same physical network interface, allowing you to run VMs in isolated software-defined networks. Refer to Figure 1 for an overview of this setup.

Virtualized network setup
Figure 1: Virtualized network setup

Defining the virtual bridge

To create a setup with different virtual bridges, you'll first need to define the second virtual bridge. These bridges are defined through XML files that are processed by the libvirtd daemon. The default virtual bridge is in "/etc/libvirt/qemu/networks/default.xml." The easiest way to add a second virtual bridge is to copy this file to a new XML file. Listed below are the contents of the virtual bridge definition file. After copying the file, you should edit it with the command virsh net-edit, followed by the name of the new file.

<network>

  <name>vmnet4</name>

  <uuid>f4f6fde8-03f6-4303-ae41-b4e03bd804d9</uuid>

  <forward mode='nat' dev="eno1"/>

  <bridge name='virbr1' stp='on' delay='5'/>

  <mac address='52:54:00:c4:44:c2'/>

  <ip address='192.168.4.2' netmask='255.255.255.0'>

    <dhcp>

      <range start='192.168.4.2' end='192.168.4.254'/>

    </dhcp>

  </ip>

</network>

You can find different elements when defining the virtual bridge, from the name -- which, obviously, has to be unique -- to a Universal Unique Identifier. If you've created the virtual bridge by copying an old file, don't forget to change the UUID, as well.

In the next line, you'll define the forwarding mode. While NAT is the default and most common mode, you can also use routing as the forwarding mode. In this article, I'll focus on NAT setup only. An important option in this line is dev="eno1", which identifies the network interface card eno1 as the network interface to which this virtual bridge should be attached. The remainder of the configuration is self-explanatory and indicates which IP address configuration to use.

After creating the virtual bridge, make sure you restart the libvirtd process, using systemctl restart libvirtd.

Connecting VMs to a bridge

To connect a VM to a newly defined virtual bridge, you'll need to edit its XML configuration file. The preferred way to do this is by using the virsh edit vmname command, in which vmname is the name of your VM, as shown with the virsh list command. In the VM configuration, look for the "<interface>" section, which is similar to what you see below.

    <interface type='network'>

      <mac address='52:54:00:46:eb:6f'/>

      <source network='vmnet4'/>

      <model type='virtio'/>

      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>

    </interface>

The important section in the configuration file is the "<source network>" definition, in which you'll specify the name of the virtual bridge to which you want to connect. This name must correspond to the name that has been used in the virtual bridge definition. You can use the virsh net list command to verify the names of the virtual bridges currently available.

Verifying operations

After booting the VM with the new virtual bridge configuration, it will automatically connect to the new virtual bridge. You can verify this with the brctl show command, which will show output similar to the one shown below.

 [root@lab networks]# brctl show

bridge name bridge id      STP enabled interfaces

virbr0     8000.525400c56bc2  yes    virbr0-nic

                                     vnet0

                                     vnet10

                                     vnet11

                                     vnet12

                                     vnet13

                                     vnet14

                                     vnet4

                                     vnet5

                                     vnet6

                                     vnet7

                                     vnet8

                                     vnet9

virbr1     8000.525400c444c2  yes    virbr1-nic

                                     vnet1

                                     vnet2

                                      vnet3

The most essential part of the brctl show output is the interfaces column. In this column, you'll see a VNET interface that has been added as a bridge port for every VM connected to the virtual bridge. As such, there is a network card like eth0 within the VM, which uses the vnet0 port to connect to the virbr0 bridge.

Next Steps

How to create additional Xen virtual network bridges

Integrating physical and virtual networks

Build network redundancy into your infrastructure

Dig Deeper on IT systems management and monitoring

Software Quality
App Architecture
Cloud Computing
SearchAWS
TheServerSide.com
Data Center
Close