10.2. Bridged networking with libvirt

Bridged networking (also known as physical device sharing) is used for dedicating a physical device to a virtual machine. Bridging is often used for more advanced setups and on servers with multiple network interfaces.
Disable Xen network scripts

If your system was using a Xen bridge, it is recommended to disable the default Xen network bridge by editing /etc/xen/xend-config.sxp and changing the line: 

 (network-script network-bridge)
To: 
 (network-script /bin/true)
Disable NetworkManager

NetworkManager does not support bridging. Running NetworkManager will overwrite any manual bridge configuration. Because of this, NetworkManager should be disabled in order to use networking via the network scripts (located in the /etc/sysconfig/network-scripts/ directory): 

# chkconfig NetworkManager off
# chkconfig network on
# service NetworkManager stop
# service network start

Note

As an alternative to turning off NetworkManager, add "NM_CONTROLLED=no" to the ifcfg-* scripts used in the examples. If you do not either set this parameter or disable NetworkManager entirely, any bridge configuration will be overwritten and lost when NetworkManager next starts.
Creating network initscripts

Create or edit the following two network configuration files. This step can be repeated (with different names) for additional network bridges.

Change to the /etc/sysconfig/network-scripts directory: 
# cd /etc/sysconfig/network-scripts
Open the network script for the device you are adding to the bridge. In this example, ifcfg-eth0 defines the physical network interface which is set as part of a bridge: 
DEVICE=eth0
# change the hardware address to match the hardware address your NIC uses
HWADDR=00:16:76:D6:C9:45
ONBOOT=yes
BRIDGE=br0

Note

You can configure the device's Maximum Transfer Unit (MTU) by appending an MTU variable to the end of the configuration file. 
MTU=9000
Create a new network script in the /etc/sysconfig/network-scripts directory called ifcfg-br0 or similar. The br0 is the name of the bridge; this name can be anything as long as the name of the file is the same as the DEVICE parameter. 
DEVICE=br0
TYPE=Bridge
BOOTPROTO=dhcp
ONBOOT=yes
DELAY=0

Note

IP address configuration, be it dynamic or static, should be configured on the bridge itself (for example, in the ifcfg-br0 file). Network access will not function as expected if IP address details are configured on the physical interface that twehe bridge is connected to.

Warning

The line, TYPE=Bridge, is case-sensitive. It must have uppercase 'B' and lower case 'ridge'.
After configuring, restart networking or reboot. 
# service network restart
Configure iptables to allow all traffic to be forwarded across the bridge. 
# iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
# service iptables save
# service iptables restart

Note

Alternatively, prevent bridged traffic from being processed by iptables rules. In /etc/sysctl.conf append the following lines: 
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
Reload the kernel parameters configured with sysctl. 
# sysctl -p /etc/sysctl.conf
Restart the libvirt daemon. 
# service libvirtd reload
You should now have a "shared physical device", which guests can be attached and have full LAN access. Verify your new bridge: 
# brctl show
bridge name     bridge id               STP enabled     interfaces
virbr0          8000.000000000000       yes
br0             8000.000e0cb30550       no              eth0
Note, the bridge is completely independent of the virbr0 bridge. Do not attempt to attach a physical device to virbr0. The virbr0 bridge is only for Network Address Translation (NAT) connectivity.