Product SiteDocumentation Site

10.2. Bridged networking with libvirt

Bridged networking (also known as physical device sharing) is used for dedicating a physical device to a virtual machine. Bridging is often used for more advanced setups and on servers with multiple network interfaces.
Disable NetworkManager
NetworkManager does not support bridging. NetworkManager must be disabled to use networking with the network scripts (located in the /etc/sysconfig/network-scripts/ directory). 
# chkconfig NetworkManager off
# chkconfig network on
# service NetworkManager stop
# service network start

Note

Instead of turning off NetworkManager, add "NM_CONTROLLED=no" to the ifcfg-* scripts used in the examples.
Creating the bridge
Create or edit the following two network configuration files. These steps can be repeated (with different names) for additional network bridges.

  1. Change to the network scripts directory

    Change to the /etc/sysconfig/network-scripts directory: 
    # cd /etc/sysconfig/network-scripts

  2. Modify a network interface to make a bridge

    Edit the network script for the network device you are adding to the bridge. In this example, /etc/sysconfig/network-scripts/ifcfg-eth0 is used. This file defines eth0, the physical network interface which is set as part of a bridge: 
    DEVICE=eth0
# change the hardware address to match the hardware address your NIC uses
HWADDR=00:16:76:D6:C9:45
ONBOOT=yes
BRIDGE=br0

    Tip

    You can configure the device's Maximum Transfer Unit (MTU) by appending an MTU variable to the end of the configuration file. 
    MTU=9000

  3. Create the bridge script

    Create a new network script in the /etc/sysconfig/network-scripts directory called ifcfg-br0 or similar. The br0 is the name of the bridge, this can be anything as long as the name of the file is the same as the DEVICE parameter, and that it matches the bridge name used in step 2. 
    DEVICE=br0
TYPE=Bridge
BOOTPROTO=dhcp
ONBOOT=yes
DELAY=0

    Warning

    The line, TYPE=Bridge, is case-sensitive. It must have uppercase 'B' and lower case 'ridge'.

  4. Restart the network

    After configuring, restart networking or reboot. 
    # service network restart

  5. Configure iptables

    Configure iptables to allow all traffic to be forwarded across the bridge. 
    # iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
# service iptables save
# service iptables restart

    Disable iptables on bridges

    Alternatively, prevent bridged traffic from being processed by iptables rules. In /etc/sysctl.conf append the following lines: 
    net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
    Reload the kernel parameters configured with sysctl. 
    # sysctl -p /etc/sysctl.conf

  6. Restart the libvirt service

    Restart the libvirt service with the service command. 
    # service libvirtd reload

  7. Verify the bridge

    Verify the new bridge is available with the bridge control command (brctl). 
    # brctl show
bridge name     bridge id               STP enabled     interfaces
virbr0          8000.000000000000       yes
br0             8000.000e0cb30550       no              eth0
A "Shared physical device" is now available through virt-manager and libvirt, which guests can be attached and have full network access.
Note, the bridge is completely independent of the virbr0 bridge. Do not attempt to attach a physical device to virbr0. The virbr0 bridge is only for Network Address Translation (NAT) connectivity.