KVM Bridge Network

Bridge Network KB ID 0001891

Problem

Not sure why KVM does not come preconfigured for this out of the box, and it took me a very long time to work out how to do this. But if you want your KVM VMs to behave as if they are on your production LAN (rather than the default of setting up DHCP and NAT). The default is fine but if you want to access your VMs from outside the host you need to setup bridged networking.

In my example I want my VMs to get an IP address from my DHCP server.

Solution : Bridge Network

Currently you probably have an IP address on the host itself (192.168.100.20) the process is to create a network bridge, Move the IP address from your network interface so that it is now ON THE BRIDGE, add the network interface to the bridge, then finally move the VMs onto the bridge.

The following commands with display your current virtual networks, and current bridges, then we will create a new bridge (br0), and finally make sure that new switch is listed.

[box]

virsh net-list --all
brctl show
sudo brctl addbr br0
brctl show

[/box]

We need to change the IP address location so edit your current netplan.

[box]

ls /etc/netplan
TAKE NOTE OF THE NAME
sudoedit /etc/netplan/{name-of-netplan-file}.yaml

[/box]

Edit Netplan

Example (Note: you will need to enter YOUR details and your interface mat have a different name e.g. eth0)

[box]

network:
  version: 2
  renderer: networkd

  ethernets:
    ens33:
      dhcp4: false 
      dhcp6: false 

  bridges:
    br0:
      interfaces: [ens33]
      addresses: [192.168.100.20/24]
      routes:
      - to: default
        via: 192.168.100.1
        metric: 100
        on-link: true
      mtu: 1500
      nameservers:
        addresses: [192.168.100.10,192.168.100.3]
      parameters:
        stp: true
        forward-delay: 4
      dhcp4: no
      dhcp6: no

[/box]

Save and exit the file.

Now we need to exempt traffic going through the bridge from being sent though the netfilter (i.e. for iptables inspection).

[box]

sudoedit /etc/sysctl.d/bridge.conf

[/box]

Paste in the following text, then save and exit.

[box]

net.bridge.bridge-nf-call-ip6tables=0
net.bridge.bridge-nf-call-iptables=0
net.bridge.bridge-nf-call-arptables=0

[/box]

Those settings would be lost in a reboot, to make them permanent.

[box]

sudoedit /etc/udev/rules.d/99-bridge.rules

[/box]

Paste in the following, then save and exit.

[box]

ACTION=="add", SUBSYSTEM=="module", KERNEL=="br_netfilter", \ 
RUN+="/sbin/sysctl -p /etc/sysctl.d/bridge.conf"

[/box]

Now we will delete and undefine the built in default network.

[box]

virsh net-list --all
virsh net-destroy default
virsh net-undefine default
virsh net-list --all

[/box]

Now before we apply the netplan we created earlier take a look, our IP address is currently on interface ens33 when we have finished it will move to the br0 network.

[box]

ip addr
sudo netplan apply

[/box]

Now check again, and ensure the bridge now has the IP address.

[box]

ip addr

[/box]

We are now going to define the bridge, sudoedit won’t work in the home directory so I’m using vi instead.

[box]

vi host-bridge.xml

[/box]

Text

Paste in the following, then save and exit (Esc > wq!)

[box]

<network>
  <name>host-bridge</name>
  <forward mode="bridge"/>
  <bridge name="br0"/>
</network>

[/box]

From the file we just created, we will define the new bridge network, start the network, then set it to autostart with the host, then finally we make sure its defined and listed.

[box]

virsh net-define host-bridge.xml
virsh net-start host-bridge
virsh net-autostart host-bridge
virsh net-list --all

[/box]

Connecting VMs to the Bridge Network

List the registered VMs, then edit the VM you want to change.

[box]

virsh list all
virsh edit {VM-Machine-Name}

[/box]

Locate the source network= section and change it from default .

To host-bridge then save and exit the file.

I manage my VMs with Cockpit, and they were working fine, but they were asking to be restarted. I did that with mixed results. (some worked others didn’t).

I had 100% success by removing the old network connections, and adding a new one like so, this was for an Ubuntu guest VM (Note: if it’s a Windows VM, use a e1000e model card instead).

Related Articles, References, Credits, or External Links

Install Ubuntu KVM

Leave a Reply

Your email address will not be published. Required fields are marked *