Creating a CentOS KVM Networked Bridge Interface

PreviousTable of ContentsNext
Installing KVM Virtualization on CentOSCreating a CentOS KVM Virtual Machine


You are reading a sample chapter from the CentOS 5 Essentials Essentials book.

Purchase a copy of the fully updated CentOS 8 edition in eBook ($24.99) or Print ($36.99) format

CentOS 8 Essentials Print and eBook (ePub/PDF/Kindle) editions contain 31 chapters and over 260 pages. Learn more...

Buy Print Preview Book


By default, the KVM virtualization environment on CentOS 5 only creates a virtual network to which virtual machines may connect. The goal of this chapter, therefore, is to cover the steps involved in creating a network bridge on CentOS enabling guest systems to share one or more of the host system’s physical network connections.

CentOS Virtual Networks and Network Bridges

A KVM virtual machine running on CentOS has two options in terms of networking connectivity.

One option is for it to be connected to a virtual network running within the operating system of the host computer. In this configuration any virtual machines on the virtual network can see each other but access to the external network is provided by Network Address Translation (NAT). When using the virtual network and NAT, each virtual machine is represented on the external network (the network to which the host is connected) using the IP address of the host system. This is the default behavior for KVM virtualization and requires no additional configuration, other than selecting the Virtual network option on the Network screen of the virt-manager new virtual machine wizard. Typically, a single virtual network is created by default, represented by the name default and the device virbr0.

In order for guests to appear as individual and independent systems on the external network (i.e. with their own IP addresses), they must be configured to share a physical network interface on the host. This is achieved by configuring a network bridge interface on the host system to which the guests can connect. In the remainder of this chapter we will cover the steps necessary to configure a CentOS network bridge for use by KVM based guest operating systems.

Creating a Network Bridge

The creation of a network bridge involves the use of the bridge-utils package. Begin by checking if this is already installed by executing the following command:

rpm –q bridge-utils

If the package is not yet installed, install it using yum:

su –
yum install bridge-utils

With this package installed it is time to look at the current network configuration. The easiest way to do this is to run the ifconfig command. The following shows output from running ifconfig on a system on which KVM is installed, but on which a network bridge has yet to be configured:

eth1      Link encap:Ethernet  HWaddr 00:13:72:0B:14:57
          inet6 addr: fe80::213:72ff:fe0b:1457/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4011 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2365 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:4993294 (4.7 MiB)  TX bytes:255448 (249.4 KiB)
          Memory:fe3e0000-fe400000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1632 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1632 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3601840 (3.4 MiB)  TX bytes:3601840 (3.4 MiB)

virbr0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:40 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:8275 (8.0 KiB)

In the above output, the entry for eth1 represents a physical network adaptor on the host computer. This is the connection currently used by this host to access the external network. The virbr0 entry represents the virtual network to which guest operating systems will connect if configured to do so.

In order to provide the option for guest operating systems to share the eth1 connection of the host it is necessary to establish a network bridge between eth1 and the virtual machines.

Begin the bridge creation process by gaining root access and changing directory to the /etc/sysconfig/network-scripts directory:

su –
cd /etc/sysconfig/network-scripts

If the interface to be bridged is currently running it should be taken down before proceeding:

ifdown eth1

The next step is to modify the script file for the physical network device. In this example the device is eth1 so we need to edit the ifcfg-eth1 file to add a BRIDGE= line. For the purposes of this example we will name the interface bridge0:

# Intel Corporation 82573L Gigabit Ethernet Controller
DEVICE=eth1
BOOTPROTO=dhcp
HWADDR=00:13:72:0B:14:57
ONBOOT=yes
BRIDGE=bridge0
DHCP_HOSTNAME=centos5

The next step is to create a script file for the bridge interface. The name of this file must take the form ifcfg-<bridgename> where <bridgename> matches the name of the bridge defined in the BRIDGE= directive outlined above. Given this requirement, we will name the file ifcfg-bridge0. The contents of this file for this example will read as follows:

DEVICE=bridge0
TYPE=Bridge
BOOTPROTO=dhcp
ONBOOT=yes
DELAY=0

Note that the DEVICE= line must refer to the bridge name previously specified (i.e. bridge0 in this instance). Save the file and then start up both interfaces:

ifup eth1
ifup bridge0

Using the ifconfig command, the new bridge interface should now be visible:

bridge0   Link encap:Ethernet  HWaddr 00:13:72:0B:14:57
          inet addr:192.168.2.17  Bcast:255.255.255.255  Mask:255.255.255.0
          inet6 addr: fe80::213:72ff:fe0b:1457/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2282 errors:0 dropped:0 overruns:0 frame:0
          TX packets:908 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1394144 (1.3 MiB)  TX bytes:98902 (96.5 KiB)

eth1      Link encap:Ethernet  HWaddr 00:13:72:0B:14:57
          inet6 addr: fe80::213:72ff:fe0b:1457/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6151 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3203 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          RX bytes:6407427 (6.1 MiB)  TX bytes:341028 (333.0 KiB)
          Memory:fe3e0000-fe400000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1656 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1656 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3606505 (3.4 MiB)  TX bytes:3606505 (3.4 MiB)

virbr0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:40 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:8275 (8.0 KiB)

Configuring a CentOS Firewall for a Network Bridge

If a firewall is enabled on the CentOS host, it may be necessary to add an iptables rule to allow network traffic via the bridge interface. This is achieved by adding a rule similar to the following to the /etc/sysconfig/iptables configuration file:

-A RH-Firewall-1-INPUT -i bridge0 -j ACCEPT

The change to the firewall will not take effect until the service is restarted, so complete the configuration by running the following command at the prompt in a terminal window:

/sbin/service iptables restart

Configuring a Virtual Machine to use the Network Bridge

During the virtual machine creation process using the virt-manager tool, the network configuration screen will list eth1 (Bridge bridge0) under the Shared physical device option:


Assigning a CentOS Network Bridge interface to a KVM virtual machine


When this option is selected for a virtual machine it will have access to the external network using the same eth1 device used by the host.

Assuming that KVM is now installed and a network bridge configured (if required), we are ready to move on to the next chapter entitled Creating a CentOS KVM Virtual Machine.


You are reading a sample chapter from the CentOS 5 Essentials Essentials book.

Purchase a copy of the fully updated CentOS 8 edition in eBook ($24.99) or Print ($36.99) format

CentOS 8 Essentials Print and eBook (ePub/PDF/Kindle) editions contain 31 chapters and over 260 pages. Learn more...

Buy Print Preview Book



PreviousTable of ContentsNext
Installing KVM Virtualization on CentOSCreating a CentOS KVM Virtual Machine


You are reading a sample chapter from the CentOS 5 Essentials Essentials book.

Purchase a copy of the fully updated CentOS 8 edition in eBook ($24.99) or Print ($36.99) format

CentOS 8 Essentials Print and eBook (ePub/PDF/Kindle) editions contain 31 chapters and over 260 pages. Learn more...

Buy Print Preview Book