[CentOS-virt] Finally switching from Xen to KVM - question about networking

Tue Jun 10 17:14:27 UTC 2014
lee <lee at yun.yagibdah.de>

Steve Campbell <campbell at cnpapers.com> writes:

> On 6/10/2014 10:46 AM, Digimer wrote:
>> On 10/06/14 10:03 AM, Steve Campbell wrote:
>>> I had so much trouble putting Centos 6 guest VMs on a Centos 5 host that
>>> I finally switched to a Centos 6 host.
>>> I've not needed more that test VMs, so I've used Virtual Machine Manager
>>> on the old system, which worked pretty well, so I decided to create my
>>> first KVM guest machine. I noticed when I created it, I only had the
>>> options of NAT for my network interface, so I used that (obvious).
>>> Well, after starting the VM, I find I don't have connectivity with that
>>> interface. Reading, I find examples where I need to create bridges
>>> perhaps. Xen did most of this for me, so it's a little new to me.
> [...]
> The host has a device named virbr0 that is installed during system 
> installation. It also has a network device vnet0. There are no files in 
> /etc/sysconfig/network-scripts for these.
> Shouldn't I be able to use the virbr0 virtual bridge for this? I've 
> tried setting up the VM's device with all of the options that is listed, 
> but to no avail.
> Should I need to set up another bridge for this?

This bridge is like a stick you poke through a wall into another room
(domU --> dom0).  At the same time, it *is* a bridge, i. e. it works
like a hub in that it *does* connect *all* network(s) with each other
via the devices that are added to the bridge.  That is regardless of
what IP addresses these devices have or what networks they "belong" to.

To make it more confusing, the bridge itself is a network device.

Suppose you have the physical eth0 on the machine, with Add
eth0 to the bridge and you don't have network access anymore (which is
really confusing).

Now do not give eth0 an IP address but give the bridge and,
with eth0 attached to it, you suddenly have network access again (which
is also confusing).  Both the VM and the host are reachable from the
outside that way.

The other end of the bridge shows up as a network interface (eth0) in
the VM.  You can give it an IP address like, and that
address is reachable (from the outside of the VM) via the bridge in the
host.  You may have to add a route in the host for it, though, and for
the VM, the host is the gateway.

For your purposes, you can probably ignore the virtual interfaces.  The
duplication with bridges and interfaces still doesn't make sense to me
...  What's the difference between a dangling bridge and a virtual

Knowledge is volatile and fluid.  Software is power.