Many people consider virtual networking in libvirt to be complicated. Perhaps it is the number of options available to provide networking to a virtual machine that makes the libvirt networking appear complicated.
The main component of libvirt networking is the virtual network switch, also known as the bridge. You can imagine a bridge as a physical switch. In a real switch, there are a limited number of physical ports to attach to your servers. Here, on the Linux bridge, there are unlimited numbers of virtual ports to which the interfaces to virtual machines are attached. Similar to a physical switch, bridge learns the MAC addresses from the packets it receives and stores those MAC addresses in the MAC table. The packet (frames) forwarding decisions are taken based on the MAC addresses that it learned and stored in the MAC table.
We mentioned about the interfaces attached to the ports of a bridge. These interfaces are special network devices called TAP devices. If you try to imagine this in physical network terms, consider TAP devices as the network cable that carries the Ethernet frames between your virtual machine and bridge. This TAP device is a part of TUN/
TAP implementation available within the Linux kernel.
TUN, which stands for "tunnel", simulates a network layer device and it operates at OSI reference model's layer 3 packets, such as IP packets. TAP (namely a network tap) simulates a link layer device and it operates at OSI reference model's layer 2 packets, such as Ethernet frames. TUN is used with routing, while TAP is used to create a network bridge.
Before moving to the next topic, we will create a bridge and then add a TAP device to it.
Make sure the bridge module is loaded into the kernel. If it is not loaded, use modprobe bridge to load the module:
# lsmod | grep bridge
bridge 114688 1 ebtable_broute
Run the following command to create a bridge called tester:
# brctl addbr tester
Note: The brctl command is provided by the package bridge-utils.
Chapter 5 Let's see if the bridge is created:
# brctl show
bridge name bridge id STP enabled interfaces tester 8000.460a80dd627d no
The # brctl show command will list all the available bridges on the server, along with some basic information, such as the ID of the bridge, Spanning Tree Protocol (STP) status, and the interfaces attached to it. Here the tester bridge does not have any interfaces attached to its virtual ports.
A Linux bridge will also be shown as a network device. To see the network details of the bridge tester, use the ip command:
# ip link show tester
6: tester: <BROADCAST,MULTICAST>mtu 1500 qdiscnoop state DOWN mode DEFAULT group default link/ether 26:84:f2:f8:09:e0 brdff:ff:ff:ff:ff:ff You can also use ifconfig to check and configure the network settings for a Linux bridge; ifconfig is relatively easy to read and understand but not as feature-rich as ip command: The Linux bridge tester is now ready. Let's create and add a TAP device to it.
First check if the TUN/TAP device module is loaded into the kernel. If not, you already know the drill:
# lsmod | greptun tun 28672 1
Run the following command to create a tap device named vm-vnic:
# ip tuntap add dev vm-vnic mode tap
# ip link show vm-vnic
7: vm-vnic: <BROADCAST,MULTICAST>mtu 1500 qdiscnoop state DOWN mode DEFAULT group default qlen 500 link/ether 46:0a:80:dd:62:7d brdff:ff:ff:ff:ff:ff
We now have a bridge named tester and a tap device named vm-vnic. Let's add vm-vnic to tester.
# brctl addif tester vm-vnic
# brctl show
bridge name bridge id STP enabled interfaces tester 8000.460a80dd627d no vm-vnic
You can see that vm-vnic is an interface added to the bridge tester. Now vm-vnic can act as the interface between your virtual machine and the bridge tester, which in turn enables the virtual machine to communicate with other virtual machines added to this bridge:
Linux Bridge (virtual Switch)
VM
Tester
VM-NIC
VM
VM-NIC
It is time to put on your thinking cap. See if you can answer the following questions;
don't worry, we'll answer them later in this chapter. The questions are:
• Did you notice any difference in the MAC address of the bridge tester when you added the TAP device vm-vnic?
• Is it possible to assign an IP address to a bridge? If yes, why might you need to do that?
• Try to understand the details when you run, the # brctlshowmacs tester command?
We will now show you how to remove all the things that you just created. We will not need them for the rest of this chapter.
Chapter 5 Remove the vm-vnic tap device from the tester bridge:
# brctl delif tester vm-vnic
# brctl show tester
bridge name bridge id STP enabled interfaces tester 8000.460a80dd627d no
Once the vm-vnic is removed from the bridge, remove the tap device using the ip command:
# ip tuntap del dev vm-vnic mode tap Finally, remove the tester bridge:
# brctl delbr tester; echo $?
0
If you want to see all the available options, then run brctl –help:
# brctl --help
Usage: brctl [commands]
commands:
addbr <bridge> add bridge delbr <bridge> delete bridge
addif <bridge><device> add interface to bridge delif <bridge><device> delete interface from bridge hairpin <bridge><port> {on|off} turn hairpin on/off setageing <bridge><time> set ageing time
setbridgeprio <bridge><prio> set bridge priority setfd <bridge><time> set bridge forward delay sethello <bridge><time> set hello time
setmaxage <bridge><time> set max message age setpathcost <bridge><port><cost> set path cost setportprio <bridge><port><prio> set port priority show [ <bridge> ] show a list of bridges showmacs <bridge> show a list of mac addrs showstp <bridge> show bridge stp info stp <bridge> {on|off} turn stp on/off
These are the same steps that libvirt carried out in the backend while enabling or disabling networking for a virtual machine. We want you to understand this procedure thoroughly before moving ahead.