Setting up bridged networking for libvirt on CentOS / RedHat

By default, libvirt is setup to use NAT based networking for any guests created, which keeps them isolated from the rest of the physical network in the sense that they can only connect outbound, and inbound connections from other machines on the physical network would fail (other guests on the same hypervisor in the same virtual network can connect). The hypervisor server acts as a router, and each guest is given it’s own IP addresses in theĀ 192.168.122.* range from libvirt’s built-in DHCP server.

If you would like your guests to be part of your main network, so they get an IP address from your main DHCP server, then you need to set up bridged networking. With bridged networking enabled, all the guests behave as if they are connected directly into the main network without any firewall or router in between.

First make a backup of your existing eth0 config – just in case!

cp /etc/sysconfig/network-scripts/ifcfg-eth0 /root/backup-ifcfg-eth0

Then run this small script to update the eth0 config to make it part of the bridge. This script looks for the MAC address in your existing eth0 config, and then writes out a new one using this MAC. NB: This script assumes you were using DHCP on eth0, and there were no VLANS involved. If you have a more complex network, then you will need to write your own custom config – the key point is to add BRIDGE=br0.

eth0_mac=`grep HWADDR /etc/sysconfig/network-scripts/ifcfg-eth0 | grep -i -o '[0-9A-F]\{2\}\(:[0-9A-F]\{2\}\)\{5\}'`
cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <

Now create the bridge config...

cat > /etc/sysconfig/network-scripts/ifcfg-br0 <

Then restart the network...

service network restart

If all goes well you should still have network access, and the new bridge should show up in the output of brctl show:

[root@centos-latest-gpt-basic ~]# brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.009c02a46912	no		eth0
virbr0		8000.5254007ac74f	yes		virbr0-nic

To get your virtual machines to use this bridge, you would need something like the following in your guest xml file: