Results 1 to 10 of 12

Thread: Where is KVM's default bridge config?

Hybrid View

  1. #1
    Join Date
    Jan 2013
    Beans
    10

    Question Where is KVM's default bridge config?

    Hi,

    after installing KVM on Ubuntu 12.10, there is a default bridge virbr0 on the system. Where is the configuration file for that?

    Reason I am asking: I am trying to get a handle on KVM and LXC and most of the guides mention to setup a bridge from scratch. Now I see the Ubuntu kvm package already added one for me, but it doesn't appear to have it's config anywhere in /etc.

    Any hints would be appreciated.

    Thanks!

  2. #2
    Join Date
    Mar 2010
    Location
    Metro-ATL; PM free zone.
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: Where is KVM's default bridge config?

    I've never used the default bridge. I think it is user-mode, which means it will be VERY slow. I've always setup a bridge using brctl.

    My manual bridge is setup in the normal /etc/network/interfaces file.

    A quick 'find' found this file: /var/lib/libvirt/network/br1.xml
    It seems like what you seek, but it has warnings that you shouldn't be directly changing it. It says to use virsh net-edit br1.

  3. #3
    Join Date
    Jan 2013
    Beans
    10

    Re: Where is KVM's default bridge config?

    Quote Originally Posted by TheFu View Post
    I've never used the default bridge. I think it is user-mode, which means it will be VERY slow. I've always setup a bridge using brctl.

    My manual bridge is setup in the normal /etc/network/interfaces file.

    A quick 'find' found this file: /var/lib/libvirt/network/br1.xml
    It seems like what you seek, but it has warnings that you shouldn't be directly changing it. It says to use virsh net-edit br1.
    Thanks!

    Did you install kvm from the Ubuntu repository? What did you do with the bridge virbr0 that the package created?

    What's really odd is that even the official Ubuntu server documentation says that if you want to use bridged networking, you should create a bridge, yet the kvm package already creates one. It's not mentioned in the docs at all.

    This really confuses me. I need to understand what exactly the kvm package installed and configured, so I can make educated decisions. Yet there is no documentation (or I am blind). The same thing is true for LXC by the way. It comes with a preconfigured bridge (lxcbridge0).

  4. #4
    Join Date
    Jan 2013
    Beans
    10

    Re: Where is KVM's default bridge config?

    Ok, so I found some more information.

    virbr0 is the default bridge in KVM. It's not usermode, it's a real bridge, and it does NAT for the guests. The backend is bridge-utils (aka Linux bridges).

    Here is an article with some more info and how to disable it, if needed:
    http://www.cyberciti.biz/faq/linux-k...nat-interface/

    The configuration resides in /etc/libvirt/qemu/networks/default.xml

    The bridge can be configured with virsh.

    This clears it up for me mostly. I posted it in case anyone else has the same questions.

  5. #5
    Join Date
    Mar 2010
    Location
    Metro-ATL; PM free zone.
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: Where is KVM's default bridge config?

    Quote Originally Posted by cryptochrome242 View Post
    Thanks!

    Did you install kvm from the Ubuntu repository? What did you do with the bridge virbr0 that the package created?

    What's really odd is that even the official Ubuntu server documentation says that if you want to use bridged networking, you should create a bridge, yet the kvm package already creates one. It's not mentioned in the docs at all.

    This really confuses me. I need to understand what exactly the kvm package installed and configured, so I can make educated decisions. Yet there is no documentation (or I am blind). The same thing is true for LXC by the way. It comes with a preconfigured bridge (lxcbridge0).
    I ignore the NAT bridge. All my VMs are 1st class citizens on my network.
    I started with KVM more than a few yrs ago. Back then, it didn't do any bridging automatically and the defaults were user-mode tunnels. Also know that bridges are a security concern. You'll want to read up about them if you really care about VMs not seeing other VM traffic - ever. If you run all the VMs on a box, I don't know how much I'd worry.

    It is good to see that they've improved it. KVM and all the support tools are improving fast. A few more years and nobody will need commercial virtualization tools at all.

  6. #6
    Join Date
    Jan 2013
    Beans
    10

    Re: Where is KVM's default bridge config?

    Quote Originally Posted by TheFu View Post
    Also know that bridges are a security concern. You'll want to read up about them if you really care about VMs not seeing other VM traffic - ever. If you run all the VMs on a box, I don't know how much I'd worry.
    Thanks. I am coming from a VMware background and the security issue is the same there. Common sense is needed when configuring virtual machines

    Right now I am also struggeling with getting UFW firewall to work properly with KVM. As soon as I enable it, no more traffic passes the bridge. I am guessing that's a configuration issue, but since I am using defaults from Ubuntu, I would suspect they would make it work out of the box. Do you have any experience with this?

    Thanks!

  7. #7
    Join Date
    Mar 2010
    Location
    Metro-ATL; PM free zone.
    Beans
    Hidden!
    Distro
    Lubuntu 14.04 Trusty Tahr

    Re: Where is KVM's default bridge config?

    Quote Originally Posted by cryptochrome242 View Post
    Thanks. I am coming from a VMware background and the security issue is the same there. Common sense is needed when configuring virtual machines

    Right now I am also struggeling with getting UFW firewall to work properly with KVM. As soon as I enable it, no more traffic passes the bridge. I am guessing that's a configuration issue, but since I am using defaults from Ubuntu, I would suspect they would make it work out of the box. Do you have any experience with this?
    Well, it IS a firewall. If you enable it, it blocks all traffic. That is what it should do. If you want something opened, then open it in the config - BEFORE enabling the firewall. The man page for ufw is pretty simple.

    Which VMware? ESX, ESXi or one of their toys?

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •