What is a linux bridge?
A bridge is a way to connect two Ethernet segments together in a protocol independent way. Packets are forwarded based on Ethernet address, rather than IP address (like a router). Since forwarding is done at Layer 2, all protocols can go transparently through a bridge.
What is qemu?
QEMU (short for Quick Emulator) is a free and open-source hosted hypervisor that performs hardware virtualization (not to be confused with hardware-assisted virtualization).
What software is required to setup a bridge?
- CentOS/Redhat: yum install bridge-utils
- Debian/Ubuntu: apt-get install bridge-utils
How to configure a bridge on a bonded network?
Note: This example, will make use of a custom subnet of /29.
Adding the basic bridge configuration to the existing network configuration (Debian/Ubuntu) example below, you will see
vmbr0 has been added merely as a placeholder
# nano /etc/network/interfaces
auto lo iface lo inet loopback auto bond0 iface bond0 inet static address 188.8.131.52 netmask 255.255.255.248 gateway 184.108.40.206 bond-downdelay 200 bond-miimon 100 bond-mode 4 bond-updelay 200 bond-xmit_hash_policy layer3+4 bond-lacp-rate 1 bond-slaves enp2s0 enp2s0d1 dns-nameservers 220.127.116.11 18.104.22.168 iface bond0 inet6 static address 2604:1380:0:6900::5 netmask 127 gateway 2604:1380:0:6900::4 auto bond0:0 iface bond0:0 inet static address 10.99.54.5 netmask 255.255.255.254 post-up route add -net 10.0.0.0/8 gw 10.99.54.4 post-down route del -net 10.0.0.0/8 gw 10.99.54.4 auto enp2s0 iface enp2s0 inet manual bond-master bond0 auto enp2s0d1 iface enp2s0d1 inet manual pre-up sleep 4 bond-master bond0 auto vmbr0 iface vmbr0 inet static bridge_ports bond0 bridge_stp off bridge_fd 0
With the above bridge place holder included in the bonded network configuration above & the use of a custom subnet of
/29 we migrate the details of
bond0 (IP etc) to
vmbr0 while keeping everything else in place, see the following example:
auto bond0 iface bond0 inet manual bond-downdelay 200 bond-miimon 100 bond-mode 4 bond-updelay 200 bond-xmit_hash_policy layer3+4 bond-lacp-rate 1 bond-slaves enp2s0 enp2s0d1 auto vmbr0 iface vmbr0 inet static address 22.214.171.124 netmask 255.255.255.248 gateway 126.96.36.199 bridge_ports bond0 bridge_stp off bridge_fd 0 dns-nameservers 188.8.131.52 184.108.40.206
Please Note: The bridge will only function with a custom subnet size of /29 & /28. For elastic IP's, scroll to the bottom.
How to configure a bridge on a non-bonded network?
iface eth0 inet manual auto br0 iface br0 inet static address 220.127.116.11 netmask 255.255.255.248 gateway 18.104.22.168 bridge_ports eth0 bridge_stp off bridge_fd 0 bridge_maxwait 0
The above configuration is more for our Layer2 with the default bond broken.
How to configure a bridge with Elastic IP's?
Since elastic IP's are routed directly to your machine, they don't need a bridge_port towards your bond interface.
Adding the following configuration to your /etc/network/interfaces file will work to create a bridge for KVM using Elastic IP's.
In this example, we will configure the following elastic IPv4 subnet.
auto vmbr1 iface vmbr1 inet static address 22.214.171.124 netmask 255.255.255.248 network 126.96.36.199 broadcast 188.8.131.52 bridge_ports none bridge_stp on bridge_fd 0 bridge_maxwait 0
VM's using the above Elastic IP's will need the following configuration:
You can run the following command to bring the bridge up, you don't need to restart the bond0 interface since there is no changes made to that interface.
Once the interfaces file has been configured you can restart the server, or use
ifdown -a && ifup -a to restart the network in one command.
If the network fails to come back up, you can log in via SOS console and revert the changes made to restore the network.
In this example, vmbr0 is the original static bridge on a bonded network, while vmbr1 is the elastic IP bridge which requires no interface attachment.
# brctl show bridge name bridge id STP enabled interfaces virbr0 8000.525400ffa2f0 yes virbr0-nic vmbr0 8000.fe00934b6172 yes bond0 vmbr1 8000.fe0400ffa272 yes