Linux Bridge and Virtual Networking
Software defined networking (SDN) is the current wave sweeping the networking industry. And one of the key enablers of SDN is virtual networking. While SDN and virtual networking are in vogue these days, the support for virtual networking is not a recent development. And Linux bridge has been the pioneer in this regard.
Linux Bridge - The Basics
Virtual networking requires the presence of a virtual switch inside a server/hypervisor. Even though it is called a bridge, the Linux bridge is really a virtual switch and used with KVM/QEMU hypervisor. Linux Bridge is a kernel module, first introduced in 2.2 kernel (circa 2000). And it is administered using brctl command on Linux.
The Simple Use Case
Now we will delve a bit more into Linux bridge by looking at a very basic use case. Let us say that you want to create a VM on your KVM-enabled Linux server (host). Among other things, this VM will be configured with one virtual NIC. In order to give Internet connectivity to this VM, we will have to associate the virtual NIC of the VM to the physical NIC of the server. This association is facilitated by the Linux bridge. Here is a picture of what we want to accomplish:
The above picture is based on my home Ubuntu laptop running KVM. I am using the wireless connection so that the laptop itself has network connectivity. But to illustrate Linux bridge capability, I will create a VM and associate it to my wired NIC port on the same laptop. The newly created VM will get its IP address etc (via DHCP) from the router in the middle.
Step-by-step guide
**Step - 1: **The first step is to create a Linux bridge using the brctl command. Note: for more ways to create Linux bridges (depends on you distro) - check this out.
**Step - 2: **The next step is to associate the physical NIC of the server (eth0) to this bridge. Note:- prior to this step ensure that the physical NIC does not have any IP address configured.
At the end of these two steps, the network configuration would look something like this. Note that the kvmbr0 Linux bridge has only one interface at this time (eth0).
Step - 3: The next step is to create a Virtual Machine and ensure that it uses the Linux bridge created above for the virtual networking. For this blog, I will demonstrate this step using “Virtual Machine Manager” (VMM) which is a GUI for libvirt. Here is a screenshot on how you can associate the Linux Bridge to a VM.**
Once the virtual machine is created and booted up, you will see that the virtual machine has external network connectivity.
Let us connect the interfaces
The output of brctl show command shows that there is another interface on the kvmbr0 Linux bridge. This interface vnet0 is a virtual interface created by libvirt (VMM) as seen in the screenshot here. This virtual interface is also called a tap interface. You can see from the PS command that the _KVM/QEMU _command that started the VM, uses a tap interface as a network device. More about this in the next post.
Now just like you connect an Ethernet (RJ-45) cable from a physical NIC to an port (interface) on a physical switch, the VM’s virtual NIC is connected to this virtual tap interface on the Linux bridge. The below screenshot highlights the relationship between the VM’s virtual NIC and the Linux Bridge tap interface.
- The first thing to notice is the similarities in the MAC address of vnet0 (on the host server) and the eth0 (virtual NIC in the VM).
- The next giveaway is the data transmitted and received on each of the interface. Since there is a direct 1-1 relationship, the TX bytes of the VM NIC matches the RX bytes of _vnet0. _And vice-versa.
- Finally, we can see that the Virtual NIC has been configured with IP address and gateway etc. This configuration is done using the DHCP server on my physical router. This implies that virtual NIC has external network connectivity.
To summarize:
- We created a Linux bridge and added a physical NIC interface of the host.
- Then while creating a VM, we specified the Linux bridge to be used for virtual networking.
- The Virtual Machine Manager (libvirt GUI) did some behind-the-scene work to associate the Virtual NIC to the Linux bridge and in turn to the Physical NIC.
- We then observed how the VM’s virtual NIC is associated to the virtual tap interface on the host. And how the tap interface is added to the Linux bridge.
- This shows that the traffic will flow from the VM’s virtual NIC to the vnet0 tap interface, then onto the Linux bridge (virtual switch) which will send it out on the other virtual switch interface (eth0) on the host.
In the next blog post, we will understand what happened behind-the-scene.