Understanding Linux Bridge in a Virtualisation

This is an era of Cloud Computing. Cloud computing in turn is based on Virtualisation. Linux has turned a winner in era of Virtualisation with its amazing features around networking. However sometimes it becomes really confusing to understand the networking used in Virtualisation.

Hypervisor is the basis on which your Virtualisation works. There are many Hypervisors available today – KVM, LXC, XEN, VirtualBox, VMware, HyperV, OpenVZ and XEN HVM.

The following situation will apply to in general all virtual environments and also will provide you understanding of how a bridge networking works and how to implement it in Linux. It can also help you understand how to work with a local LAN situations where instead of each virtual machine you can have a physical machine.

So what is a Linux Bridge ?

A linux bridge is a networking component whose functionality mimics a traditional bridge – which is to join 2 different non connectable ends together which in this case are network interfaces.

Did not get it ?

Okay. Let’s consider the following networking configuration. ( Open the networking file using “cat /etc/network/interfaces” command on shell )

iface eth0 inet static

Above is a simple networking configuration. It says the following :

  1. eth0 is a device name and must exist physically on server
  2. static tells you that this is a permanent configuration ( you can see dhcp in its place as well which allows an external dhcp server to provide you a dynamic randomly assigned IP address according to the dhcp server’s policy)
  3. address is the IP address of this device / network card
  4. netmask is the usual subnet mask of this device
  5. gateway is the next hop. This is the machine to which all traffic will be forwarded for access to outside world 

Therefore this interface is only used on your machine for access and can not be shared by others.

To share this to others we need to have a bridge on this interface. How to form a bridge ? Pretty easy !

First remove the details from the eth0 interface and make it a manual one.

Like this :

iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
          bridge_ports eth0
          bridge_stp off
          bridge_fd 0

In the above you can see the eth0 now has been made manual. We have added a new interface called vmbr0 which is a bridge. Similar IP configurations have moved to vmbr0.

bridge_ports is an important field here which actually tells you that this interface now is going to bridge eth0 with itsself.

After this you can see this bridge in your linux machine with the command “brctl show”. As and when other devices will attach to this bridge you will be able to see them in the output of brctl show.

This bridge will now be used as a interface on which virtual machines can attach. It can now allow you to use same network interface eth0 but with multiple machines. Machines connected from this bridge will remain accessible from outside your network freely.

Remember that this is now connected directly to your physical interface and IP address which can be accepted by your upstream providers will only work here. This is useful in case if you have multiple ip address for your server – in that case you can simply configure each virtual machine to use their own IP inside the machine and use the same gateway as you are using on the bridge.

This can be used in any virtual network situations now.

A typical way of defining in LXC to use this bridge can be as follows :

lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = vmbr0
lxc.network.name = eth0
lxc.network.hwaddr = 80:84:16:xx:xx:xx
lxc.network.mtu = 1000

In the next post we will see how to make a private networking using bridges.

Photo credit: Alexio's pics via Hackers / CC BY-NC-SA