Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Network Management for KVM Host and VMs

  1. Last updated
  2. Save as PDF

Default Network

When KVM is enabled, libvirt library provides an interface or a virtual network switch virbr0 or Virtual Bridge 0 for NAT (Network Address Translation). All the virtual machines will connect to the virbr0 unless the default libvirt network changes.

If SWG is brought up on such a KVM Host (default settings) with the below command, then SWG will have 1 interface eth0 up with IP assigned in virbr0 network of the host.

virt-install --name=swg-test --vcpus=4 --memory=4096 --disk=swg-11.2.0-40108.img --osinfo centos7.0 --print-xml 1 > swg-test-definition.xml

Create a bridge and enable it as the default

Another option is to create a bridge on the host with ports or interfaces of your choice. For example, a bridge can be created with the management port of the KVM Host, and that can be made the default host network so that all VMs brought up on the host can connect to that.

The configuration can be done with the help of Netplan. Edit the yaml file under /etc/netplan/ as desired.

A sample is shown here which creates a bridge that connects the management port of the host:

network:

 version: 2

  ethernets:

       <Ethernet-Interface-Name>:

              dhcp4: no

  bridges:

       <Bridge-Name>:

              dhcp4: no

              interfaces:

                     - <Ethernet-Interface-Name>
              addresses:
                      - <Ethernet-Interface-IP>

               routes:

                        - to: default

                          via: <Default-Gateway-Host>

The network settings can be saved with
                        sudo netplan apply

<Bridge-Name> for example, br0 is now assigned the management IP address.

More netplan configuration examples and details can be found at https://netplan.readthedocs.io/en/stable/howto/

To make the above created bridge the default bridge/network of the host, the following steps have to be done:

  1. Create a file called kvm-hostbridge.xml in a location of your choice, with the following content:

<network>

  <name>hostbridge</name>

  <forward mode="bridge"/>

  <bridge name="<Bridge-name>"/>

</network>

  1. Create and enable this network by running the following:

virsh net-define /path/to/my/kvm-hostbridge.xml

virsh net-start hostbridge

virsh net-autostart hostbridge

This will ensure that a SWG brought up on the host after these settings gets a management IP on eth0 with the default command:

virt-install --name=swg-test --vcpus=4 --memory=4096 --disk=swg-11.2.0-40108.img --osinfo centos7.0 --print-xml 1 > swg-test-definition.xml

Multiple interfaces for SWG with multiple bridges

Assign network or bridges for SWG VMs during installation, via virt-install command using the option    --network.

To bring up a SWG with 2 interfaces eth0 and eth1, with eth0 connecting to management network (as shown above, br0) and eth1 to the virbr0 network:

virt-install --name=swg-TwoInterfaces --vcpus=4 --memory=4096 --disk=swg-11.2.0-40108-TwoInterfaces.img --osinfo centos7.0 --network bridge=br0 --network bridge=virbr0 --print-xml 1 > swg-TwoInterfaces.xml

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.