How to Dedicate Physical NICs to KVM Guests on Ubuntu 12.04 LTS – Complete Bridge Configuration Guide


2 views

When configuring KVM virtualization with dedicated NICs, the key is proper bridge configuration. Your current setup shows:

  • eth0 and eth1: Host interfaces with static IPs
  • eth2-eth5: Intended for guest VMs via bridge interfaces

To properly dedicate NICs to guests without host interference:

# For VM-dedicated NICs (eth2-eth5)
auto eth2
iface eth2 inet manual
    up ip link set $IFACE up
    down ip link set $IFACE down

auto br0
iface br0 inet manual
    bridge_ports eth2
    bridge_stp off
    bridge_fd 0

The IP assignment on bridge interfaces (br0-br3) is causing the problem. When you assign:

iface br0 inet static
    address 192.168.1.118

This makes the host participate in the network meant for guests. The solution is to set bridges as manual/no IP.

Here's the corrected /etc/network/interfaces:

# Host interfaces
auto eth0
iface eth0 inet static
    address 192.168.1.109
    netmask 255.255.255.0
    gateway 192.168.1.5

auto eth1
iface eth1 inet static
    address 192.168.1.117
    netmask 255.255.255.0

# VM-dedicated NICs
auto eth2
iface eth2 inet manual

auto br0
iface br0 inet manual
    bridge_ports eth2
    bridge_stp off

# Repeat for eth3-eth5 with br1-br3

After applying changes and restarting networking:

sudo service networking restart
ip addr show

You should see no IP assigned to the bridge interfaces, only link-local IPv6 addresses.

When creating your VMs (either via virt-manager or virsh), specify the bridge:

<interface type='bridge'>
  <mac address='52:54:00:8d:e7:e6'/>
  <source bridge='br0'/>
  <model type='virtio'/>
</interface>

For maximum throughput between guests and their dedicated NICs:

  • Enable SR-IOV if your NICs support it
  • Consider using macvtap instead of bridges for some workloads
  • Set appropriate MTU sizes if using jumbo frames

When setting up a KVM virtualization host with multiple physical NICs, proper network isolation is crucial. Your configuration shows you're using bridge networking, which is the standard approach for KVM, but there's an important optimization needed for dedicated NIC assignment.

Your existing /etc/network/interfaces shows bridges (br0-br3) bound to physical interfaces (eth2-eth5), but the host is still assigning IP addresses to these interfaces. This creates unnecessary network overhead and potential IP conflicts.

For true NIC dedication to guests, the bridge should be the only interface with an IP assignment. Here's the corrected approach:

# Host management interfaces
auto eth0
iface eth0 inet static
    address 192.168.1.109
    netmask 255.255.255.0
    gateway 192.168.1.5

auto eth1
iface eth1 inet static
    address 192.168.1.117
    netmask 255.255.255.0

# Dedicated guest interfaces - no IP on host
auto eth2
iface eth2 inet manual
    up ifconfig $IFACE 0.0.0.0 up
    up ifconfig $IFACE promisc on

auto br0
iface br0 inet manual
    bridge_ports eth2
    bridge_stp off
    bridge_fd 0

After applying these changes, check with:

ip addr show eth2
ip addr show br0

The physical interface (eth2) should show no IPv4 address, while the bridge (br0) will be ready for VM attachment.

When creating your VMs (either via virt-manager or virsh), specify the bridge interface:

<interface type='bridge'>
  <source bridge='br0'/>
  <model type='virtio'/>
</interface>

For maximum performance with dedicated NICs:

  • Disable all offloading features on the physical interface
  • Set MTU consistently across physical interface, bridge, and guest
  • Consider using SR-IOV if your NICs support it

If network connectivity issues arise:

  1. Verify bridge status: brctl show
  2. Check interface states: ip link show
  3. Monitor traffic: tcpdump -i eth2 -n