Install and Configure KVM (Bridge Net Interface) on CentOS 7 / RHEL 7

kvm installation configuration setup on centos7 redhat7
KVM (Kernel-based Virtual Machine) is a virtualization infrastructure for the Linux which requires a processor with hardware virtualization extension to be able to host guest sytems. KVM is convenient solution to test and try different operating systems if you don’t have a possibility to purchase expensive and power consuming physical hardware.

The below tutorial presents KVM (QEMU) installation and setup along with Linux Bridge configuration on CentOS7 / RedHat7 operating system.

Steps:

1. Verify CPU Hardware Virtualization support
Our CPU must support hardware virtualization (VT-x) in order to become KVM Hypervisor and host Virtual Machines (guest operating systems):

[root@tuxfixer ~]# lscpu
Architecture:          x86_64
CPU op-mode(s):        32-bit, 64-bit
Byte Order:            Little Endian
CPU(s):                4
On-line CPU(s) list:   0-3
Thread(s) per core:    2
Core(s) per socket:    2
Socket(s):             1
NUMA node(s):          1
Vendor ID:             GenuineIntel
CPU family:            6
Model:                 42
Model name:            Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz
Stepping:              7
CPU MHz:               800.000
BogoMIPS:              4988.58
Virtualization:        VT-x
L1d cache:             32K
L1i cache:             32K
L2 cache:              256K
L3 cache:              3072K
NUMA node0 CPU(s):     0-3

2. Disable and stop NetworkManager
NetworkManager is known to cause problems when working with Linux Bridge, so for us it’s better to disable it:

[root@tuxfixer ~]# systemctl stop NetworkManager
[root@tuxfixer ~]# systemctl disable NetworkManager
Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.

3. Install KVM related packages

[root@tuxfixer ~]# yum install qemu-kvm qemu-img libvirt libvirt-python libvirt-client virt-install virt-viewer virt-manager

4. Launch and enable libvirtd daemon

[root@tuxfixer ~]# systemctl enable libvirtd
[root@tuxfixer ~]# systemctl start libvirtd

5. Set system-wide privileges for KVM
We need to add our regular user tuxfixer to kvm group to let him launch virt-manager

[root@tuxfixer ~]# usermod -a -G kvm tuxfixer

We also need to set polkit (policy kit) rules for KVM.
Edit file 49-polkit-pkla-compat.rules:

[root@tuxfixer ~]# vim /etc/polkit-1/rules.d/49-polkit-pkla-compat.rules

and add the following ath the bottom:

polkit.addRule(function(action, subject) {
    if (action.id == "org.libvirt.unix.manage" &&
        subject.isInGroup("kvm")) {
            return polkit.Result.YES;
        }
});

6. Create KVM Linux Bridge (bridge KVM hypervisor host network interface with VM network interfaces)
In this tutorial we want Virtual Machines to obtain their IP addresses from the same network where KVM Hypervisor host is connected, that’s why we will bridge it’s main network interface (em1) with VM network interfaces. To do so, we need to create Linux Bridge from em1 interface on KVM Hypervisor host.

Current Hypervisor network configuration (right after KVM installation):

[root@tuxfixer ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: em1:  mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether d0:67:e5:33:15:3f brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.3/24 brd 192.168.2.255 scope global dynamic em1
       valid_lft 73193sec preferred_lft 73193sec
    inet6 fe80::d267:e5ff:fe33:153f/64 scope link 
       valid_lft forever preferred_lft forever
3: wlp3s0:  mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:24:d7:f4:dc:e8 brd ff:ff:ff:ff:ff:ff
4: virbr0:  mtu 1500 qdisc noqueue state DOWN 
    link/ether 52:54:00:b7:22:b3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
5: virbr0-nic:  mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
    link/ether 52:54:00:b7:22:b3 brd ff:ff:ff:ff:ff:ff

ifcfg-em1 config file (before KVM Linux Bridge creation):

[root@tuxfixer ~]# cat /etc/sysconfig/network-scripts/ifcfg-em1 
DEVICE="em1"
TYPE="Ethernet"
BOOTPROTO="none"
NAME="em1"
ONBOOT="yes"
HWADDR="D0:67:E5:33:15:3F"
IPADDR=192.168.2.3
PREFIX=24
GATEWAY=192.168.2.1
PEERDNS="no"
NM_CONTROLLED="no"

For KVM networking configuration we will use virt-manager application which is a user-friendly GUI frontend for KVM command line interface.

Note: virbr0 interface was created automatically along with KVM installation and represents virtual network existing “inside” KVM environment with NAT (Network Address Translation) enabled.

Since we don’t need NAT inside KVM environment (we want to bridge Hypervisor interface), we can remove existing KVM virtual network based on virbr0 interface.

Launch virt-manager as root:

[root@tuxfixer ~]# virt-manager

virt-manager window should appear:

virt-manager install kvm on centos 7

Right click: QEMU/KVM -> Details -> Virtual Networks -> Disable network: “default” -> Delete network: “default” based on virbr0

kvm virtual network centos 7

Now we can bridge KVM Hypervisor interface (em1):

Right click: QEMU/KVM -> Details -> Network Interfaces -> Add Interface:

Interface type: Bridge
Interface name: br-em1
Start mode: on boot
Activate now: enabled
IP settings: copy configuration from ’em1′
Bridge settings: STP on, delay 0.00 sec

kvm centos 7 rhel 7 bridge interface
… press Finish to override the existing configuration and create KVM Linux Bridge.

Now we can verify newly created Linux Bridge (br-em1):

centos 7 rhel 7 linux bridge configuration

Check current IP configuration (IP is now assigned to br-em1 and em1 acts now as backend interface only):

[root@tuxfixer ~]# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: em1:  mtu 1500 qdisc pfifo_fast master br-em1 state UP qlen 1000
    link/ether d0:67:e5:33:15:3f brd ff:ff:ff:ff:ff:ff
3: wlp3s0:  mtu 1500 qdisc noop state DOWN qlen 1000
    link/ether 00:24:d7:f4:dc:e8 brd ff:ff:ff:ff:ff:ff
6: br-em1:  mtu 1500 qdisc noqueue state UP 
    link/ether d0:67:e5:33:15:3f brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.3/24 brd 192.168.2.255 scope global br-em1
       valid_lft forever preferred_lft forever
    inet6 fe80::d267:e5ff:fe33:153f/64 scope link 
       valid_lft forever preferred_lft forever

Verify Linux Bridge configuration:

[root@tuxfixer ~]# brctl show
bridge name	bridge id		   STP enabled interfaces
br-em1		8000.d067e533153f  yes		   em1

KVM Linux Bridge is now configured.

7. Further steps – launching VMs

You can proceed now with Virtual Machines installation, you can also launch VMs from already created qcow2 images of VMs, if you have those.
If you need Kali Linux qcow2 images, you can check mine here. Images marked as non-ci have root password configured and are suitable for KVM.


28 thoughts on “Install and Configure KVM (Bridge Net Interface) on CentOS 7 / RHEL 7

  1. jan August 22, 2016 at 18:25

    cool article

  2. JJ September 23, 2017 at 23:51

    WTF all network down – fucking | when finished added new – rewrite existing and down + lose ifcfg-* file WTF

    • Grzegorz Juszczak October 10, 2017 at 21:46

      I encountered such situation once on Debian, anyway on CentOS/RHEL it never happened to me, looks like you need to recreate it manualy.

      • Maciek November 7, 2018 at 16:44

        well, it just happened to me on newest CentoOS 7, all interfaces are down 😉 Now just need to go 40 miles to access machine locally. Better do this when being around the host, rather than remotely.

        • prs March 4, 2019 at 13:01

          I needed STP to be off, I suppose it depends on the switch.
          Never do remote network configuration unless you have remote ILO/IPMI access if you can avoid it.

  3. jliou October 16, 2017 at 06:21

    Best KVM on CentOS 7 installation article so far and I have checked at least three to four articles, including one posted by Dell engineer since I’m using Dell PowerEdge T110 as host.

  4. lemwish December 10, 2017 at 04:27

    Its taken 5 months to land on this gem. Thank you

  5. Dan December 29, 2017 at 15:51

    When the bridge is configured is the regular network interface for the host become unusable?

    • Grzegorz Juszczak January 2, 2018 at 12:23

      Hi Dan
      The regular interface acts only as backend device for the bridge, but should be enabled all the time. IP is transferred from this interface to the bridge, but the interface is still working, you can even capture packets from this device using tcpdump/Wireshark.

  6. derek January 4, 2018 at 23:11

    Perfect b/c it’s right to the point. duckcuckgo sent me here btw!

  7. Syafril Hermansyah January 18, 2018 at 00:10

    Awesome article, working great for multi bridge.
    Thank you very much Grzegorz Juszczak.
    +1

  8. jack August 2, 2018 at 03:46

    Thank you so much, this article has been brilliant!! Finally it works pretty good.

  9. francis September 20, 2018 at 14:13

    now that the host network has no ip, if I want to ssh into the host machine how do I do that

    • Grzegorz Juszczak September 20, 2018 at 22:16

      After moving the IP address from backend interface to the bridge, you just connect to the bridge via SSH, IP address in fact doesn’t change.

  10. Luander September 26, 2018 at 15:03

    Nice article. For me it works until I reboot the host machine. Is this configuration persistent? If not, how to make it survive a reboot?

    • Grzegorz Juszczak September 29, 2018 at 21:55

      Hi Launder
      This configuration is definitely persistent after reboot. There is no magic here, it’s simple Linux bridge.

  11. Air November 22, 2018 at 13:31

    Can you bridge the wireless network as well in the same manner?

    • Grzegorz Juszczak December 2, 2018 at 23:19

      Never tried bridging wi-fi interface, but I guess it should be possible, in the same manner

  12. GregM January 10, 2019 at 17:07

    Does this solution allow the guest and host to directly communicate over the primary subnet? This isn’t supported in macvtap.

    • Grzegorz Juszczak January 20, 2019 at 21:35

      Hi GregM
      If by writing “primary subnet” you meant the management network, then yes, this solution allows it.

  13. Victor April 22, 2019 at 12:13

    Thanks for this information. it’s been really helpful. However, I configured bridged network just like you mentioned in your article and i tried doing a live migration of a guest VM from one host to another, see below the error i was getting:

    “Unable to migrate guest: Unable to get index for interface em1: No such device”

    what could the problem be?

    • Grzegorz Juszczak April 22, 2019 at 20:39

      Hi Victor
      The problem is described in the message you are getting 🙂
      Looks like you are trying to make a bridge on the interface which doesn’t exist in your OS.
      I am using em1 interface, because this is my main access interface for KVM vHost, and this is the interface I am bridging for my VMs – it’s just an example.
      Your vHost interfaces most likely have a different names.
      You should know which interface you are going to bridge, prior to KVM bridge setup.

  14. Victor April 22, 2019 at 21:14

    Hi Grzegorz,
    Coincidentally, my NIC on the source host is also em1. it’s configured with an IP of 10.10.10.164/24 since my environment is on 10.10.10.0/24 network.
    my NIC on the target host is eno1 configured with an IP of 10.10.10.240/24.
    My guest VM ip is 10.10.10.165/24.
    I tried doing live migration, it wasn’t working. it was giving the error i mentioned in the above comment. I then created another VM and used NAT option which gave my VM an IP of 192.168.122.252, after which i was able to do live migration.

    I want my VM to use 10.10.10.165 and be able to migrate live and not 192.168.122.252. 192.168….. is not defined in my network environment. How do i go about it please?

  15. RAY July 27, 2019 at 07:50

    Very helpful! Cheers!

  16. Serge September 15, 2019 at 21:26

    Hi Grzegorz, thanks a bunch for this write-up! It saved me quite some hassle, and I’d echo some comments above – yours is probably the best on the Web to date.

    I’d like to keep my server on DHCP, thus I can set all IPs from a single place – my router. Unfortunately, after rebooting the server I had to run dhclient manually in order to get the IP. Any thoughts?

  17. Serge September 16, 2019 at 02:40

    Once I followed all the instruction I also added:
    GATEWAY=192.168.1.1
    to the /etc/sysconfig/network-scripts/ifcfg-br-eno1 file. IP address and i/f name may differ. Then I did:
    # service network restart
    That allowed proper routing on the host.

Leave a Reply

Name *
Email *
Website

This site uses Akismet to reduce spam. Learn how your comment data is processed.