RU EN HE
About Projects Blog
← Back to blog
Networking & Infrastructure

KVM Bridge Networking: Connecting VMs to Physical Networks

Sat Jan 10 · 2 min read

Introduction

Connecting KVM virtual machines to physical networks via bridges is a standard task for labs and test environments. However, bridge configuration in Linux has pitfalls. This article provides a step-by-step guide with analysis of common errors.

Common Error: enp0s31f6 as Bridge

A common mistake is assigning an IP address directly to the physical interface (e.g., enp0s31f6) that’s added to a bridge. When creating a bridge, the IP must be on br0, not on the physical interface.

Creating a Bridge with nmcli

# Create bridge interface
nmcli connection add type bridge ifname br0 con-name br0


# Configure IP
nmcli connection modify br0 ipv4.addresses “192.168.1.100/24”
nmcli connection modify br0 ipv4.gateway “192.168.1.1”
nmcli connection modify br0 ipv4.method manual


# Add physical interface as slave
nmcli connection add type bridge-slave 

ifname enp0s31f6 master br0


# Bring up the bridge
nmcli connection up br0

Adding Physical Interface as Slave

The physical interface (enp0s31f6) is added as a bridge-slave. Its own network connection is deactivated — all traffic goes through br0. Important: do this via console or IPMI, as the SSH connection will drop.

Configuring VM NIC

In the VM configuration (virsh edit or virt-manager), the network interface binds to br0. Use virtio for the NIC model — it significantly increases throughput compared to e1000.

Verification with bridge link and tcpdump

# Check bridge members
bridge link show


# Monitor bridge traffic
tcpdump -i br0 -n


# Check ARP table
ip neigh show dev br0

Troubleshooting Connectivity

If the VM doesn’t get a DHCP IP: check STP — for a single bridge, disable it via nmcli. Ensure firewalld isn’t blocking bridge traffic. Verify net.bridge.bridge-nf-call-iptables is set to 0.

Useful Tips

  • Always configure bridges via console, not SSH
  • Use virtio for VM NICs — significant throughput improvement
  • For multiple VLANs, use VLAN sub-interfaces on the bridge
  • Document your configuration — network settings are easily lost on system updates

Conclusion

KVM bridge networking setup via nmcli is straightforward once you understand the principles. Key points: IP address on br0, physical interface as slave, STP disabled for simple configurations, and firewall rule verification.