How to configure bonding in KVM host and attach it to a bridge?
Below are the steps I performed in my test setup to configure bonding device and to attach it with the bridge.
First we have to make sure bonding driver will be loaded from boot of the system. For that I have added “bonding” driver in my modprobe.conf file as shown below.
# cat /etc/modprobe.conf
alias bond0 bonding
Now create ‘ifcfg’ file for the bond device.
For ex:
#cat /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
ONBOOT=yes
BOOTPRTO=none
USERCTL=no
BONDING_OPTS=”mode= “
BRIDGE=br0
Now You have to change “ifcfg” files of ethernet interfaces which are going to be slaves of this bond device.
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth1
BOOTPROTO=none
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
Change other slave interface’s ifcfg files as configured for ‘eth0’
Below steps will help you to configure bridge device in the system
For configuring ‘bridge device’ please make ifcfg file as shown below. You can use any name for your bridge . Here I used ‘devbr0’ as my bridge name.
# cat /etc/sysconfig/network-scripts/ifcfg-devbr0
DEVICE=devbr0
TYPE=Bridge
BOOTPROTO=dhcp
ONBOOT=yes
DELAY=0
Once you made proper configuration of ‘ifcfg’ files in /etc/sysconfig/network-scripts directory, restart ‘network’ service in your system.
You can verify your network configuration in the system by below commands.
# ifconfig
# brctl show
The ‘brctl’ command will show you the bridge created in the system and the interface attacted with the bridge.
Then ‘iptable’ can be configured as shown below
# iptables -I FORWARD -m physdev –physdev-is-bridged -j ACCEPT
# service iptables save
# service iptables restart
It is also possible to filter/prevent bridge traffic from being processed by iptables rules. For this edit /etc/sysctl.conf and append below lines:
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
Reload the kernel parameters configured with sysctl.
# sysctl -p /etc/sysctl.conf
You can attach your guest interfaces to this created bridge using virt-manager or directly editing the guest configuration file which can be found at :/etc/libvirt/qemu directory. So that all traffic from the guest will be passed to the active slave of the bond.