Designing a Linux virtual network for KVM virtualization

Determine how to configure the virtual and physical network cards for optimal performance on a Linux network with KVM hypervisor. The best use of individual network cards and virtual network cards depends on the I/O of the virtual machines on the network.

In a KVM virtual environment, one of the most complicated aspects of virtual hardware to set up is the virtual network. In this article you'll read some tips on how to set up the network interfaces.

When configuring virtual networks, there are two parts. First, is configuring the physical network cards in the host operating system. Next is the virtual network interfaces within the virtual machines.

Physical versus virtual network configurations
Before starting to configure the virtual network, you need to decide what exactly you want to configure. In modern networks, many different configuration scenarios are possible as servers are often equipped with several network cards. The fact that your server has more than network card, brings you to the first important question: Are you going to use these cards for increased performance and redundancy in a NIC teaming configuration? Or are you going to configure the network cards individually so that you can assign specific virtual machines to specific network cards?

More on KVM virtualization
Red Hat explains shift from Xen to KVM

Creating KVM virtual machines in RHEL 5.4

Virtualization options for enterprise Linux

The are reasons to prefer either of these two methods. If the workload on your virtual machine doesn't show one or more virtual machines that have considerably higher network I/O than other machines, the best way to configure the virtual network, is probably by setting up a NIC bonding configuration in the host operating system. Most Linux distributions offer solutions to set up such an environment. The result is that instead of using individual network cards, you'll be working with one network interface, the bond0 interface. On top of this bond0 interface, you would create the virtual bridge interface (similar to the working of a real switch). All the individual virtual machines will then be using ports on this virtual bridge, without priority, for any of the virtual machines.

The advantage of this scenario is that the host operating system takes care of assigning equal priority to the available virtual machines. Also, the network bonding interface ensures that you have redundancy implemented in your network. If one of the interfaces in the bond environment goes down, the other interface(s) can take over, ensuring continuing networking.

Manual priority assignments
You can choose not to bundle the physical network interfaces in your host operating system to one big bonding device. This approach also offers some advantages, namely that you can manually determine which virtual machine is going to use which virtual network card. Imagine an environment where you have four virtual machines, running on one host server. In the host server, you have two network interfaces, but one of the virtual machines is causing a considerably higher workload than the other virtual machines. In such a situation you are better of using two (or more) different network interfaces. What you would do, is configure a bridge on each of the interfaces and assign the virtual machine that has high bandwidth demands exclusively to one of the interfaces, where you can assign all other virtual machines to the other interfaces. This way you can manually load balance the virtual machines over the network.

You could also configure networking within the virtual machines. There's nothing that prevents you from creating a network bonding device within a virtual machines. From a more practical perspective, this is not a good idea. If you configure networking on the host, all virtual machines can use that configuration. If you configure networking within the virtual machines, you would need to repeat the network configuration procedure for each virtual machine.

KVM network set-up best practices
When setting up KVM networking, you can configure the physical network cards in your server in one bonding device that communicates with one network bridge. This is the best approach if all the virtual machines that you expect to be using on this host have similar needs for network bandwidth usage. If there are considerable differences with regard to the bandwidth needs of virtual machines, it is better to create multiple virtual bridges, so that machines that have high bandwidth needs can have a dedicated network bridge.

ABOUT THE AUTHOR: Sander van Vugt is an author and independent technical trainer, specializing in Linux since 1994. Vugt is also a technical consultant for high-availability (HA) clustering and performance optimization, as well as an expert on SLED 10 administration.

Dig Deeper on Linux servers