Network devices as virtual Ethernet devices

Edit online

Virtualize network devices as virtual Ethernet devices by configuring direct MacVTap connections or virtual switches.

In a typical virtual network device configuration, you will want to isolate the virtual server communication paths from the communication paths of the host. There are two ways to provide network isolation:
  • You set up separate network devices for the virtual servers that are not used for the host network traffic. This method is called full isolation. It allows the virtual network device configuration using a direct MacVTap connection or a virtual switch.
  • If the virtual server network traffic shares network interfaces with the host, you can provide isolation by configuring the virtual network device using a MacVTap interface. Direct MacVTap connections guarantee the isolation of virtual server and host communication paths.
Whatever configuration you choose, be sure to provide high reliability through path redundancy as shown in Figure 1:
Figure 1. Highly reliable virtual network device configuration
This graphic shows a highly reliable virtual network device configuration using path redundancy.

Network device configuration using a direct MacVTap connection

MacVTap provides a high speed network interface to the virtual server. The MacVTap network device driver virtualizes Ethernet devices and provides MAC addresses for virtual network devices.

If you decide to configure a MacVTap interface, be sure to set up a bonded interface which aggregates multiple network interfaces into a single entity, balancing traffic and providing failover capabilities. In addition, you can set up a virtual LAN interface, which provides an isolated communication between the virtual servers that are connected to it.

Figure 2. Configuration using a direct MacVTap connection
This graphic shows a direct MacVTap connection configured on the basis of a bonded interface, which provides path redundancy.

When you configure a virtual Ethernet device, you associate it with a network interface name on the host in the configuration-XML. In Figure 2, this is bond0. libvirt then creates a MacVTap interface from your network configuration.

Use persistent network interface names to ensure that the configuration-XMLs are still valid after a host reboot or after you unplug or plug in a network adapter. Your product or distribution might provide a way to assign meaningful names to your network interfaces. When you intend to migrate a virtual server, use network interface names that are valid for the hosts that are part of the migration.

Network device configuration using virtual switches

Virtual switches are implemented using Open vSwitch. Virtual switches can be used to virtualize Ethernet devices. They provide means to configure path redundancy, and isolated communication between selected virtual servers.

With virtual switches, the configuration outlined in Figure 1 can be realized as follows:
Figure 3. Configuration using a virtual switch
This graphic shows a configuration based on a virtual switch that is set up with a bonded interface, which provides path redundancy.
Note: Libvirt also provides a default bridged network, called virbr0, which is not covered in this document. See the libvirt networking documentation reference in the related publications section for more details.

Related publications