# Networking## Host networking### metadata- unique `name` of the network i

1. # Networking
2.  
3. ## Host networking
4.  
5. ### metadata
6.  
7. - unique `name` of the network in scope of a single host
8. - `uuid` is autogenerated
9. - when set to yes, the optional parameter `ipv6` enables a network definition with no IPv6 gateway addresses specified to have guest-to-guest communications
10. - `trustGuestRxFilters`
11.  
12. ### connectivity
13.  
14. - `bridge` defines the bridge interface, which is created if it doesn't exists
15. - `name` - name of the net interface
16. - `stp` - spanning tree protocol
17. - `delay` - forward delay in seconds
18. - `macTableManager` - setting to 'libvirt' disables kernel management (vlan filtering is enabled on the bridge)
19. - `zone` - firewalld zone for the bridge with forward mode of 'nat'
20. - `mtu` - specific MTU for the network
21. - not specifying the mtu gives a default `1500`
22. - `domain` - optinal and only used with `forward` mode of 'nat' or 'route'
23. - `name` - DNS domain of the DHCP server
24. - `localOnly` - defaults to 'no' and sets the internal/local only domain resolution
25. - `forward` - inclusion indicates that the virtual network is to be connected to the physical LAN. If this element is omitted, the network isolated from any other network (unless a guest connected to that network is acting as a router)
26. - `interface` - interface to be used
27. - `dev` - name of the host's interface
28. - `mode` - method of forwarding traffic and defaults to 'nat'
29. - `nat`
30. ```xml
31. <forward mode='nat'>
32. <nat>
33. <address start='1.2.3.4' end='1.2.3.10'/>
34. <port start='500' end='1000'/>
35. </nat>
36. </forward>
37. ```
38. - setting start and end address the same means single IPv4 address
39. - firewall rules are added to allow outbound connections
40. - `dev` - firewall rules restricts routing to specified device only
41. - `route` - forwards traffic without NAT directly to physical LAN via host's IP routing stack
42. - `dev` - firewall rules restricts routing to specified device only
43. - to restrict incoming traffic to a guest on a routed network, you can configure `nwfilter` rules on the guest's interfaces
44. - `open` - forwards traffic without nAT directly to physical LAN via host's IP routing stack
45. - No firewall rules
46. - to restrict incoming traffic to a guest on a routed network, you can configure `nwfilter` rules on the guest's interfaces
47. - `bridge` - at the IP level, the guest interface appears to be directly connected to the physical interface
48. - describes 3 various scenarios
49. 1. an existing host bridge that was configured outside of libvirt
50. 2. an existing Open vSwitch bridge that was configured outside of libvirt
51. 3. an interface or group of interfaces to be used for a "direct" connection via macvtap using macvtap's "bridge" mode (if the forward element has one or more <interface> subelements)
52. - `private` - macvtap 'direct' connection of each guest to the network
53. - private mode
54. - `vepa` - macvtap 'direct' connection of each guest to the network
55. - vepa-capable hardware switch
56. - `passthrough` - macvtap 'direct' connection of each guest to the network
57. - `hostdev` - PCI passthrough allows PCI devices to appear and behave as if they were physically attached to the guest operating system
58. - `bandwidth` - quality of service
59.  
60. ### setting VLAN tag
61.  
62. ```xml
63. <network>
64. <name>ovs-net</name>
65. <forward mode='bridge'/>
66. <bridge name='ovsbr0'/>
67. <virtualport type='openvswitch'>
68. <parameters interfaceid='09b11c53-8b5c-4eeb-8f00-d84eaa0aaa4f'/>
69. </virtualport>
70. <vlan trunk='yes'>
71. <tag id='42' nativeMode='untagged'/>
72. <tag id='47'/>
73. </vlan>
74. <portgroup name='dontpanic'>
75. <vlan>
76. <tag id='42'/>
77. </vlan>
78. </portgroup>
79. </network>
80. ```
81.  
82.  
83. ## KVM overview
84.  
85. eno1
86. - physical interface
87.  
88. virbr0
89. - virtual bridge
90. - includes IP and acts as s router/switch and includes NAT (usually)
91.  
92. virbr0-nic
93. - connection of the bridge to the physical interface
94. - allows the KVM to get out to the physical interface `eno1`
95.  
96. vnet0
97. - indicates that its one VM that is up and running
98.  
99. ### bridging
100.  
101. enable KVM networking with the outside world
102. - create a bridge and set it up
103. - set target interface up
104. ```bash
105. sudo ip link add name my-br0 type bridge
106. sudo ip link set dev my-br0 up
107. sudo ip link set dev enp0s3 up
108. sudo ip link set dev enp0s3 master my-br0
109. ```
110.  
111. NOTE: this is the same behaviour as for automatic bridging of libvirt networking including e.g. NAT forward.