KVM - Bridging Issues

Jacob Albretsen jakea at xmission.com
Wed Nov 14 16:55:01 MST 2012

I've encountered an interesting problem that I've been battling all day.

I have 3 new Dell R420 servers, each with a dual port  Broadcom NetXtreme 
BCM5720 NIC.  My plan is to have em1 be the "maintenance IP" and then use em2 
as a bridge for the VMs I will be running on it.  I am using KVM / libvirtd on 
CentOS 6.3.





The devices come up fine.  "ifconfig" and "brctl show" look normal:

bridge name     bridge id               STP enabled     interfaces
br2             8000.90xxxxxxxxxx       no              em2

When I bring up a VM, the vnet0 also appears.

The issue I am running into is the bridge just flat out does not work.  I know 
em2 itself can work.  I can remove the bridge and just put a static IP (same 
subnet as em1) on it and ping it from other boxes and ping out to other boxes.  
But if I put on the bridge and try to get out through a VM, it goes no where.

I have sysctl.conf such that ipfilter is not used for the bridge traffic.  
Although I did bring down iptables to be sure and there was no change.

net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-filter-vlan-tagged = 0
net.bridge.bridge-nf-filter-pppoe-tagged = 0

I've checked and the modules are loaded.  If I move a VM over to em1 and use a 
macvtap connection, the VMs get out just dandy.

I have a very similar setup on another box and it works just fine.  I even have 
two bridges to two different networks and different VMs point to different 
networks (one network is the same network as the maintenance IP).  The only 
difference is the hardware.  On the one that works, the maintenance IP is on 
em1 (Broadcom NetXtreme II BCM5716) and the two bridges sit on top of a 
different piece of dual port NIC hardware: Intel Corporation 82576 (p1p1 and 

After banging my head all day at this and trying several different things for 
the setup of the bridge on em2, I'm out of ideas.  The only thing I can figure 
is the possibility that since the ones that don't work are on the same 
physical dual port NIC card and the ones that do are not on the same card, 
perhaps there is some sort of hardware limitation on the dual port NIC that 
I've run into.  But I'm finding that a little hard to believe.

Any thoughts or suggestions of things I may have overlooked are welcome.


More information about the PLUG mailing list