The primary difference between a macvlan and a bridge interface solution lies in how they handle network traffic and their compatibility with different types of network interfaces, particularly Wi-Fi. On a consumer notebook, like a ThinkPad it is almost impossible to create a bridge interface, so your KVM virtual machines are unreachable from the host.
Bridge interface solution
Overview
- Concept: A bridge interface (bridge0) acts like a virtual switch, connecting multiple network interfaces so they can communicate directly, as if they were on the same physical network.
- Implementation: A physical network interface (e.g., eth0) is added to the bridge, and virtual machines (VMs) are connected to this bridge. This way, VMs get IP addresses from the same network as the host and communicate directly with it.
Limitations with Wi-Fi
- Wi-Fi bridging: Most Wi-Fi drivers and hardware do not support being part of a bridge due to how Wi-Fi handles MAC addresses and frames. Wi-Fi operates differently from Ethernet, particularly in managing multiple MAC addresses, which is essential for bridging.
- Driver support: Bridging Wi-Fi interfaces requires specific driver support (AP mode and 4addr), which is often lacking in many consumer-grade Wi-Fi adapters, including those in laptops like the ThinkPad.
macvlan interface solution
Overview
- Concept: macvlan creates virtual network interfaces (macvlan devices) that can be assigned their own MAC addresses and appear as separate interfaces on the same physical network.
- Implementation: macvlan interfaces are created on top of a physical network interface (e.g., wlan0). Each macvlan interface can communicate with the network independently, with its own IP address and MAC address.
Advantages with Wi-Fi
- Driver Independence: macvlan works at a higher layer than the physical interface driver, so it doesn’t require the Wi-Fi driver to support bridging. This makes it more compatible with typical Wi-Fi adapters found in laptops.
- Isolation and Performance: macvlan provides a form of network isolation, giving each VM its own interface and reducing broadcast traffic compared to a bridge. This can sometimes lead to better performance in certain network configurations.
Why macvlan can work on your Wi-Fi?
- No special Wi-Fi driver requirements: macvlan doesn’t need the Wi-Fi driver to support bridging. It simply requires the driver to support standard operations, making it compatible with more Wi-Fi adapters.
- Simpler configuration: Setting up a macvlan interface is often simpler than configuring a bridge, especially when dealing with Wi-Fi. The macvlan interfaces operate like separate network devices, avoiding some complexities of bridging Wi-Fi.
- Network segmentation: macvlan allows you to create multiple virtual interfaces on top of your Wi-Fi adapter, each with its own MAC and IP address. This segmentation can be useful for assigning different network configurations to VMs without requiring complex bridging setups.
Summary of differences
- Bridging: Connects multiple interfaces to the same network segment, requiring driver support for Wi-Fi. It treats all connected interfaces as part of the same network.
- macvlan: Creates virtual interfaces with their own MAC addresses on top of a single physical interface. It’s more compatible with typical Wi-Fi adapters and provides a form of network segmentation.
Practical setup example for macvlan
- Create macvlan interface:
sudo ip link add link wlan0 name macvlan0 type macvlan mode bridge
sudo ip addr add 192.168.1.100/24 dev macvlan0
sudo ip link set macvlan0 up
- Configure VM to use macvlan: When starting a VM, specify the macvlan interface:
sudo qemu-system-x86_64 -m 2048 -hda /path/to/vm/image.qcow2 -netdev tap,id=net0,ifname=tap0,script=no,downscript=no -device virtio-net-pci,netdev=net0,mac=52:54:00:12:34:56
- Route configuration on host: Add a route to ensure that the host can communicate with the VMs:
sudo ip route add 192.168.1.0/24 dev macvlan0
By using macvlan, you can create a flexible network environment for your VMs on a laptop with a Wi-Fi interface, avoiding the limitations associated with bridging Wi-Fi.
If you want to discuss the topic with other technology-minded people, join my Discord: https://discord.gg/YbSYGsQYES
Now we have an IRC channel as well: irc.libera.chat / #tomsitcafe
Tom's IT Cafe 