I’ve been using KVM based virtual machine as a web server for a while. The VM needs a public IP of course, so I used a bridged setup. Recently (2014-03-03), however, one of the other machines on my subnet generated some 3Mbps of traffic (to an external server). This caused my host machine CPU usage to rise to 40%!
I’m guessing this is because the bridged setup put
eth0 in promiscuous mode, and the host kernel has to inspect each packet and decide whether to pass it to the VM guest or not.
I switched my networking setup to
macvtap, and got a huge performance improvement.
The 3Mbps of traffic barely puts a dent on my CPU usage.
virt-manager and set the following:
Add Hardware --> Network Host device ethXX : macvtap Device Model: virtio Source Mode: VEPA
ethXX is your host machines outgoing interface.
The only caveat with
VEPA is that your host machine CAN NOT communicate to the guest machine over this interface (unless you have some special hair pin switch.)
I worked around this by creating a second
NAT interface for the guest, and assigning static IP’s as follows:
virt-manager to create a second (NAT) interface for the guest.
default. Get the interface up and running in the guest.
virsh net-autostart default to make sure the interface comes up automatically after reboots.
virsh net-edit default.
It will pop up an XML file with basic network configuration.
<dhcp> section, and below the
<range start... /> line add the line
<host mac='guestmac' name='guestname' ip='192.168.122.2' />
/etc/hosts on the host, and add the line
/etc/hosts on the guest, and add the line
Now you should have transparent host/guest access on all machines. (Accessing the guest via an IP address still won’t work though; you’ll have to use host-names.)
After upgrading on 2014-05-02 and rebooting my system my precious
macvtap was unreachable.
On my host I could see the interface, but was unable to send or receive anything on it.
I realized that after an upgrade of QEmu (not libvirt!) on the host, my host interface
eth1 wasn’t being put in promiscuous mode.
A temporary fix is to run
ifconfig eth1 promisc
after which everything should work.
For a permanent solution, put the following in
iface eth1 inet dhcp up ifconfig $IFACE promisc # Your custom network commands # ... down ifconfig $IFACE -promisc
Hopefully this bug should go away soon.
After upgrading I found that the network on my host machine was dropping up to 20% of incoming packets. This had the effect of reducing the incoming speed to less than 100kbps, while the outgoing speed was a good 20mbps+.
I found that setting the device model to
virtio fixed it. (The device model was
Thanks for the nice and simple post. Another reason to use macvtap is that if a bridge is added in a corporate network you are most likely to face a shutdown of the physical network port. This happens if the bridge announces itself by sending BPDUs.
I fear it is “VEPA” ( virtual ethernet port aggregator) and not “VPEA”.
Oops. Indeed; I fixed it.
I’d like to work through this manual, but at the very beinning I already get lost. Perhaps it is due to the translation of virt-manager’s interface (v1.0.1 running on Netrunner v16 distro) :
I can not find the place / menu to
Add Hardware –> Network
In the following I had to translate back - so please excuse the different terms:
So where might I add the eth0 macvtap?
Thanks for quick tip for tuning my KVM machine, facing similar issue i will try the same. - Thanks Himanshu Blogger @