Virsh network management allows you to control virtual machine networking in libvirt. If you manage KVM environments, networking knowledge is essential.
In this guide, we use Debian GNU/Linux 12 (Bookworm). All examples in this series use this version.
Because networking connects VMs to the outside world, proper configuration improves security and connectivity.
Table of Contents
Understanding Virtual Networks in Libvirt
Before using virsh network management commands, you must understand the network types.
What Is a NAT Network?
A NAT network allows VMs to access the internet through the host.
By default, libvirt creates a NAT network named default.
It usually uses the interface:
virbr0
Key features:
- Private IP range (for example, 192.168.122.0/24)
- Automatic DHCP
- Internet access through host
- No direct external access to VM
Because NAT hides VMs behind the host, it is secure and easy for labs.
What Is a Bridge Network?
A bridge network connects VMs directly to the physical network.
It usually uses:
br0
Key features:
- VM gets IP from physical network
- VM acts like a real device
- Suitable for servers
- Requires manual bridge setup
However, bridge networking requires more configuration.
virbr0 vs br0
Understanding the difference is important.
| Interface | Type | Purpose |
|---|---|---|
| virbr0 | Virtual bridge (NAT) | Default libvirt NAT network |
| br0 | Linux bridge | Direct bridge to physical NIC |
Because virbr0 is automatic, beginners prefer it.
On the other hand, br0 is ideal for production servers.
tap vs vnet
You may see these interfaces when running VMs.
tap Interface
A tap device is a virtual network interface in Linux.
It connects VMs to bridges.
Libvirt creates tap devices dynamically.
vnet Interface
A vnet interface is a libvirt-managed tap device.
Example:
vnet0
vnet1
These connect:
VM → vnetX → bridge (virbr0 or br0)
Because of this design, traffic flows through the host network stack.
Virsh Network Management Commands
Now let us explore essential virsh network management commands.
1. virsh net-list
This command lists available networks.
virsh net-list --all
It shows:
- Network name
- State
- Autostart status
Use this to verify if the default network is active.
2. virsh net-info
This command shows detailed network information.
virsh net-info default
It displays:
- Network bridge name
- Active status
- Persistent state
- Autostart status
Because of this, you can confirm bridge mapping.
3. virsh net-dumpxml
This command shows the full XML configuration.
virsh net-dumpxml default
The XML defines:
- IP range
- DHCP configuration
- Forwarding mode (NAT or bridge)
Review this before making changes.
4. virsh net-edit
This command allows live XML editing.
virsh net-edit default
Always restart the network after major changes.
Because incorrect XML breaks networking, edit carefully.
5. virsh net-destroy
This command stops a virtual network.
virsh net-destroy default
This disconnects all attached VMs.
Use this only when necessary.
6. virsh net-start
This command starts a network.
virsh net-start default
To enable autostart:
virsh net-autostart default
Because inactive networks block VM connectivity, always ensure networks are running.
Example: Checking Default NAT Network
Follow this simple process:
- List networks
- Confirm default is active
- Verify bridge name
- Start network if stopped
This ensures your VMs connect properly.
When to Use NAT vs Bridge
Choose NAT if:
- You run labs
- You want simple setup
- You do not need external access
Choose Bridge if:
- You run servers
- You need static IPs
- VMs must be accessible on LAN
Because each setup serves different needs, choose wisely.
Why Virsh Network Management Matters
Proper virsh network management ensures:
- Reliable VM connectivity
- Secure network isolation
- Flexible configuration
- Easy troubleshooting
In addition, understanding virbr0, br0, tap, and vnet improves debugging skills.
Therefore, mastering these tools is essential for virtualization administrators.
FAQ Section
It is usually a NAT network named default using virbr0.
Yes. However, you must reconfigure network XML.
Performance is similar, but bridge provides direct LAN access.
It is a VM interface attached to a bridge.
No, but VMs lose connectivity.
Conclusion
Understanding virsh network management is critical for controlling VM connectivity in Debian GNU/Linux 12 (Bookworm). NAT networks use virbr0 for simple setups. Bridge networks use br0 for direct LAN access. Tap and vnet interfaces connect VMs to these bridges.
If you master these concepts and commands, you gain full control over virtual networking.
In the next article, we will create a custom bridge network and attach a VM to it.
