Networking

Xen guest networking works by connecting virtual network interfaces (vifs) in guest domains to a bridge in dom0. dom0 then routes or bridges that traffic to the physical network.

Basic bridge setup

The most common networking setup is a bridge. dom0 creates a software bridge and attaches both the physical network interface and guest vifs to it. Guests appear on the same network as the physical host.

Most distributions configure this automatically when you install Xen. The bridge is typically named xenbr0.

To check that the bridge is set up:

brctl show

You should see xenbr0 listed with the physical interface (e.g. eth0) as a member.

If the bridge is not set up automatically, you will need to configure it through your distribution’s networking tools. The exact steps vary by distribution.

Configuring guest networking

In the guest configuration file, the vif line connects the guest to the bridge:

vif = [ "bridge=xenbr0" ]

Multiple vifs can be added by listing them:

vif = [ "bridge=xenbr0", "bridge=xenbr1" ]

Each entry can also specify a MAC address and other options:

vif = [ "mac=00:16:3e:xx:xx:xx,bridge=xenbr0" ]

NAT networking

As an alternative to bridging, NAT networking routes traffic from guests through dom0. Guests get private IP addresses and share dom0’s public address. This is simpler to set up in some environments but limits direct inbound access to guests.

NAT configuration is handled through dom0’s standard Linux networking tools (iptables/nftables). See your distribution’s documentation for details.

Further reading

The Xen Networking page on the wiki covers additional networking scenarios in more detail.