[libvirt-users] What's the meaning of sub-element <ip address='X.X.X.X'> in <interface type='bridge'> of domain xml?

Laine Stump laine at laine.org
Thu Apr 17 11:23:06 UTC 2014

On 04/17/2014 10:42 AM, Jianwei Hu wrote:
> Hi guys,
> I saw this sub-element in http://libvirt.org/firewall.html, there is some confusion, what's the meaning of sub-element <ip address='X.X.X.X'> in <interface type='bridge'> of domain xml?
> The detail <interface> in domain xml as below:
> <interface type='bridge'>
>   <mac address='52:54:00:56:44:32'/>
>   <source bridge='br1'/>
>   <ip address='10.X.X.X'/>         <===it's my question

As far as I can find, the <ip> subelement of a domain's <interface> is:

1) only recognized for <interface type='bridge'> and <interface

2) only used by the xen driver, and ignored by all others.

I believe it is the IP address that xen will tell the domain to use for
its interface.

The correct way to specify a guest IP address for a nwfilter is
described here:


The page you're citing is something lifted from an email written by
Daniel Berrange, and it was likely written during early design of
nwfilter and then wasn't updated to reflect what was finally implemented.

Stefan - can you confirm or deny my suspicion?

Beyond that, I think that page needs to be somehow updated from /
combined with the formatnwfilter page to eliminate both duplicated and
incorrect information.

>   <target dev='vnet0'/>
>   <model type='virtio'/>
>   <filterref filter='clean-traffic'/>
> </interface>
> Is it static IP(specified by customer) in guest OS? or a IP of interface(e.g. eno1) in "br1" on host machine? what's definition about it?
> [root at localhost src]# brctl show
> bridge name	bridge id		STP enabled	interfaces
> br1		8000.24be051881ce	no		eno1
> If you know how to use it, please show me a detail scenario.

Don't use it.

More information about the libvirt-users mailing list