Per-VM Guest Networking Without a Bridge
Explains how to configure per-VM guest networking on Linux without a bridge, using macvtap or ipvlan interfaces to connect VMs directly to the physical network, improving performance and simplifying configuration.
Background
- **Bridge networking** is the standard way VMs connect to the outside world: the host creates a software bridge (like a virtual switch) and plugs each VM into it. Works well but adds complexity, limits performance, and can be a security risk if guests must not see each other's traffic.
- **Without a bridge** means giving each VM a direct, isolated path to the physical network — often by passing through a dedicated NIC, using MACVLAN/IPVLAN, or routing traffic at Layer 3. This avoids the shared-L2-domain problem.
- **Who this matters to**: anyone running multiple VMs (KVM/QEMU, Proxmox, etc.) who needs high throughput, low latency, or strict tenant isolation — common in homelabs, edge computing, and bare-metal cloud setups.
- **Why now**: as network cards get faster (25/100 Gbps) and security requirements tighten, the bridge's bottlenecks and shared-namespace risks become harder to ignore.