[libvirt-users] assign static external IP to container

Gao feng gaofeng at cn.fujitsu.com
Fri Dec 20 08:12:34 UTC 2013 

On 12/20/2013 04:04 PM, Laine Stump wrote:
> On 12/16/2013 04:47 AM, Gao feng wrote:
>> On 12/14/2013 10:51 AM, scar wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA256
>>>
>>> Gao feng @ 12/12/2013 10:18 PM:
>>>> I saw there are two bridge br0 and virbr0 in your host. which
>>>> bridge the libvirt uses?  what's result of #virsh net-list ?
>>> well i don't quite understand bridges and their function, i'm kinda
>>> just following directions.  br0 replaced eth0 though in my interfaces
>>> file according to this guide[1] i followed to setup the bridge.  i'm
>>> pretty sure virbr0 is what libvirt uses....
>>>
>>> host$ cat /etc/network/interfaces
>>> auto lo
>>> iface lo inet loopback
>>>
>>> auto br0
>>> iface br0 inet static
>>> 	address 67.180.246.122
>>> 	netmask 255.255.255.248
>>> 	gateway 67.180.246.121
>>> 	dns-nameservers 67.180.241.11 67.180.241.12
>>> 	bridge_ports eth0
>>> 	bridge_fd 9
>>> 	bridge_maxage 12
>>> 	bridge_stp off
>>>
>> remove this br0 sector from the interfaces file. and restart the network. (remove the bridge br0)
>> I'm not familiar with the configure files in ubuntu,
>> let's use the command.
>>
>> 1, ifconfig eth0 0.0.0.0
>> 2, brctl addif virbr0 eth0
>> 3, ifconfig virbr0 67.180.246.122/29
>> 4,ip route add default via 67.180.246.121 dev virbr0
>> 5, ifconfig eth0 x.x.x.x/29 (in container)
>> 6, ip route add default via 67.180.246.121 dev eth0 (in container)
>>
>> but this will not work when you restart libvirt.
> This advice is incorrect and should not be followed! The br0 that he has
> created is *exactly* what he needs, so he shouldn't remove it from the
> config. And you should *never* manually mess with the bridges setup by
> libvirt's virtual networks.
> 
> What you've done here is modify virbr0 to temporarily appear exactly as
> he already had br0 setup, and this temporary change will be undone the
> next time you stop/start libvirt's default network, or restart the host.
> 
> 
> 
> Sorry for coming in so late on this discussion, but it sounds like the
> guest (aka "vm") is probably configured to use libvirt's "default"
> network, which means that it is connected to the bridge "virbr0", and
> that bridge is *not* directly connected to the physical network - it
> instead sets up a private network on 192.168.122.0/24 and uses IP
> masquerading (NAT) to make all the guests appear to the outside world as
> the host's IP address).
> 
> You can verify this by looking for the <interface> section in the
> guest's to see if it looks like this:
> 
>     <interface type='network'>
>        ...
>        <source network='default'/>
>        ...
>     </interface>
> 
> (also, when configured for DHCP, your guest will get an IP address in
> the 192.168.122.0/24 range). Since virbr0 has no L2 connection to the
> physical network - its only connection is via the host's IP routing
> stack, i.e. L3 - simply changing the IP configuration in the guest just
> gives you an interface with an IP from the physical net that is
> effectively disconnected from that network, exactly as you've described.
> 
> If you want your guest to be connected directly to the physical network,
> you will need to change the guest's config so that the <interface>
> section instead looks like this:
> 
>     <interface type='bridge'>
>        ...
>        <source bridge='br0'/>
>        ...
>     </interface>
> 
> You can make this change by running "virsh edit $guestname" at a root
> shell prompt (that brings up the guest config in vi, or whatever is set
> as $EDITOR in root's environment), making the modifications and saving
> the file. After that, you will need to shutdown the guest completely,
> then restart it for the changes to take effect. At that time you should
> be able to modify the guest's network config files (in the guest's own
> system config) with the secondary static IP address your COLO provider
> has allocated for you.
> 
> (Note that, if the COLO has restrictions on MAC address (e.g. Hetzner),
> then you will need to request a new MAC address to go with the 2nd IP
> address, and edit the guest config's <interface> section to use that MAC
> address instead of the one automatically generated by libvirt).
> 
> TL;DR - put back the config for br0 if you've removed it, then modify
> the guest's <interface> config to use br0 instead of the default network.
> 

You are right :)

More information about the libvirt-users mailing list