[libvirt-users] assign static external IP to container

Laine Stump laine at laine.org
Fri Dec 20 08:04:12 UTC 2013 

On 12/16/2013 04:47 AM, Gao feng wrote:
> On 12/14/2013 10:51 AM, scar wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> Gao feng @ 12/12/2013 10:18 PM:
>>> I saw there are two bridge br0 and virbr0 in your host. which
>>> bridge the libvirt uses?  what's result of #virsh net-list ?
>> well i don't quite understand bridges and their function, i'm kinda
>> just following directions.  br0 replaced eth0 though in my interfaces
>> file according to this guide[1] i followed to setup the bridge.  i'm
>> pretty sure virbr0 is what libvirt uses....
>>
>> host$ cat /etc/network/interfaces
>> auto lo
>> iface lo inet loopback
>>
>> auto br0
>> iface br0 inet static
>> 	address 67.180.246.122
>> 	netmask 255.255.255.248
>> 	gateway 67.180.246.121
>> 	dns-nameservers 67.180.241.11 67.180.241.12
>> 	bridge_ports eth0
>> 	bridge_fd 9
>> 	bridge_maxage 12
>> 	bridge_stp off
>>
> remove this br0 sector from the interfaces file. and restart the network. (remove the bridge br0)
> I'm not familiar with the configure files in ubuntu,
> let's use the command.
>
> 1, ifconfig eth0 0.0.0.0
> 2, brctl addif virbr0 eth0
> 3, ifconfig virbr0 67.180.246.122/29
> 4,ip route add default via 67.180.246.121 dev virbr0
> 5, ifconfig eth0 x.x.x.x/29 (in container)
> 6, ip route add default via 67.180.246.121 dev eth0 (in container)
>
> but this will not work when you restart libvirt.
This advice is incorrect and should not be followed! The br0 that he has
created is *exactly* what he needs, so he shouldn't remove it from the
config. And you should *never* manually mess with the bridges setup by
libvirt's virtual networks.

What you've done here is modify virbr0 to temporarily appear exactly as
he already had br0 setup, and this temporary change will be undone the
next time you stop/start libvirt's default network, or restart the host.



Sorry for coming in so late on this discussion, but it sounds like the
guest (aka "vm") is probably configured to use libvirt's "default"
network, which means that it is connected to the bridge "virbr0", and
that bridge is *not* directly connected to the physical network - it
instead sets up a private network on 192.168.122.0/24 and uses IP
masquerading (NAT) to make all the guests appear to the outside world as
the host's IP address).

You can verify this by looking for the <interface> section in the
guest's to see if it looks like this:

    <interface type='network'>
       ...
       <source network='default'/>
       ...
    </interface>

(also, when configured for DHCP, your guest will get an IP address in
the 192.168.122.0/24 range). Since virbr0 has no L2 connection to the
physical network - its only connection is via the host's IP routing
stack, i.e. L3 - simply changing the IP configuration in the guest just
gives you an interface with an IP from the physical net that is
effectively disconnected from that network, exactly as you've described.

If you want your guest to be connected directly to the physical network,
you will need to change the guest's config so that the <interface>
section instead looks like this:

    <interface type='bridge'>
       ...
       <source bridge='br0'/>
       ...
    </interface>

You can make this change by running "virsh edit $guestname" at a root
shell prompt (that brings up the guest config in vi, or whatever is set
as $EDITOR in root's environment), making the modifications and saving
the file. After that, you will need to shutdown the guest completely,
then restart it for the changes to take effect. At that time you should
be able to modify the guest's network config files (in the guest's own
system config) with the secondary static IP address your COLO provider
has allocated for you.

(Note that, if the COLO has restrictions on MAC address (e.g. Hetzner),
then you will need to request a new MAC address to go with the 2nd IP
address, and edit the guest config's <interface> section to use that MAC
address instead of the one automatically generated by libvirt).

TL;DR - put back the config for br0 if you've removed it, then modify
the guest's <interface> config to use br0 instead of the default network.

More information about the libvirt-users mailing list