[libvirt-users] bridged networking using VLAN : guest with 2 NIC
Laine Stump
laine at laine.org
Wed Oct 30 09:19:09 UTC 2013
(There is no need or advantage to Cc'ing individuals who are already
subscribed to the mailing list.)
On 10/28/2013 05:34 PM, Dan Sa wrote:
> hello all,
>
> I have been trying to set-up bridged network with VLAN and not able to
> succeed as many tutorials address only single NIC.
>
> I am trying to setup 2 guests (backtrack instance) each guest has NIC1
> and NIC2. following is snippet for guest1
>
> I am not able to get 192.168.0.2 address back on guest eth0.
See the comment below about <forward mode='bridge'>. you'll need some
other entity on your vlan to run a dhcp server, because libvirt won't be
doing it for you in this case.
>
>
> VIRT-MANAGER GUI :
>
> guest1-lan details radio button
>
> left side panel
>
> NIC1 ------------------> Virtual Network Interface
> Source Device : Virtual Network "default" NAT
> Device Model : Hypervisor default
> MAc Address : xxxxxxxxxxxxxx
>
> NIC2 ------------------> Virtual Network Interface
> Source Device : Specify Shared Device Name
> Bridge name : guest1-lan
> Device Model : virto
> MAc Address : xxxxxxxxxxxxxx
The output of "virsh dumpxml $guestname" is much more useful than a
transcription of the virt-manager screens.
>
> HOST MACHINE :
>
> brctl show has br0 for bridge
> and virbr0 with 192.168.122.x address (created by default virtual
> network NAT)
>
>
> /etc/sysconfig/network-scripts/
>
> 1) Bridge BR0 (cat ifcfg-br0)
>
> DEVICE="br0"
> TYPE="Bridge"
> ONBOOT="yes"
> NM_CONTROLLED="no"
> BOOTPROTO="static"
> IPADDR="xx.xx.xx.xx"
> NETMASK="255.255.254.0"
> GATEWAY="xx.xx.xx.xx"
> DNS1="x.y.z.s"
> DNS2="x.y.q.s"
>
> 2) cat ifcfg-em1
> NM_CONTROLLED="yes"
> HWADDR="02:12D:E2:B1:32"
> BOOTPROTO="static"
> DEVICE="em1"
> BRIDGE="br0"
> ONBOOT="yes"
>
> 3) ifcfg-em2
> NM_CONTROLLED="yes"
> HWADDR="02:24:7e:d0:b1:42"
> BOOTPROTO="static"
> DEVICE="em2"
> ONBOOT="yes"
>
> 4) THIS IS GUEST (cat ifcfg-guest1-lan)
I don't understand what you mean by "this is guest". It isn't a part of
the guest; it is a bridge on the host that could be *used* by a guest.
> DEVICE=guest1-lan
> TYPE=Bridge
> ONBOOT=yes
> BOOTPROTO=static
> DELAY=1
>
> 5) GUEST VLAN (cat ifcfg-em2.620)
>
> DEVICE=em2.620
> VLAN=yes
> ONBOOT=yes
> BRIDGE=guest1-lan
>
> BRCTL Show Command :
>
> br0 8000.00237de0a132 no em1
> vnet0
> guest1-lan 8000.00237de0a133 no em2.620
> virbr0 8000.5254003e19b3 yes virbr0-nic
>From the above, it appears that there is only a single guest running,
and that it is connected via the br0 bridge; apparently you took this
output when neither of your dual-nic guests were running, as they should
have each attached tun devices to both guest1-lan and virbr0.
>
>
> VIRSH :
>
> virsh # net-list
> Name State Autostart
> -----------------------------------------
> guest1-lan active yes
> default active yes
>
>
> virsh # iface-list
> Name State MAC Address
> --------------------------------------------
> br0 active 00:23:7d:e0:a1:32
> guest1-lan active 00:23:7d:e0:a1:33
>
>
> iface-edit :
>
> virsh # iface-edit guest1-lan
>
> <interface type='bridge' name='guest1-lan'>
> <start mode='onboot'/>
> <bridge delay='1'>
> <interface type='vlan' name='em2.620'>
> <vlan tag='620'>
> <interface name='em2'/>
> </vlan>
> </interface>
> </bridge>
> </interface>
>
> ------------------------------------------------------------------
>
> /etc/libvirt/qemu/networks
(You shouldn't be looking at/modifying the files in
/etc/libvirt/qemu/networks directly. Instead, use "virsh net-dumpxml
guest1-lan" (for example) to look at the network config, and "virsh
net-edit guest1-lan" to modify it.)
>
> cat guest1-lan.xml
> <network>
> <name>guest1-lan</name>
> <uuid>a12747ec-21c9-0d21-ab06-064ba204bc52</uuid>
> <forward mode='bridge' dev="br0"/>
> <bridge name='guest1-lan' />
> <ip address='192.168.0.1' netmask='255.255.255.0'>
> <dhcp>
> <range start='192.168.0.2' end='192.168.0.254' />
> </dhcp>
> </ip>
Any network with <forward mode='bridge'...> is an "unmanaged" network
from libvirt's POV, and thus the <ip> element and all its subelements
are ignored. If you use <forward mode='bridge'> then libvirt assumes
that the bridge device is already configured by the base OS config.
As of libvirt-1.0.1, attempts to define an <ip> element in a network
with <forward mode='bridge'> are flagged as an error. (It would be
helpful in future reports if you indicate your 1) libvirt version, 2)
qemu version, 3) distro and version, 4) kernel version. Although not
always applicable, sometime it can help in framing the issue.
> </network>
>
>
> cat default.xml
>
> <network>
> <name>default</name>
> <uuid>8778244b-1a0c-c15f-c348-26462a07a639</uuid>
> <forward mode='nat'/>
> <bridge name='virbr0' stp='on' delay='0' />
> <mac address='52:54:00:3E:19:B3'/>
> <ip address='192.168.122.1' netmask='255.255.255.0'>
> <dhcp>
> <range start='192.168.122.2' end='192.168.122.254' />
> </dhcp>
> </ip>
> </network>
>
> any guidance will be appriciated
Since you're defining a vlan tag, I assume that the physical network
attached to your host's em2 is actually using vlan 620? If not, and you
just need a network that's private to your guests and the host, I would
recommend simply defining a libvirt network with no <forward> element at
all. This network *will* be managed by libvirt, so libvirt will create a
bridge and give it an IP address, as well as running a dnsmasq instance
to serve up IP addresses to guests, but the guests won't be able to get
traffic anywhere beyond that bridge via their interface connected to the
bridge.
If you *are* using vlan 620 on the physical network, then you'll need to
setup some other dhcp server somewhere on that network (either run a
system instance of dnsmasq on the host that listens on em2.620, or run
dnsmasq or dhcpd on some other physical host or guest that listens on
its own vlan-tagged interface).
More information about the libvirt-users
mailing list