[libvirt-users] still possible to use traditional bridge network setup ?

Lentes, Bernd bernd.lentes at helmholtz-muenchen.de
Thu Mar 19 16:12:26 UTC 2015


Laine wrote:


> -----Original Message-----
> From: sendmail [mailto:justsendmailnothingelse at gmail.com] On Behalf
> Of Laine Stump
> Sent: Tuesday, March 17, 2015 3:57 PM
> To: libvirt-users at redhat.com
> Cc: Lentes, Bernd
> Subject: Re: [libvirt-users] still possible to use traditional bridge network
> setup ?
>
> On 03/16/2015 01:07 PM, Lentes, Bernd wrote:
> > Bernd wrote:
> >
> >> Laine wrote:
> >>
> >>> -----Original Message-----
> >>> From: sendmail [mailto:justsendmailnothingelse at gmail.com] On
> >> Behalf Of
> >>> Laine Stump
> >>> Sent: Monday, March 16, 2015 4:12 PM
> >>> To: libvirt-users at redhat.com
> >>> Cc: Lentes, Bernd
> >>> Subject: Re: [libvirt-users] still possible to use traditional
> >>> bridge network setup ?
> >>>
> >>> On 03/16/2015 10:08 AM, Lentes, Bernd wrote:
> >>>> Hi,
> >>>>
> >>>> i'm currently installing a SLES 12 64bit system.
> >>>> libvirt-client-1.2.5-
> >>> 13.3.x86_64 and libvirt-daemon-1.2.5-13.3.x86_64.
> >>>> Formerly I created my vm's (KVM) using a traditional bridge in my
> >>>> host
> >>> systems, mostly SLES 11 SP3.
> >>>> But with SLES 12 I don't succeed. I can use the macvtap device in
> >>>> the
> >>> host, but I like to be able to communicate between host and guest.
> >>>> Is the traditional bridge setup not any longer available ?
> >>> Nothing has been removed in libvirt. Traditional bridges work just
> fine.
> >>> What failure did you see?
> >> Hi Laine,
> >>
> >> thank you for your answer. Well, it simply does not work:
> >>
> >> this is my setup:
> >>
> >> pc63422:/etc/sysconfig/network # cat ifcfg-br0 BOOTPROTO='dhcp4'
> >> TYPE='Bridge'
> >> BRIDGE='yes'
> >> DEVICE='br0'
> >> BRIDGE_FORWARDDELAY='0'
> >> BRIDGE_PORTS='eth0'
> >> BRIDGE_STP='off'
> >> BROADCAST=''
> >> DHCLIENT_SET_DEFAULT_ROUTE='yes'
> >> ETHTOOL_OPTIONS=''
> >> IPADDR=''
> >> MTU=''
> >> NAME=''
> >> NETMASK=''
> >> NETWORK=''
> >> REMOTE_IPADDR=''
> >> STARTMODE='auto'
> >> USERCONTROL='no
> >>
> >> pc63422:/etc/sysconfig/network # cat ifcfg-eth0 #
> BOOTPROTO='dhcp'
> >> BROADCAST=''
> >> ETHTOOL_OPTIONS=''
> >> IPADDR=''
> >> MTU=''
> >> NAME=''
> >> NETMASK=''
> >> NETWORK=''
> >> REMOTE_IPADDR=''
> >> STARTMODE='auto'
> >> DHCLIENT_SET_DEFAULT_ROUTE='yes'
> >> PREFIXLEN=''
> >> BOOTPROTO='static'
> >> USERCONTROL='no'
> >> BRIDGE='br0'
> >>
> >>
> >> guest.xml:
> >> ...
> >> <interface type='bridge'>
> >>       <mac address='52:54:00:37:92:b1'/>
> >>       <source bridge='br0'/>
> >>       <model type='rtl8139'/>
> >>       <address type='pci' domain='0x0000' bus='0x00' slot='0x03'
> >> function='0x0'/>
> >>     </interface>
> >> ...
> >>
> >> pc63422:/etc/sysconfig/network # ip addr
> >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state
> UNKNOWN
> >> group default
> >>     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> >>     inet 127.0.0.1/8 scope host lo
> >>        valid_lft forever preferred_lft forever
> >>     inet6 ::1/128 scope host
> >>        valid_lft forever preferred_lft forever
> >> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> pfifo_fast
> >> master br0 state UP group default qlen 1000
> >>     link/ether 78:24:af:9c:bd:a6 brd ff:ff:ff:ff:ff:ff
> >>     inet6 fe80::7a24:afff:fe9c:bda6/64 scope link
> >>        valid_lft forever preferred_lft forever
> >> 27: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> noqueue
> >> state UP group default
> >>     link/ether 78:24:af:9c:bd:a6 brd ff:ff:ff:ff:ff:ff
> >>     inet 10.35.34.115/24 brd 10.35.34.255 scope global br0
> >>        valid_lft forever preferred_lft forever
> >>     inet6 fe80::7a24:afff:fe9c:bda6/64 scope link
> >>        valid_lft forever preferred_lft forever
> >> 28: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
> >> pfifo_fast master br0 state UNKNOWN group default qlen 500
> >>     link/ether fe:54:00:37:92:b1 brd ff:ff:ff:ff:ff:ff
> >>     inet6 fe80::fc54:ff:fe37:92b1/64 scope link
> >>        valid_lft forever preferred_lft forever
> >>
> >>
> >> Attached is what I choose during creation of the vm. It's german,
> >> network source means something like "name of the shared device".
> >>
> >> I attached the host to a network hub to be able to sniff all packets.
> >> But I don't see any packet from the guest. E.g. I choosed "dhclient"
> >> after booting a knoppix cd in the guest, but no packet from the
> >> guest. Also using a windows 7 installation cd - no packet from the
> >> guest. But I see packets from the host.
> > Hi,
> >
> > using the above mentioned setup, i booted the guest using a knoppix
> cd. Inside the guest I configured the ip address statically. I can ping from
> host to guest and vice versa, but nothing else. Of course the host is able
> to connect everything, but the guest just reaches the host.
>
> I assume your dhcp server is on a different machine (since your host is
> also using dhcp on that interface), so if communication between the
> guest and the outside didn't work later, it's not going to work for dhcp
> either. The most common two causes of this symptom in a bridged setup
> are:
>
> 1) there are iptables rules in place (on the host) that prevent the traffic
> crossing the bridge, and the bridge module tunable net.bridge.bridge-nf-
> call-iptables is set to 1 (on the host). You can determine this by running:
>
>    sysctl net.bridge.bridge-nf-call-iptables
>
> If it's set to 1, set it to 0 with:
>
>    sysctl -w net.bridge.bridge-nf-call-iptables=0
>
> (Note that as of kernel 3.17 filtering of packets on the bridge isn't on by
> default any more, and a new module called br_netfilter must be loaded
> for it to take place. So if your kernel is 3.17 or newer, this probably
> *isn't* your problem)
>
> 2) the switch connecting your host to the network only allows a single (or
> particular) mac address on the port used to connect the host. If this is the
> problem, then you'll need to talk to your network administrator.

Hi Laine,

the reason was the firewall. Thanks for your tip !


Bernd


Helmholtz Zentrum München
Deutsches Forschungszentrum für Gesundheit und Umwelt (GmbH)
Ingolstädter Landstr. 1
85764 Neuherberg
www.helmholtz-muenchen.de
Aufsichtsratsvorsitzende: MinDir´in Bärbel Brumme-Bothe
Geschäftsführer: Prof. Dr. Günther Wess, Dr. Nikolaus Blum, Dr. Alfons Enhsen
Registergericht: Amtsgericht München HRB 6466
USt-IdNr: DE 129521671




More information about the libvirt-users mailing list