debian 10, vm cant connect to the host bridge

Schuldei, Andreas andreas.schuldei at th-luebeck.de
Sun Sep 6 14:13:23 UTC 2020 

This is my system info:

Debian Release: 10.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.4.60-1-pve (SMP w/16 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Libvirt version 5.0.0
 qemu
Version: 1:3.1+dfsg-8+deb10u7

I try to get the filtering bridge to work.

This is the host, with the br0 that is connected to a trunked port

================================
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 34:48:ed:f0:a9:e8 brd ff:ff:ff:ff:ff:ff
    inet 10.12.0.13/24 brd 10.12.0.255 scope global eno1
       valid_lft forever preferred_lft forever
    inet6 fe80::3648:edff:fef0:a9e8/64 scope link
       valid_lft forever preferred_lft forever
3: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
    link/ether 34:48:ed:f0:a9:e9 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::3648:edff:fef0:a9e9/64 scope link
       valid_lft forever preferred_lft forever
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether e6:67:7b:87:b5:ca brd ff:ff:ff:ff:ff:ff
    inet6 fe80::e467:7bff:fe87:b5ca/64 scope link
       valid_lft forever preferred_lft forever
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:2b:e3:f7 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
6: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:2b:e3:f7 brd ff:ff:ff:ff:ff:ff
19: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:fc:ea:e6 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc54:ff:fefc:eae6/64 scope link
       valid_lft forever preferred_lft forever

===================
 bridge vlan show
port    vlan ids
eno2     4
         7
         221
         800

br0     None
virbr0   1 PVID Egress Untagged

virbr0-nic       1 PVID Egress Untagged

vnet0    800
==================

however the mac does not show up when i do

==================
brctl showmacs br0
==================

so vnet0 does not yet communicate with the bridge

inside the vm:

=============================
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:fc:ea:e6 brd ff:ff:ff:ff:ff:ff
    inet 195.37.235.121/26 brd 195.37.235.127 scope global enp1s0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fefc:eae6/64 scope link
       valid_lft forever preferred_lft forever
===============================

and

===========
ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
>From 195.37.235.121 icmp_seq=1 Destination Host Unreachable
>From 195.37.235.121 icmp_seq=2 Destination Host Unreachable
==============

The mac address of vnet0 and enp1s0 is the same. That means they are the same entity. yay!

The XML describing the network part of the VM is here:

=====================
    <interface type='bridge'>
      <mac address='52:54:00:29:b6:e0'/>
      <source bridge='br0'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
    </interface>
=======================


what could be the problem?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20200906/0afbf31a/attachment.htm>

More information about the libvirt-users mailing list