AW: debian 10, vm cant connect to the host bridge

Schuldei, Andreas andreas.schuldei at th-luebeck.de
Mon Sep 7 07:34:44 UTC 2020 

I should have what i want to achive.


The server is intended as a host for VMs. Our network has multiple VLANs, and the VMs will be connected to different VLANS. The interface eno1 is for host traffic and eno2 is connected to the trunk port of the switch, making the different VLANS availabel to the VMs via the br0. I want to use a VLAN-aware br0, so that I specify in my VM config (on the host side) which VM connects to which VLAN.


is it true that br0 and eno2 need to have the same mac?


Someone suggested br0 needed an IP - is that generally true? The bridge is connected to different VLANS (and to different subnets) and would need several IPs. I would have expected the NICs of the VMs to get the IPs and the br0 to be level3 transparent.

________________________________
Von: Schuldei, Andreas
Gesendet: Sonntag, 6. September 2020 16:13:23
An: libvirt-users at redhat.com
Betreff: debian 10, vm cant connect to the host bridge


This is my system info:

Debian Release: 10.5
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.4.60-1-pve (SMP w/16 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Libvirt version 5.0.0
 qemu
Version: 1:3.1+dfsg-8+deb10u7

I try to get the filtering bridge to work.

This is the host, with the br0 that is connected to a trunked port

================================
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 34:48:ed:f0:a9:e8 brd ff:ff:ff:ff:ff:ff
    inet 10.12.0.13/24 brd 10.12.0.255 scope global eno1
       valid_lft forever preferred_lft forever
    inet6 fe80::3648:edff:fef0:a9e8/64 scope link
       valid_lft forever preferred_lft forever
3: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
    link/ether 34:48:ed:f0:a9:e9 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::3648:edff:fef0:a9e9/64 scope link
       valid_lft forever preferred_lft forever
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether e6:67:7b:87:b5:ca brd ff:ff:ff:ff:ff:ff
    inet6 fe80::e467:7bff:fe87:b5ca/64 scope link
       valid_lft forever preferred_lft forever
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:2b:e3:f7 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
6: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:2b:e3:f7 brd ff:ff:ff:ff:ff:ff
19: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:fc:ea:e6 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc54:ff:fefc:eae6/64 scope link
       valid_lft forever preferred_lft forever

===================
 bridge vlan show
port    vlan ids
eno2     4
         7
         221
         800

br0     None
virbr0   1 PVID Egress Untagged

virbr0-nic       1 PVID Egress Untagged

vnet0    800
==================

however the mac does not show up when i do

==================
brctl showmacs br0
==================

so vnet0 does not yet communicate with the bridge

inside the vm:

=============================
ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:fc:ea:e6 brd ff:ff:ff:ff:ff:ff
    inet 195.37.235.121/26 brd 195.37.235.127 scope global enp1s0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fefc:eae6/64 scope link
       valid_lft forever preferred_lft forever
===============================

and

===========
ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
>From 195.37.235.121 icmp_seq=1 Destination Host Unreachable
>From 195.37.235.121 icmp_seq=2 Destination Host Unreachable
==============

The mac address of vnet0 and enp1s0 is the same. That means they are the same entity. yay!

The XML describing the network part of the VM is here:

=====================
    <interface type='bridge'>
      <mac address='52:54:00:29:b6:e0'/>
      <source bridge='br0'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
    </interface>
=======================


what could be the problem?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20200907/bb1ed285/attachment.htm>

More information about the libvirt-users mailing list