Network interface element not working
Laine Stump
laine at redhat.com
Tue Apr 5 02:10:51 UTC 2022
On 4/4/22 2:08 PM, Ian Pilcher wrote:
> I've added an interface element to a libvirt network, but it isn't
> working. The interface is not being added to the bridge, even after the
> system is rebooted.
That's not what the <interface> element in a <network> is used for. It's
actual use is (in my opinion) not all that useful, which has led to
people assuming other functionality for it that doesn't exist.
The *actual* use of the <interface> element is simply to add an extra
iptables rule that will drop all traffic originating from a guest and
outbound to the real network if the interface it uses for egress doesn't
match the one listed in the <interface> element. It doesn't attach this
egress interface to the network's bridge, and it doesn't modify the
next-hop routing of the traffic (which is the more common mistaken
belief of its function).
Anyway, if you want to have a bridge device that is directly attached to
a physical ethernet, then you should set up a bridge in the host OS
outside the scope of libvirt, with the physical ethernet attached to it,
and then configure your libvirt guests to use that bridge with, e.g.
<interface type='bridge'>
<source bridge='br0'/>
...
>
> # virsh net-dumpxml ocp4-net
> <network>
> <name>ocp4-net</name>
> <uuid>b5852945-9889-4d22-ba61-879125316cec</uuid>
> <forward dev='eno2' mode='nat'>
> <nat>
> <port start='1024' end='65535'/>
> </nat>
> <interface dev='eno2'/>
> </forward>
> <bridge name='virbr-ocp4' stp='on' delay='0'/>
> <mac address='52:54:00:99:99:99'/>
> <ip address='192.168.123.1' netmask='255.255.255.0'>
> </ip>
> </network>
>
> # brctl show
> bridge name bridge id STP enabled interfaces
> virbr-ocp4 8000.525400999999 yes vnet0
> virbr0 8000.525400a7ce7f yes
> virbr1 8000.52540051eb1f yes vnet1
>
> # rpm -q libvirt
> libvirt-8.0.0-2.module_el8.6.0+1087+b42c8331.x86_64
>
> Any ideas?
>
More information about the libvirt-users
mailing list