[virt-tools-list] Bridged Network, Fedora 16 and Network Manager

Laine Stump laine at laine.org
Fri Jan 20 18:10:44 UTC 2012 

On 01/20/2012 08:54 AM, Eric Mesa wrote:
> On Fri, Jan 20, 2012 at 8:47 AM, Richard W.M. Jones <rjones at redhat.com 
> <mailto:rjones at redhat.com>> wrote:
>
>     On Thu, Jan 19, 2012 at 11:58:22PM -0500, Eric Mesa wrote:
>     > When I put the BRIDGE=br0 into my eth0, it stopped working
>     correctly.  What
>     > do I have to do to get this set up correctly?
>
>     Not much to go on.  I used the following instructions which worked
>     fine for me:
>
>     http://wiki.libvirt.org/page/Networking#Bridged_networking_.28aka_.22shared_physical_device.22.29
>
>     Rich.
>
>
> Fair enough.  Those instructions were written around the time of 
> Fedora 12 - so still no network manager support for bridging, I 
> suppose.  If you do implement those instructions, it says you have to 
> tell network manager to leave the connections alone.  Does that mean 
> you can't use the nm gui to monitor your connection?  Or just can't 
> change details about the connection from within nm?

Both. And not only that, but if the bridged interface is your only 
network connection, programs like firefox will insist that you're in 
"offline mode", because NM is telling them there are no active network 
connections.

That's one reason why you may want/need to just disable NM completely 
and enable the network service instead.

If that really is your only network connection, and it's essential that 
you keep NM enabled, there is an alternative, although it's a bit 
hackish - you can forego the bridge device and use macvtap instead (see: 
http://www.libvirt.org/formatdomain.html#elementsNICSDirect ). In this 
case, you would want to use something like this for the guest's interface:

| <interface type='direct'>
| <source dev='eth0' mode='bridge'/>
| </interface>

The "hackish" part is that, although the guests will be able to 
communicate with each other, and with the rest of the network via this 
interface, they will not be able to communicate directly with the host 
itself (this is a design limitation of macvtap in the kernel). To 
overcome this problem, you can create an isolated libvirt virtual network:

| <network>
| <name>isolated</name>
| <ip address='192.168.123.1' netmask='255.255.255.0'/>
| <dhcp>
| <range start '192.168.123.2' end='192.168.123.254'/>
| </dhcp>
| </ip>
| </network>

Put that in a file (e.g. /tmp/isolated.xml) and do the following (as root):

    # virsh net-define /tmp/isolated.xml
    # virsh net-autostart isolated
    # virsh net-start isolated

Now add a *2nd* interface to each guest:

| <interface type='network'>
| <source network='isolated'/>
| </interface>

The guests will now be able to reach the host as 192.168.123.1 (and the 
host  can reach the guests via whatever address they acquire on the 
192.168.12.0 net) via this 2nd interface, while all other traffic will 
go out via the first interface (and the macvtap connection to the host's 
eth0).

Again, only switch to this method if 1) it's essential that 
NetworkManager remain enabled, and 2) the interface you would bridge is 
the only physical interface on the host.

More information about the virt-tools-list mailing list