[libvirt] libvirt: use existing network bridge
Hi, I met a problem setting up virt-manager and libvirt: I want to use an existing customized network bridge with libvirt (I need special iptables rules and a custom DHCP setup). So I created a network definition file like this: <network> <name>NAT</name> <bridge name='br-nat' /> </network> Unfortunately, I'm unable to activate this network, because libvirt tries to create the bridge `br-nat' and fails, because it already exists: # virsh net-start NAT error: Failed to start network NAT error: cannot create bridge 'br-nat': File exists I just want libvirt to attach the guest's tap devices to this existing bridge. I don't want libvirt to manage the network. Is there any chance to realize this set-up? It should work with virt-manager using the graphical wizard. Thanks! Regards Sascha
Sascha Frey wrote:
Hi,
I met a problem setting up virt-manager and libvirt:
I want to use an existing customized network bridge with libvirt (I need special iptables rules and a custom DHCP setup).
So I created a network definition file like this: <network> <name>NAT</name> <bridge name='br-nat' /> </network>
Unfortunately, I'm unable to activate this network, because libvirt tries to create the bridge `br-nat' and fails, because it already exists:
# virsh net-start NAT error: Failed to start network NAT error: cannot create bridge 'br-nat': File exists
I just want libvirt to attach the guest's tap devices to this existing bridge. I don't want libvirt to manage the network.
Is there any chance to realize this set-up? It should work with virt-manager using the graphical wizard.
Yes, just don't define a new network. To use existing bridges, you just need to edit your guest XML files to use something like: <interface type='bridge'> <mac address='00:16:3e:4a:f6:89'/> <source bridge='br0'/> </interface> Note that configured bridges should also show up in virt-manager, I believe. -- Chris Lalancette
Le lundi 19 octobre 2009 à 09:14 +0200, Chris Lalancette a écrit :
Sascha Frey wrote:
Hi,
I met a problem setting up virt-manager and libvirt:
I want to use an existing customized network bridge with libvirt (I need special iptables rules and a custom DHCP setup).
So I created a network definition file like this: <network> <name>NAT</name> <bridge name='br-nat' /> </network>
Unfortunately, I'm unable to activate this network, because libvirt tries to create the bridge `br-nat' and fails, because it already exists:
# virsh net-start NAT error: Failed to start network NAT error: cannot create bridge 'br-nat': File exists
I just want libvirt to attach the guest's tap devices to this existing bridge. I don't want libvirt to manage the network.
Is there any chance to realize this set-up? It should work with virt-manager using the graphical wizard.
Yes, just don't define a new network. To use existing bridges, you just need to edit your guest XML files to use something like:
<interface type='bridge'> <mac address='00:16:3e:4a:f6:89'/> <source bridge='br0'/> </interface>
Note that configured bridges should also show up in virt-manager, I believe.
Existing bridge shows up in virt-manager when run on the local machine. If you use a remote connection (at least qemu+ssh), you don't see it, you need to manually edit the guest XML. (btw, is this a known "problem" or a bug ?) Regards, Daniel
-- Daniel Berteaud FIREWALL-SERVICES SARL. Société de Services en Logiciels Libres Technopôle Montesquieu 33650 MARTILLAC Tel : 05 56 64 15 32 Fax : 05 56 64 15 32 Mail: daniel@firewall-services.com Web : http://www.firewall-services.com
On 10/19/2009 03:18 AM, Daniel Berteaud wrote:
Le lundi 19 octobre 2009 à 09:14 +0200, Chris Lalancette a écrit :
Sascha Frey wrote:
Hi,
I met a problem setting up virt-manager and libvirt:
I want to use an existing customized network bridge with libvirt (I need special iptables rules and a custom DHCP setup).
So I created a network definition file like this: <network> <name>NAT</name> <bridge name='br-nat' /> </network>
Unfortunately, I'm unable to activate this network, because libvirt tries to create the bridge `br-nat' and fails, because it already exists:
# virsh net-start NAT error: Failed to start network NAT error: cannot create bridge 'br-nat': File exists
I just want libvirt to attach the guest's tap devices to this existing bridge. I don't want libvirt to manage the network.
Is there any chance to realize this set-up? It should work with virt-manager using the graphical wizard.
Yes, just don't define a new network. To use existing bridges, you just need to edit your guest XML files to use something like:
<interface type='bridge'> <mac address='00:16:3e:4a:f6:89'/> <source bridge='br0'/> </interface>
Note that configured bridges should also show up in virt-manager, I believe.
Existing bridge shows up in virt-manager when run on the local machine. If you use a remote connection (at least qemu+ssh), you don't see it, you need to manually edit the guest XML.
(btw, is this a known "problem" or a bug ?)
For a while, libvirt didn't support a way to enumerate bridge devices on a remote machine. That support now exists, but virt-manager needs to be updated to use it (nontrivial). Known issue. - Cole
Daniel Berteaud wrote: [...]
I just want libvirt to attach the guest's tap devices to this existing bridge. I don't want libvirt to manage the network.
Is there any chance to realize this set-up? It should work with virt-manager using the graphical wizard.
Yes, just don't define a new network. To use existing bridges, you just need to edit your guest XML files to use something like:
<interface type='bridge'> <mac address='00:16:3e:4a:f6:89'/> <source bridge='br0'/> </interface>
Note that configured bridges should also show up in virt-manager, I believe.
Existing bridge shows up in virt-manager when run on the local machine. If you use a remote connection (at least qemu+ssh), you don't see it, you need to manually edit the guest XML.
Bridges with physical ethernet interfaces attached are listed. Bridges with a dummy interface attached are not. I'm not sure why, but I think libvirt gets its information from HAL and HAL doesn't see these dummy interfaces. I need to set up a system, which allows a non-root user to create a virtual machine using some graphical interface. And the most important part is: we need a secure network configuration with strict packet filtering and custom DHCP setup. It doesn't seem to be possible that libvirt uses my manually defined network bridges without manual editing the guests XML files. Regards, Sascha
participants (4)
-
Chris Lalancette -
Cole Robinson -
Daniel Berteaud -
Sascha Frey