Re: Host network conflicting with guests network

On Tuesday, September 17th, 2024 at 17:27, Laine Stump laine(a)redhat.com wrote: > On 9/17/24 12:27 PM, bd730c5053df9efb via Users wrote: > > > Hi! Thanks for the reply and I'm sorry if my question wasn't clear enough. > > > > I have a network, let's say 192.168.0.0/24, and two servers 192.168.0.1 > > and 192.168.0.2. On this same network I have a wokstation, lets call it > > 192.168.0.100 which is running libvirt using qemu for the emultation. > > This workstation has a network device called br0 which has the ip > > address 192.168.0.100 and when I try to create an isolated network which > > is also on the 192.168.0.0/24 range I get an error stating that this > > range is already in use on the host. I need to be able to recreate an > > absolutely isolated network in the 192.168.0.0/24 range to be able to > > copy the servers 192.168.0.1 and 192.168.0.2 in here and perform the > > tests I need. > > > > I hope I've been able to clarify. > > Yep! That was one of my guesses, but I didn't want to assume anything :-). > > The most straightforward solution to what you're talking about requires > the libvirt network to be in a separate network namespace. This is an > idea I've thought about in the past, but haven't done anything for it, > and nobody else has either, so so it's unfortunately not supported by > libvirt (as always, patches welcome :-) > > Although... if the tests you need to perform involve having your > workstation (192.168.0.100 in your example) interact with the servers at > 192.168.0.1 & .2, then you're going to have to disconnect your > workstation from the physical network for the duration of the test anyway. > > So here's a solution if those are the parameters (and even if you just > need the two servers to communicate with each other and nothing else): > > If it's just the two test servers and the workstation that need to be > able to interact during your test, and the workstation won't need to > directly contact any other machine on the 192.168.0.0/24 network, then > you could probably rig up a solution with a small consumer router - just > insert the router in between the workstation and the real > 192.168.0.0/24 network with the "internet" side towards that network and > the "local" side plugged into the workstation, with the router > configured to do NAT and have use a local-side subnet of, say, > 192.168.1.0/24, and get a new IP address for the workstation from that > subnet (either automatically with DHCP, or by manually setting it to, > e.g. 192.168.1.100/24. then create an isolated network similar to this: > > https://www.libvirt.org/formatnetwork.html#isolated-network-config > > but with the ip address set to 192.168.0.100. Now you can configure you > test servers to connect their interface to this isolated network. > > With this setup, the workstation will still be able to get to the > internet (except for the real 192.168.0.0/24 subnet) via its > connection to the router, and also will be able to interact with the > test servers via the isolated network that you created. > > When you're done with your tests, just shutdown the to test VMs (with > their own internal shutdown command, possibly followed by "virsh > destroy" if the qemu processes aren't automatically terminated by the > shutdown) then "virsh net-destroy" the isolated network (you can leave > it defined so that it's simple to do the test again later), and plug the > workstation directly into the real network again (updating its IP > address if necessary). > > Does that make sense, or is it too much rambling? Hi Laine! Thank you very much for your answer, it does make perfect sense but my use case is much simpler. The two servers are two samba 4 ad domain controllers and I have to demote one of them remove it from the net and then add another one with the same ip address as the demoted one. All the test is between these two servers, the host workstation doesn't get involved in this test and I can't change their ip addresses. I had considered created an isolated network in the 192.168.1.0/24 address space and keep the manually set address on the servers in the 192.168.0.0/24 address space but I'm not quite sure that will work. I I needed to test a workstation I could add to the test another guest workstation also in the 192.168.0.0/24 address space, but it wont be the host. Thanks again. Best regards, Dave.