On Wed, Sep 17, 2025 at 3:05 PM Martin Kletzander <mkletzan@redhat.com> wrote:
On Wed, Sep 17, 2025 at 02:14:51PM +0200, Pavel Mores via Users wrote:
>Hi,
>
>I'm examining a domain that's connected to the 'default' network
>
># virsh net-dumpxml default
><network connections='1'>
>  <name>default</name>
>  <uuid>c757baa7-2b31-4794-9dfb-0df384575602</uuid>
>  <forward mode='nat'>
>    <nat>
>      <port start='1024' end='65535'/>
>    </nat>
>  </forward>
>  <bridge name='virbr0' stp='on' delay='0'/>
>  <mac address='52:54:00:37:b7:92'/>
>  <ip address='192.168.122.1' netmask='255.255.255.0'>
>    <dhcp>
>      <range start='192.168.122.2' end='192.168.122.254'/>
>    </dhcp>
>  </ip>
></network>
>

This is standard.

>using a device as follows:
>
><interface type='network'>
>  <mac address='52:54:00:ed:06:2e'/>
>  <source network='default' portid='83db8ca9-baed-47f3-ba0d-1a967ee86aa5'
>bridge='virbr0'/>
>  <target dev='vnet19'/>
>  <model type='virtio'/>
>  <alias name='net0'/>
>  <address type='pci' domain='0x0000' bus='0x00' slot='0x02'
>function='0x0'/>
></interface>
>

This looks fine.

>The domain is running but apparently without an IP address:
>
># virsh domifaddr podvm-podsandbox-totok-8f10756a
> Name       MAC address          Protocol     Address
>-------------------------------------------------------------------------------
>

This shows that libvirt does not know about any IP address.  Does adding
"--source agent", "--source arp" or "--source lease" change anything?

'arp' and 'lease' don't but

# virsh domifaddr --source agent podvm-podsandbox-totok-8f10756a
error: Failed to query for interfaces addresses
error: argument unsupported: QEMU guest agent is not configured

This is surprising to me since this is a peer pods setup where the domain
in question is a podvm running an image which I was told does have
the qemu agent running.

However the agent shouldn't be necessary for IP address acquisition I guess,
right?

>The requisite host-side interfaces look good (to me anyway :-)):
>
>10: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb state UP
>group default qlen 1000
>    link/ether 52:54:00:37:b7:92 brd ff:ff:ff:ff:ff:ff
>    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
>       valid_lft forever preferred_lft forever
>[...]
>35: vnet19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master
>virbr0 state UNKNOWN group default qlen 1000
>    link/ether fe:54:00:ed:06:2e brd ff:ff:ff:ff:ff:ff
>    inet6 fe80::fc54:ff:feed:62e/64 scope link proto kernel_ll
>       valid_lft forever preferred_lft forever
>
>I can share more information about the setup if necessary but I'll stop
>here for now since I feel this must be just a simple stupid oversight on my
>part.  Please let me know if you'd like to have additional info.
>

When this happens to me sometimes, it's most often a firewall issue and
the VM does not get any IP address or cannot communicate outside its
network.

I've seen a firewall suggested as a possible culprit, yes, however I don't quite
know what it should look like.  iptables appear unconfigured:

# iptables -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination        

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination        

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination        

`nft list ruleset` lists only rules that look managed by libvirt itself(*).  At any
rate the host machine has no specific hand-configured firewall that I know of.
 
What it can be here is that there are some access issues to the dnsmasq
lease file.

What's in your /var/lib/libvirt/dnsmasq/virbr0.status file on the host?

It's empty.

Thanks Martin!
pvl
 
(*) # nft list ruleset
table ip libvirt_network {
chain forward {
type filter hook forward priority filter; policy accept;
counter packets 85854914 bytes 398726525237 jump guest_cross
counter packets 85854914 bytes 398726525237 jump guest_input
counter packets 34777368 bytes 3386943972 jump guest_output
}

chain guest_output {
ip saddr 192.168.12.0/24 iif "openshift-412" counter packets 0 bytes 0 accept
iif "openshift-412" counter packets 0 bytes 0 reject
ip saddr 192.168.19.0/24 iif "openshift-419" counter packets 0 bytes 0 accept
iif "openshift-419" counter packets 0 bytes 0 reject
ip saddr 192.168.16.0/24 iif "openshift-416" counter packets 0 bytes 0 accept
iif "openshift-416" counter packets 0 bytes 0 reject
ip saddr 192.168.15.0/24 iif "openshift-415" counter packets 0 bytes 0 accept
iif "openshift-415" counter packets 0 bytes 0 reject
ip saddr 192.168.13.0/24 iif "openshift-413" counter packets 0 bytes 0 accept
iif "openshift-413" counter packets 0 bytes 0 reject
ip saddr 192.168.122.0/24 iif "virbr0" counter packets 0 bytes 0 accept
iif "virbr0" counter packets 0 bytes 0 reject
ip saddr 192.168.17.0/24 iif "openshift-417" counter packets 0 bytes 0 accept
iif "openshift-417" counter packets 0 bytes 0 reject
ip saddr 192.168.14.0/24 iif "openshift-414" counter packets 0 bytes 0 accept
iif "openshift-414" counter packets 0 bytes 0 reject
ip saddr 192.168.11.0/24 iif "openshift-411" counter packets 0 bytes 0 accept
iif "openshift-411" counter packets 0 bytes 0 reject
ip saddr 192.168.18.0/24 iif "openshift-418" counter packets 34777368 bytes 3386943972 accept
iif "openshift-418" counter packets 0 bytes 0 reject
}

chain guest_input {
oif "openshift-412" ip daddr 192.168.12.0/24 ct state established,related counter packets 0 bytes 0 accept
oif "openshift-412" counter packets 0 bytes 0 reject
oif "openshift-419" ip daddr 192.168.19.0/24 ct state established,related counter packets 0 bytes 0 accept
oif "openshift-419" counter packets 0 bytes 0 reject
oif "openshift-416" ip daddr 192.168.16.0/24 ct state established,related counter packets 0 bytes 0 accept
oif "openshift-416" counter packets 0 bytes 0 reject
oif "openshift-415" ip daddr 192.168.15.0/24 ct state established,related counter packets 0 bytes 0 accept
oif "openshift-415" counter packets 0 bytes 0 reject
oif "openshift-413" ip daddr 192.168.13.0/24 ct state established,related counter packets 0 bytes 0 accept
oif "openshift-413" counter packets 0 bytes 0 reject
oif "virbr0" ip daddr 192.168.122.0/24 ct state established,related counter packets 0 bytes 0 accept
oif "virbr0" counter packets 0 bytes 0 reject
oif "openshift-417" ip daddr 192.168.17.0/24 ct state established,related counter packets 0 bytes 0 accept
oif "openshift-417" counter packets 0 bytes 0 reject
oif "openshift-414" ip daddr 192.168.14.0/24 ct state established,related counter packets 0 bytes 0 accept
oif "openshift-414" counter packets 0 bytes 0 reject
oif "openshift-411" ip daddr 192.168.11.0/24 ct state established,related counter packets 0 bytes 0 accept
oif "openshift-411" counter packets 0 bytes 0 reject
oif "openshift-418" ip daddr 192.168.18.0/24 ct state established,related counter packets 51077546 bytes 395339581265 accept
oif "openshift-418" counter packets 0 bytes 0 reject
}

chain guest_cross {
iif "openshift-412" oif "openshift-412" counter packets 0 bytes 0 accept
iif "openshift-419" oif "openshift-419" counter packets 0 bytes 0 accept
iif "openshift-416" oif "openshift-416" counter packets 0 bytes 0 accept
iif "openshift-415" oif "openshift-415" counter packets 0 bytes 0 accept
iif "openshift-413" oif "openshift-413" counter packets 0 bytes 0 accept
iif "virbr0" oif "virbr0" counter packets 0 bytes 0 accept
iif "openshift-417" oif "openshift-417" counter packets 0 bytes 0 accept
iif "openshift-414" oif "openshift-414" counter packets 0 bytes 0 accept
iif "openshift-411" oif "openshift-411" counter packets 0 bytes 0 accept
iif "openshift-418" oif "openshift-418" counter packets 0 bytes 0 accept
}

chain guest_nat {
type nat hook postrouting priority srcnat; policy accept;
ip saddr 192.168.12.0/24 ip daddr 224.0.0.0/24 counter packets 50 bytes 3675 return
ip saddr 192.168.12.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0 return
meta l4proto tcp ip saddr 192.168.12.0/24 ip daddr != 192.168.12.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
meta l4proto udp ip saddr 192.168.12.0/24 ip daddr != 192.168.12.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
ip saddr 192.168.12.0/24 ip daddr != 192.168.12.0/24 counter packets 0 bytes 0 masquerade
ip saddr 192.168.19.0/24 ip daddr 224.0.0.0/24 counter packets 50 bytes 3675 return
ip saddr 192.168.19.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0 return
meta l4proto tcp ip saddr 192.168.19.0/24 ip daddr != 192.168.19.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
meta l4proto udp ip saddr 192.168.19.0/24 ip daddr != 192.168.19.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
ip saddr 192.168.19.0/24 ip daddr != 192.168.19.0/24 counter packets 0 bytes 0 masquerade
ip saddr 192.168.16.0/24 ip daddr 224.0.0.0/24 counter packets 50 bytes 3675 return
ip saddr 192.168.16.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0 return
meta l4proto tcp ip saddr 192.168.16.0/24 ip daddr != 192.168.16.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
meta l4proto udp ip saddr 192.168.16.0/24 ip daddr != 192.168.16.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
ip saddr 192.168.16.0/24 ip daddr != 192.168.16.0/24 counter packets 0 bytes 0 masquerade
ip saddr 192.168.15.0/24 ip daddr 224.0.0.0/24 counter packets 50 bytes 3675 return
ip saddr 192.168.15.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0 return
meta l4proto tcp ip saddr 192.168.15.0/24 ip daddr != 192.168.15.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
meta l4proto udp ip saddr 192.168.15.0/24 ip daddr != 192.168.15.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
ip saddr 192.168.15.0/24 ip daddr != 192.168.15.0/24 counter packets 0 bytes 0 masquerade
ip saddr 192.168.13.0/24 ip daddr 224.0.0.0/24 counter packets 50 bytes 3675 return
ip saddr 192.168.13.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0 return
meta l4proto tcp ip saddr 192.168.13.0/24 ip daddr != 192.168.13.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
meta l4proto udp ip saddr 192.168.13.0/24 ip daddr != 192.168.13.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
ip saddr 192.168.13.0/24 ip daddr != 192.168.13.0/24 counter packets 0 bytes 0 masquerade
ip saddr 192.168.122.0/24 ip daddr 224.0.0.0/24 counter packets 50 bytes 3676 return
ip saddr 192.168.122.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0 return
meta l4proto tcp ip saddr 192.168.122.0/24 ip daddr != 192.168.122.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
meta l4proto udp ip saddr 192.168.122.0/24 ip daddr != 192.168.122.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
ip saddr 192.168.122.0/24 ip daddr != 192.168.122.0/24 counter packets 0 bytes 0 masquerade
ip saddr 192.168.17.0/24 ip daddr 224.0.0.0/24 counter packets 50 bytes 3675 return
ip saddr 192.168.17.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0 return
meta l4proto tcp ip saddr 192.168.17.0/24 ip daddr != 192.168.17.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
meta l4proto udp ip saddr 192.168.17.0/24 ip daddr != 192.168.17.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
ip saddr 192.168.17.0/24 ip daddr != 192.168.17.0/24 counter packets 0 bytes 0 masquerade
ip saddr 192.168.14.0/24 ip daddr 224.0.0.0/24 counter packets 50 bytes 3675 return
ip saddr 192.168.14.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0 return
meta l4proto tcp ip saddr 192.168.14.0/24 ip daddr != 192.168.14.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
meta l4proto udp ip saddr 192.168.14.0/24 ip daddr != 192.168.14.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
ip saddr 192.168.14.0/24 ip daddr != 192.168.14.0/24 counter packets 0 bytes 0 masquerade
ip saddr 192.168.11.0/24 ip daddr 224.0.0.0/24 counter packets 50 bytes 3675 return
ip saddr 192.168.11.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0 return
meta l4proto tcp ip saddr 192.168.11.0/24 ip daddr != 192.168.11.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
meta l4proto udp ip saddr 192.168.11.0/24 ip daddr != 192.168.11.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
ip saddr 192.168.11.0/24 ip daddr != 192.168.11.0/24 counter packets 0 bytes 0 masquerade
ip saddr 192.168.18.0/24 ip daddr 224.0.0.0/24 counter packets 50 bytes 3675 return
ip saddr 192.168.18.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0 return
meta l4proto tcp ip saddr 192.168.18.0/24 ip daddr != 192.168.18.0/24 counter packets 826568 bytes 49594080 masquerade to :1024-65535
meta l4proto udp ip saddr 192.168.18.0/24 ip daddr != 192.168.18.0/24 counter packets 160312 bytes 12186128 masquerade to :1024-65535
ip saddr 192.168.18.0/24 ip daddr != 192.168.18.0/24 counter packets 0 bytes 0 masquerade
}
}
table ip6 libvirt_network {
chain forward {
type filter hook forward priority filter; policy accept;
counter packets 0 bytes 0 jump guest_cross
counter packets 0 bytes 0 jump guest_input
counter packets 0 bytes 0 jump guest_output
}

chain guest_output {
}

chain guest_input {
}

chain guest_cross {
}

chain guest_nat {
type nat hook postrouting priority srcnat; policy accept;
}
}