Re: [libvirt-users] still possible to use traditional bridge network setup ?

-----Original Message----- From: sendmail [mailto:justsendmailnothingelse@gmail.com] On Behalf Of Laine Stump Sent: Tuesday, March 17, 2015 3:57 PM To: libvirt-users(a)redhat.com Cc: Lentes, Bernd Subject: Re: [libvirt-users] still possible to use traditional bridge network setup ? On 03/16/2015 01:07 PM, Lentes, Bernd wrote: > Bernd wrote: > >> Laine wrote: >> >>> -----Original Message----- >>> From: sendmail [mailto:justsendmailnothingelse@gmail.com] On >> Behalf Of >>> Laine Stump >>> Sent: Monday, March 16, 2015 4:12 PM >>> To: libvirt-users(a)redhat.com >>> Cc: Lentes, Bernd >>> Subject: Re: [libvirt-users] still possible to use traditional >>> bridge network setup ? >>> >>> On 03/16/2015 10:08 AM, Lentes, Bernd wrote: >>>> Hi, >>>> >>>> i'm currently installing a SLES 12 64bit system. >>>> libvirt-client-1.2.5- >>> 13.3.x86_64 and libvirt-daemon-1.2.5-13.3.x86_64. >>>> Formerly I created my vm's (KVM) using a traditional bridge in my >>>> host >>> systems, mostly SLES 11 SP3. >>>> But with SLES 12 I don't succeed. I can use the macvtap device in >>>> the >>> host, but I like to be able to communicate between host and guest. >>>> Is the traditional bridge setup not any longer available ? >>> Nothing has been removed in libvirt. Traditional bridges work just fine. >>> What failure did you see? >> Hi Laine, >> >> thank you for your answer. Well, it simply does not work: >> >> this is my setup: >> >> pc63422:/etc/sysconfig/network # cat ifcfg-br0 BOOTPROTO='dhcp4' >> TYPE='Bridge' >> BRIDGE='yes' >> DEVICE='br0' >> BRIDGE_FORWARDDELAY='0' >> BRIDGE_PORTS='eth0' >> BRIDGE_STP='off' >> BROADCAST='' >> DHCLIENT_SET_DEFAULT_ROUTE='yes' >> ETHTOOL_OPTIONS='' >> IPADDR='' >> MTU='' >> NAME='' >> NETMASK='' >> NETWORK='' >> REMOTE_IPADDR='' >> STARTMODE='auto' >> USERCONTROL='no >> >> pc63422:/etc/sysconfig/network # cat ifcfg-eth0 # BOOTPROTO='dhcp' >> BROADCAST='' >> ETHTOOL_OPTIONS='' >> IPADDR='' >> MTU='' >> NAME='' >> NETMASK='' >> NETWORK='' >> REMOTE_IPADDR='' >> STARTMODE='auto' >> DHCLIENT_SET_DEFAULT_ROUTE='yes' >> PREFIXLEN='' >> BOOTPROTO='static' >> USERCONTROL='no' >> BRIDGE='br0' >> >> >> guest.xml: >> ... >> <interface type='bridge'> >> <mac address='52:54:00:37:92:b1'/> >> <source bridge='br0'/> >> <model type='rtl8139'/> >> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' >> function='0x0'/> >> </interface> >> ... >> >> pc63422:/etc/sysconfig/network # ip addr >> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN >> group default >> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 >> inet 127.0.0.1/8 scope host lo >> valid_lft forever preferred_lft forever >> inet6 ::1/128 scope host >> valid_lft forever preferred_lft forever >> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast >> master br0 state UP group default qlen 1000 >> link/ether 78:24:af:9c:bd:a6 brd ff:ff:ff:ff:ff:ff >> inet6 fe80::7a24:afff:fe9c:bda6/64 scope link >> valid_lft forever preferred_lft forever >> 27: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue >> state UP group default >> link/ether 78:24:af:9c:bd:a6 brd ff:ff:ff:ff:ff:ff >> inet 10.35.34.115/24 brd 10.35.34.255 scope global br0 >> valid_lft forever preferred_lft forever >> inet6 fe80::7a24:afff:fe9c:bda6/64 scope link >> valid_lft forever preferred_lft forever >> 28: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc >> pfifo_fast master br0 state UNKNOWN group default qlen 500 >> link/ether fe:54:00:37:92:b1 brd ff:ff:ff:ff:ff:ff >> inet6 fe80::fc54:ff:fe37:92b1/64 scope link >> valid_lft forever preferred_lft forever >> >> >> Attached is what I choose during creation of the vm. It's german, >> network source means something like "name of the shared device". >> >> I attached the host to a network hub to be able to sniff all packets. >> But I don't see any packet from the guest. E.g. I choosed "dhclient" >> after booting a knoppix cd in the guest, but no packet from the >> guest. Also using a windows 7 installation cd - no packet from the >> guest. But I see packets from the host. > Hi, > > using the above mentioned setup, i booted the guest using a knoppix cd. Inside the guest I configured the ip address statically. I can ping from host to guest and vice versa, but nothing else. Of course the host is able to connect everything, but the guest just reaches the host. I assume your dhcp server is on a different machine (since your host is also using dhcp on that interface), so if communication between the guest and the outside didn't work later, it's not going to work for dhcp either. The most common two causes of this symptom in a bridged setup are: 1) there are iptables rules in place (on the host) that prevent the traffic crossing the bridge, and the bridge module tunable net.bridge.bridge-nf- call-iptables is set to 1 (on the host). You can determine this by running: sysctl net.bridge.bridge-nf-call-iptables If it's set to 1, set it to 0 with: sysctl -w net.bridge.bridge-nf-call-iptables=0 (Note that as of kernel 3.17 filtering of packets on the bridge isn't on by default any more, and a new module called br_netfilter must be loaded for it to take place. So if your kernel is 3.17 or newer, this probably *isn't* your problem) 2) the switch connecting your host to the network only allows a single (or particular) mac address on the port used to connect the host. If this is the problem, then you'll need to talk to your network administrator.