(There is no need or advantage to Cc'ing individuals who are already subscribed to the mailing list.) On 10/28/2013 05:34 PM, Dan Sa wrote:

hello all,

I have been trying to set-up bridged network with VLAN and not able to succeed as many tutorials address only single NIC.

I am trying to setup 2 guests (backtrack instance) each guest has NIC1 and NIC2. following is snippet for guest1

I am not able to get 192.168.0.2 address back on guest eth0.

See the comment below about <forward mode='bridge'>. you'll need some other entity on your vlan to run a dhcp server, because libvirt won't be doing it for you in this case.

VIRT-MANAGER GUI :

guest1-lan details radio button

left side panel

NIC1 ------------------> Virtual Network Interface Source Device : Virtual Network "default" NAT Device Model : Hypervisor default MAc Address : xxxxxxxxxxxxxx

NIC2 ------------------> Virtual Network Interface Source Device : Specify Shared Device Name Bridge name : guest1-lan Device Model : virto MAc Address : xxxxxxxxxxxxxx

The output of "virsh dumpxml $guestname" is much more useful than a transcription of the virt-manager screens.

HOST MACHINE :

brctl show has br0 for bridge and virbr0 with 192.168.122.x address (created by default virtual network NAT)

/etc/sysconfig/network-scripts/

1) Bridge BR0 (cat ifcfg-br0)

DEVICE="br0" TYPE="Bridge" ONBOOT="yes" NM_CONTROLLED="no" BOOTPROTO="static" IPADDR="xx.xx.xx.xx" NETMASK="255.255.254.0" GATEWAY="xx.xx.xx.xx" DNS1="x.y.z.s" DNS2="x.y.q.s"

2) cat ifcfg-em1 NM_CONTROLLED="yes" HWADDR="02:12D:E2:B1:32" BOOTPROTO="static" DEVICE="em1" BRIDGE="br0" ONBOOT="yes"

3) ifcfg-em2 NM_CONTROLLED="yes" HWADDR="02:24:7e:d0:b1:42" BOOTPROTO="static" DEVICE="em2" ONBOOT="yes"

4) THIS IS GUEST (cat ifcfg-guest1-lan)

I don't understand what you mean by "this is guest". It isn't a part of the guest; it is a bridge on the host that could be *used* by a guest.

DEVICE=guest1-lan TYPE=Bridge ONBOOT=yes BOOTPROTO=static DELAY=1

5) GUEST VLAN (cat ifcfg-em2.620)

DEVICE=em2.620 VLAN=yes ONBOOT=yes BRIDGE=guest1-lan

BRCTL Show Command :

br0 8000.00237de0a132 no em1 vnet0 guest1-lan 8000.00237de0a133 no em2.620 virbr0 8000.5254003e19b3 yes virbr0-nic

From the above, it appears that there is only a single guest running, and that it is connected via the br0 bridge; apparently you took this output when neither of your dual-nic guests were running, as they should have each attached tun devices to both guest1-lan and virbr0.

VIRSH :

virsh # net-list Name State Autostart ----------------------------------------- guest1-lan active yes default active yes

virsh # iface-list Name State MAC Address -------------------------------------------- br0 active 00:23:7d:e0:a1:32 guest1-lan active 00:23:7d:e0:a1:33

iface-edit :

virsh # iface-edit guest1-lan

<interface type='bridge' name='guest1-lan'> <start mode='onboot'/> <bridge delay='1'> <interface type='vlan' name='em2.620'> <vlan tag='620'> <interface name='em2'/> </vlan> </interface> </bridge> </interface>

------------------------------------------------------------------

/etc/libvirt/qemu/networks

(You shouldn't be looking at/modifying the files in /etc/libvirt/qemu/networks directly. Instead, use "virsh net-dumpxml guest1-lan" (for example) to look at the network config, and "virsh net-edit guest1-lan" to modify it.)

cat guest1-lan.xml <network> <name>guest1-lan</name> <uuid>a12747ec-21c9-0d21-ab06-064ba204bc52</uuid> <forward mode='bridge' dev="br0"/> <bridge name='guest1-lan' /> <ip address='192.168.0.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.0.2' end='192.168.0.254' /> </dhcp> </ip>

Any network with <forward mode='bridge'...> is an "unmanaged" network from libvirt's POV, and thus the <ip> element and all its subelements are ignored. If you use <forward mode='bridge'> then libvirt assumes that the bridge device is already configured by the base OS config. As of libvirt-1.0.1, attempts to define an <ip> element in a network with <forward mode='bridge'> are flagged as an error. (It would be helpful in future reports if you indicate your 1) libvirt version, 2) qemu version, 3) distro and version, 4) kernel version. Although not always applicable, sometime it can help in framing the issue.

</network>

cat default.xml

<network> <name>default</name> <uuid>8778244b-1a0c-c15f-c348-26462a07a639</uuid> <forward mode='nat'/> <bridge name='virbr0' stp='on' delay='0' /> <mac address='52:54:00:3E:19:B3'/> <ip address='192.168.122.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.122.2' end='192.168.122.254' /> </dhcp> </ip> </network>

any guidance will be appriciated

Since you're defining a vlan tag, I assume that the physical network attached to your host's em2 is actually using vlan 620? If not, and you just need a network that's private to your guests and the host, I would recommend simply defining a libvirt network with no <forward> element at all. This network *will* be managed by libvirt, so libvirt will create a bridge and give it an IP address, as well as running a dnsmasq instance to serve up IP addresses to guests, but the guests won't be able to get traffic anywhere beyond that bridge via their interface connected to the bridge. If you *are* using vlan 620 on the physical network, then you'll need to setup some other dhcp server somewhere on that network (either run a system instance of dnsmasq on the host that listens on em2.620, or run dnsmasq or dhcpd on some other physical host or guest that listens on its own vlan-tagged interface).