10:34 a.m.
hello all,
I have been trying to set-up bridged network with VLAN and not able to
succeed as many tutorials address only single NIC.
I am trying to setup 2 guests (backtrack instance) each guest has NIC1 and
NIC2. following is snippet for guest1
I am not able to get 192.168.0.2 address back on guest eth0.
VIRT-MANAGER GUI :
guest1-lan details radio button
left side panel
NIC1 ------------------> Virtual Network Interface
Source Device : Virtual Network "default" NAT
Device Model : Hypervisor default
MAc Address : xxxxxxxxxxxxxx
NIC2 ------------------> Virtual Network Interface
Source Device : Specify Shared Device Name
Bridge name : guest1-lan
Device Model : virto
MAc Address : xxxxxxxxxxxxxx
HOST MACHINE :
brctl show has br0 for bridge
and virbr0 with 192.168.122.x address (created by default virtual network
NAT)
/etc/sysconfig/network-scripts/
1) Bridge BR0 (cat ifcfg-br0)
DEVICE="br0"
TYPE="Bridge"
ONBOOT="yes"
NM_CONTROLLED="no"
BOOTPROTO="static"
IPADDR="xx.xx.xx.xx"
NETMASK="255.255.254.0"
GATEWAY="xx.xx.xx.xx"
DNS1="x.y.z.s"
DNS2="x.y.q.s"
2) cat ifcfg-em1
NM_CONTROLLED="yes"
HWADDR="02:12D:E2:B1:32"
BOOTPROTO="static"
DEVICE="em1"
BRIDGE="br0"
ONBOOT="yes"
3) ifcfg-em2
NM_CONTROLLED="yes"
HWADDR="02:24:7e:d0:b1:42"
BOOTPROTO="static"
DEVICE="em2"
ONBOOT="yes"
4) THIS IS GUEST (cat ifcfg-guest1-lan)
DEVICE=guest1-lan
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=static
DELAY=1
5) GUEST VLAN (cat ifcfg-em2.620)
DEVICE=em2.620
VLAN=yes
ONBOOT=yes
BRIDGE=guest1-lan
BRCTL Show Command :
br0 8000.00237de0a132 no em1
vnet0
guest1-lan 8000.00237de0a133 no em2.620
virbr0 8000.5254003e19b3 yes virbr0-nic
VIRSH :
virsh # net-list
Name State Autostart
-----------------------------------------
guest1-lan active yes
default active yes
virsh # iface-list
Name State MAC Address
--------------------------------------------
br0 active 00:23:7d:e0:a1:32
guest1-lan active 00:23:7d:e0:a1:33
iface-edit :
virsh # iface-edit guest1-lan
<interface type='bridge' name='guest1-lan'>
<start mode='onboot'/>
<bridge delay='1'>
<interface type='vlan' name='em2.620'>
<vlan tag='620'>
<interface name='em2'/>
</vlan>
</interface>
</bridge>
</interface>
------------------------------------------------------------------
/etc/libvirt/qemu/networks
cat guest1-lan.xml
<network>
<name>guest1-lan</name>
<uuid>a12747ec-21c9-0d21-ab06-064ba204bc52</uuid>
<forward mode='bridge' dev="br0"/>
<bridge name='guest1-lan' />
<ip address='192.168.0.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.0.2' end='192.168.0.254' />
</dhcp>
</ip>
</network>
cat default.xml
<network>
<name>default</name>
<uuid>8778244b-1a0c-c15f-c348-26462a07a639</uuid>
<forward mode='nat'/>
<bridge name='virbr0' stp='on' delay='0' />
<mac address='52:54:00:3E:19:B3'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254' />
</dhcp>
</ip>
</network>
any guidance will be appriciated
regards
dan
4:19 a.m.
(There is no need or advantage to Cc'ing individuals who are already
subscribed to the mailing list.)
On 10/28/2013 05:34 PM, Dan Sa wrote:
hello all,
I have been trying to set-up bridged network with VLAN and not able to
succeed as many tutorials address only single NIC.
I am trying to setup 2 guests (backtrack instance) each guest has NIC1
and NIC2. following is snippet for guest1
I am not able to get 192.168.0.2 address back on guest eth0.
See the comment below about <forward mode='bridge'>. you'll need some
other entity on your vlan to run a dhcp server, because libvirt won't be
doing it for you in this case.
VIRT-MANAGER GUI :
guest1-lan details radio button
left side panel
NIC1 ------------------> Virtual Network Interface
Source Device : Virtual Network "default" NAT
Device Model : Hypervisor default
MAc Address : xxxxxxxxxxxxxx
NIC2 ------------------> Virtual Network Interface
Source Device : Specify Shared Device Name
Bridge name : guest1-lan
Device Model : virto
MAc Address : xxxxxxxxxxxxxx
The output of "virsh dumpxml $guestname" is much more useful than a
transcription of the virt-manager screens.
HOST MACHINE :
brctl show has br0 for bridge
and virbr0 with 192.168.122.x address (created by default virtual
network NAT)
/etc/sysconfig/network-scripts/
1) Bridge BR0 (cat ifcfg-br0)
DEVICE="br0"
TYPE="Bridge"
ONBOOT="yes"
NM_CONTROLLED="no"
BOOTPROTO="static"
IPADDR="xx.xx.xx.xx"
NETMASK="255.255.254.0"
GATEWAY="xx.xx.xx.xx"
DNS1="x.y.z.s"
DNS2="x.y.q.s"
2) cat ifcfg-em1
NM_CONTROLLED="yes"
HWADDR="02:12D:E2:B1:32"
BOOTPROTO="static"
DEVICE="em1"
BRIDGE="br0"
ONBOOT="yes"
3) ifcfg-em2
NM_CONTROLLED="yes"
HWADDR="02:24:7e:d0:b1:42"
BOOTPROTO="static"
DEVICE="em2"
ONBOOT="yes"
4) THIS IS GUEST (cat ifcfg-guest1-lan)
I don't understand what you mean by "this is guest". It isn't a part of
the guest; it is a bridge on the host that could be *used* by a guest.
DEVICE=guest1-lan
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=static
DELAY=1
5) GUEST VLAN (cat ifcfg-em2.620)
DEVICE=em2.620
VLAN=yes
ONBOOT=yes
BRIDGE=guest1-lan
BRCTL Show Command :
br0 8000.00237de0a132 no em1
vnet0
guest1-lan 8000.00237de0a133 no em2.620
virbr0 8000.5254003e19b3 yes virbr0-nic
From the above, it appears that there is only a single guest running,
and that it is connected via the br0 bridge; apparently you took this
output when neither of your dual-nic guests were running, as they should
have each attached tun devices to both guest1-lan and virbr0.
VIRSH :
virsh # net-list
Name State Autostart
-----------------------------------------
guest1-lan active yes
default active yes
virsh # iface-list
Name State MAC Address
--------------------------------------------
br0 active 00:23:7d:e0:a1:32
guest1-lan active 00:23:7d:e0:a1:33
iface-edit :
virsh # iface-edit guest1-lan
<interface type='bridge' name='guest1-lan'>
<start mode='onboot'/>
<bridge delay='1'>
<interface type='vlan' name='em2.620'>
<vlan tag='620'>
<interface name='em2'/>
</vlan>
</interface>
</bridge>
</interface>
------------------------------------------------------------------
/etc/libvirt/qemu/networks
(You shouldn't be looking at/modifying the files in
/etc/libvirt/qemu/networks directly. Instead, use "virsh net-dumpxml
guest1-lan" (for example) to look at the network config, and "virsh
net-edit guest1-lan" to modify it.)
cat guest1-lan.xml
<network>
<name>guest1-lan</name>
<uuid>a12747ec-21c9-0d21-ab06-064ba204bc52</uuid>
<forward mode='bridge' dev="br0"/>
<bridge name='guest1-lan' />
<ip address='192.168.0.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.0.2' end='192.168.0.254' />
</dhcp>
</ip>
Any network with <forward mode='bridge'...> is an "unmanaged"
network
from libvirt's POV, and thus the <ip> element and all its subelements
are ignored. If you use <forward mode='bridge'> then libvirt assumes
that the bridge device is already configured by the base OS config.
As of libvirt-1.0.1, attempts to define an <ip> element in a network
with <forward mode='bridge'> are flagged as an error. (It would be
helpful in future reports if you indicate your 1) libvirt version, 2)
qemu version, 3) distro and version, 4) kernel version. Although not
always applicable, sometime it can help in framing the issue.
</network>
cat default.xml
<network>
<name>default</name>
<uuid>8778244b-1a0c-c15f-c348-26462a07a639</uuid>
<forward mode='nat'/>
<bridge name='virbr0' stp='on' delay='0' />
<mac address='52:54:00:3E:19:B3'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254' />
</dhcp>
</ip>
</network>
any guidance will be appriciated
Since you're defining a vlan tag, I assume that the physical network
attached to your host's em2 is actually using vlan 620? If not, and you
just need a network that's private to your guests and the host, I would
recommend simply defining a libvirt network with no <forward> element at
all. This network *will* be managed by libvirt, so libvirt will create a
bridge and give it an IP address, as well as running a dnsmasq instance
to serve up IP addresses to guests, but the guests won't be able to get
traffic anywhere beyond that bridge via their interface connected to the
bridge.
If you *are* using vlan 620 on the physical network, then you'll need to
setup some other dhcp server somewhere on that network (either run a
system instance of dnsmasq on the host that listens on em2.620, or run
dnsmasq or dhcpd on some other physical host or guest that listens on
its own vlan-tagged interface).
4041
days inactive
4043
days old
1 comments
2 participants
participants (2)
-
Dan Sa -
Laine Stump