Discussion:
libvirt guest bridge configuration
(too old to reply)
Lucio Crusca
2020-09-18 22:20:01 UTC
Permalink
I'm trying to bridge a network interface between host and guest (both
Debian Buster+Bullseye+Sid) so that NAT is not needed.

In the host /etc/network/interfaces I've declared a bridge like this:

auto eno1
iface eno1 inet static
address 2.4.6.8
netmask 255.255.255.224
gateway 2.4.6.1
up route add -net 2.4.6.0 netmask 255.255.255.224 gw 2.4.6.1 dev eno1


auto virbr-dummy
iface virbr-dummy inet manual
pre-up /sbin/ip link add virbr-dummy type dummy
up /sbin/ip link set virbr-dummy address 52:54:00:f0:37:ba


auto virbr10
iface virbr10 inet static
bridge_ports virbr-dummy
bridge_stp on
bridge_fd 2
address 2.4.6.73
netmask 255.255.255.224
gateway 2.4.6.65
broadcast 2.4.6.95
up route add -net 2.4.6.64 netmask 255.255.255.224 gw 2.4.6.65 dev eno1

Please note that 2.4.6.x are not my real IP addresses, but I've been
really assigned 2 IP addresses and I want to use one for the host and
the other for the guest.

Until here it seems to work in that I can ping both addresses. However I
don't know how I should configure my guest VM interface. There is no
nat, no DHCP and if I specify the same IP address for the virtualized
interface as the host bridge it's connecting to, it doesn't even detect
any link.

The guest was created with:

# virt-install --network bridge=virbr10,model=virtio ...

Please help.
Dan Ritter
2020-09-18 23:00:01 UTC
Permalink
I'm trying to bridge a network interface between host and guest (both Debian
Buster+Bullseye+Sid) so that NAT is not needed.
auto eno1
iface eno1 inet static
address 2.4.6.8
netmask 255.255.255.224
gateway 2.4.6.1
up route add -net 2.4.6.0 netmask 255.255.255.224 gw 2.4.6.1 dev eno1
auto virbr-dummy
iface virbr-dummy inet manual
pre-up /sbin/ip link add virbr-dummy type dummy
up /sbin/ip link set virbr-dummy address 52:54:00:f0:37:ba
auto virbr10
iface virbr10 inet static
bridge_ports virbr-dummy
bridge_stp on
bridge_fd 2
address 2.4.6.73
netmask 255.255.255.224
gateway 2.4.6.65
broadcast 2.4.6.95
up route add -net 2.4.6.64 netmask 255.255.255.224 gw 2.4.6.65 dev eno1
auto eno1
iface eno1 manual

auto virbr10
iface virb10 inet static
bridge_ports eno1
bridge_stp off
address 2.4.6.8
netmask 255.255.255.224
gateway 2.4.6.1

the bridge eats the eno1 interface.

The virtual machine setup should add a new bridge_port to the
bridge when it comes up, and remove it when it comes down.

Now the virtual machine interfaces can be on the same network
as the bridge is.

No need for a virbr-dummy.

-dsr-
Lucio Crusca
2020-09-19 06:30:01 UTC
Permalink
Post by Lucio Crusca
auto eno1
iface eno1 manual
auto virbr10
iface virb10 inet static
bridge_ports eno1
bridge_stp off
address 2.4.6.8
netmask 255.255.255.224
gateway 2.4.6.1
the bridge eats the eno1 interface.
Using that configuration it actually brings up eno1 with the correct IP
address, but I have no bridge at all:

# ifconfig -a
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 2.4.6.8 netmask 255.255.255.224 broadcast 2.4.6.31
[...]

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
[...]

# brctl show
#

I'm puzzled: how does it manage to work if there's no bridge at all?
Fabien Roucaute
2020-09-19 08:10:01 UTC
Permalink
Post by Lucio Crusca
Post by Lucio Crusca
auto eno1
iface eno1 manual
auto virbr10
iface virb10 inet static
   bridge_ports eno1
   bridge_stp off
   address 2.4.6.8
   netmask 255.255.255.224
   gateway 2.4.6.1
the bridge eats the eno1 interface.
Using that configuration it actually brings up eno1 with the correct IP
# ifconfig -a
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 2.4.6.8  netmask 255.255.255.224  broadcast 2.4.6.31
        [...]
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        [...]
# brctl show
#
I'm puzzled: how does it manage to work if there's no bridge at all?
eno1 still has an IP address, try to shut it down and up with 'ifdown
eno1;ifup eno1' and see if it still have an IP.
Reco
2020-09-19 08:20:01 UTC
Permalink
Hi.
Post by Fabien Roucaute
Post by Lucio Crusca
Post by Lucio Crusca
auto eno1
iface eno1 manual
auto virbr10
iface virb10 inet static
   bridge_ports eno1
   bridge_stp off
   address 2.4.6.8
   netmask 255.255.255.224
   gateway 2.4.6.1
the bridge eats the eno1 interface.
Using that configuration it actually brings up eno1 with the correct IP
# ifconfig -a
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 2.4.6.8  netmask 255.255.255.224  broadcast 2.4.6.31
        [...]
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        [...]
# brctl show
#
I'm puzzled: how does it manage to work if there's no bridge at all?
eno1 still has an IP address, try to shut it down and up with 'ifdown
eno1;ifup eno1' and see if it still have an IP.
It won't do anything since now /etc/network/interfaces does not contain an
IP for eno1.

What's actually needed is

ip addr del dev eno1 2.4.6.8/27

Similar thing needs to be done for the routing table.

Reco
Lucio Crusca
2020-09-19 08:30:01 UTC
Permalink
Post by Fabien Roucaute
Post by Lucio Crusca
Post by Lucio Crusca
auto eno1
iface eno1 manual
auto virbr10
iface virb10 inet static
   bridge_ports eno1
   bridge_stp off
   address 2.4.6.8
   netmask 255.255.255.224
   gateway 2.4.6.1
the bridge eats the eno1 interface.
Using that configuration it actually brings up eno1 with the correct IP
# ifconfig -a
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 2.4.6.8  netmask 255.255.255.224  broadcast 2.4.6.31
        [...]
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        [...]
# brctl show
#
I'm puzzled: how does it manage to work if there's no bridge at all?
eno1 still has an IP address, try to shut it down and up with 'ifdown
eno1;ifup eno1' and see if it still have an IP.
Sorry, I forgot to mention the situation above is what I get after reboot.
Fabien Roucaute
2020-09-19 08:50:02 UTC
Permalink
Post by Lucio Crusca
Post by Fabien Roucaute
Post by Lucio Crusca
Post by Lucio Crusca
auto eno1
iface eno1 manual
auto virbr10
iface virb10 inet static
    bridge_ports eno1
    bridge_stp off
    address 2.4.6.8
    netmask 255.255.255.224
    gateway 2.4.6.1
the bridge eats the eno1 interface.
Using that configuration it actually brings up eno1 with the correct IP
# ifconfig -a
eno1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
         inet 2.4.6.8  netmask 255.255.255.224  broadcast 2.4.6.31
         [...]
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
         inet 127.0.0.1  netmask 255.0.0.0
         [...]
# brctl show
#
I'm puzzled: how does it manage to work if there's no bridge at all?
eno1 still has an IP address, try to shut it down and up with 'ifdown
eno1;ifup eno1' and see if it still have an IP.
Sorry, I forgot to mention the situation above is what I get after reboot.
Yes, there some mistakes in your interface file:
delete the 'auto eno1' and add inet in the line beneath to get that
'iface eno1 inet manual'
Lucio Crusca
2020-09-19 12:40:03 UTC
Permalink
Post by Fabien Roucaute
delete the 'auto eno1' and add inet in the line beneath to get that
'iface eno1 inet manual'
After fixing those mistakes and rebooting, the system is not reachable
anymore. Unfortunately I can only reboot it with a live system, but I
can't look at it while it runs on that config from remote to tell what's
wrong with the configuration you suggested.
Fabien Roucaute
2020-09-19 13:30:01 UTC
Permalink
Post by Lucio Crusca
After fixing those mistakes and rebooting, the system is not reachable
anymore. Unfortunately I can only reboot it with a live system, but I
can't look at it while it runs on that config from remote to tell what's
wrong with the configuration you suggested.
Well sorry, I didn't know you were working on it via the net.
Did you set the firewall (iptables or nftables)?
I have no idea how you can fix the issue without having access to a
console now though.
Lucio Crusca
2020-09-19 14:10:02 UTC
Permalink
Post by Fabien Roucaute
Well sorry, I didn't know you were working on it via the net.
Did you set the firewall (iptables or nftables)?
No firewall at all.
Post by Fabien Roucaute
I have no idea how you can fix the issue without having access to a
console now though.
I can actually have a console access over IP via a Lantiq console, but I
have to know in advance what to do with that, because it's billed per
hour of use. So, if you know how what I should check when it does not
work, you can assume there is a console and explain to me what to do.
Fabien Roucaute
2020-09-19 14:50:02 UTC
Permalink
Post by Lucio Crusca
I can actually have a console access over IP via a Lantiq console, but I
have to know in advance what to do with that, because it's billed per
hour of use. So, if you know how what I should check when it does not
work, you can assume there is a console and explain to me what to do.
Need the output of 'systemctl status networking.service' and 'ip a', and
the complete text of /etc/network/interface (with the public IPs
anonymized) and if it exists the content of the files in
/etc/network/interface.d/
Lucio Crusca
2020-09-20 10:10:02 UTC
Permalink
Post by Fabien Roucaute
Need the output of 'systemctl status networking.service'
Using the console I could find the culprit: the datacenter uses ethernet
switches that filter MAC addresses, so I had to set the virbr10 mac
address to the same as eno1 interface. It now works with this
configuration (those are not the real IP addresses):


iface eno1 inet manual

auto virbr10
iface virbr10 inet static
bridge_ports eno1
bridge_stp off
bridge_fd 0
bridge_waitport 0
address 2.4.6.8
netmask 255.255.255.224
gateway 2.4.6.1
post-up /usr/sbin/ip link set virbr10 address 0c:c4:7a:00:36:06

and similar configuration is in place in the guest for its
virtio-emulated network interface card.
Lucas Castro
2020-09-21 18:20:01 UTC
Permalink
Post by Lucio Crusca
Post by Fabien Roucaute
Need the output of 'systemctl status networking.service'
Using the console I could find the culprit: the datacenter uses
ethernet switches that filter MAC addresses, so I had to set the
virbr10 mac address to the same as eno1 interface. It now works with
iface eno1 inet manual
auto virbr10
iface virbr10 inet static
    bridge_ports eno1
    bridge_stp off
    bridge_fd 0
    bridge_waitport 0
    address 2.4.6.8
    netmask 255.255.255.224
    gateway 2.4.6.1
    post-up /usr/sbin/ip link set virbr10 address 0c:c4:7a:00:36:06
and similar configuration is in place in the guest for its
virtio-emulated network interface card.
But there is no need to attach  physical interface just for a host and
guest network.

"bridge_ports none" should set a bridge without physical attachment and
you get a interface for host and guest networking.
--
Lucas Castro
Kamil Jońca
2020-09-19 07:20:01 UTC
Permalink
Post by Lucio Crusca
I'm trying to bridge a network interface between host and guest (both
Debian Buster+Bullseye+Sid) so that NAT is not needed.
auto eno1
iface eno1 inet static
address 2.4.6.8
netmask 255.255.255.224
gateway 2.4.6.1
up route add -net 2.4.6.0 netmask 255.255.255.224 gw 2.4.6.1 dev eno1
auto virbr-dummy
iface virbr-dummy inet manual
pre-up /sbin/ip link add virbr-dummy type dummy
up /sbin/ip link set virbr-dummy address 52:54:00:f0:37:ba
auto virbr10
iface virbr10 inet static
bridge_ports virbr-dummy
bridge_stp on
bridge_fd 2
address 2.4.6.73
netmask 255.255.255.224
gateway 2.4.6.65
broadcast 2.4.6.95
up route add -net 2.4.6.64 netmask 255.255.255.224 gw 2.4.6.65 dev eno1
My config:
iface qemu inet static
address 192.168.55.1
netmask 255.255.255.0
bridge_ports none

Please note "none" at bridge_ports, no need use virbr-dummy.
It is not clear to me why you manually set routing.
KJ
--
http://wolnelektury.pl/wesprzyj/teraz/
People who have what they want are very fond of telling people who haven't
what they want that they don't want it.
-- Ogden Nash
john doe
2020-09-19 16:40:02 UTC
Permalink
Post by Lucio Crusca
I'm trying to bridge a network interface between host and guest (both
Debian Buster+Bullseye+Sid) so that NAT is not needed.
If you don't incist on using /etc/network/interfaces you could also use
systemd-network:

/etc/systemd/network$ tail -n +1 *
==> br0.netdev <==
[NetDev]
Name=br0
Kind=bridge
MACAddress=<MAC-OF-INT-TO-BRIDGE>

==> br0.network <==
[Match]
Name=br0

[Network]
DHCP=yes

==> uplink.network <==
[Match]
Name=<INT-TO-BRIDGE>

[Network]
Bridge=br0


This assumes that the bridge will reseave an IP from a DHCP server.


HTH.

--
John Doe
Lucas Castro
2020-09-19 21:30:02 UTC
Permalink
Post by Lucio Crusca
I'm trying to bridge a network interface between host and guest (both
Debian Buster+Bullseye+Sid) so that NAT is not needed.
auto eno1
iface eno1 inet static
  address 2.4.6.8
  netmask 255.255.255.224
  gateway 2.4.6.1
  up route add -net 2.4.6.0 netmask 255.255.255.224 gw 2.4.6.1 dev eno1
auto virbr-dummy
iface virbr-dummy inet manual
    pre-up /sbin/ip link add virbr-dummy type dummy
    up /sbin/ip link set virbr-dummy address 52:54:00:f0:37:ba
auto virbr10
iface virbr10 inet static
    bridge_ports virbr-dummy
    bridge_stp on
    bridge_fd 2
    address 2.4.6.73
    netmask 255.255.255.224
    gateway 2.4.6.65
    broadcast 2.4.6.95
    up route add -net 2.4.6.64 netmask 255.255.255.224 gw 2.4.6.65 dev
eno1
Please note that 2.4.6.x are not my real IP addresses, but I've been
really assigned 2 IP addresses and I want to use one for the host and
the other for the guest.
Until here it seems to work in that I can ping both addresses. However
I don't know how I should configure my guest VM interface. There is no
nat, no DHCP and if I specify the same IP address for the virtualized
interface as the host bridge it's connecting to, it doesn't even
detect any link.
# virt-install --network bridge=virbr10,model=virtio ...
Please help.
I really can't understand why all that.

You just need a bridge interface and share the network.

brctl addbr br1

ip addr add 172.50.50.10/24 dev br1  #  Host

Add a interface in your guest on br1.

ip addr add 172.50.50.11/24 dev ${IF_GUEST} # Guest


That works fine,

Check your firewall for allow/deny rules.
--
Lucas Castro
Loading...