CentOS - May 2014 - CentOS 6 KVM networking: What am I missing???

OK, I have a strange problem.  It is probably something simple/stupid, but I 
cannot figure it out.

I have a nice new PowerEdge T20 that I installed CentOS 6 (6.5) on with 
Virtualization (KVM).  I then installed Ubuntu 14.04 in a virtual machine, 
with a bridged network:

------ begin ub140464.xml------------------
<domain type='kvm' id='2'>
  <name>ub140464</name>
  <uuid>53f7caec-1ff8-3bcd-3387-781dbc686907</uuid>
  <memory unit='KiB'>1048576</memory>
  <currentMemory unit='KiB'>1048576</currentMemory>
  <vcpu placement='static'>1</vcpu>
  <os>
    <type arch='x86_64'
machine='rhel6.5.0'>hvm</type>
    <boot dev='hd'/>
  </os>
  <features>
    <acpi/>
    <apic/>
    <pae/>
  </features>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <devices>
    <emulator>/usr/libexec/qemu-kvm</emulator>
    <disk type='block' device='disk'>
      <driver name='qemu' type='raw' cache='none'
io='native'/>
      <source dev='/dev/vg_newserver00/ub140464'/>
      <target dev='vda' bus='virtio'/>
      <alias name='virtio-disk0'/>
      <address type='pci' domain='0x0000' bus='0x00'
slot='0x05' function='0x0'/>
    </disk>
    <disk type='block' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <target dev='hdc' bus='ide'/>
      <readonly/>
      <alias name='ide0-1-0'/>
      <address type='drive' controller='0' bus='1'
target='0' unit='0'/>
    </disk>
    <controller type='usb' index='0'>
      <alias name='usb0'/>
      <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x2'/>
    </controller>
    <controller type='ide' index='0'>
      <alias name='ide0'/>
      <address type='pci' domain='0x0000' bus='0x00'
slot='0x01' function='0x1'/>
    </controller>
    <interface type='network'>
      <mac address='52:54:00:11:43:29'/>
      <source network='virbr1'/>
      <target dev='macvtap0'/>
      <model type='virtio'/>
      <alias name='net0'/>
      <address type='pci' domain='0x0000' bus='0x00'
slot='0x03' function='0x0'/>
    </interface>
    <serial type='pty'>
      <source path='/dev/pts/1'/>
      <target port='0'/>
      <alias name='serial0'/>
    </serial>
    <console type='pty' tty='/dev/pts/1'>
      <source path='/dev/pts/1'/>
      <target type='serial' port='0'/>
      <alias name='serial0'/>
    </console>
    <input type='mouse' bus='ps2'/>
    <graphics type='vnc' port='5900' autoport='yes'
listen='127.0.0.1'>
      <listen type='address' address='127.0.0.1'/>
    </graphics>
    <sound model='ich6'>
      <alias name='sound0'/>
      <address type='pci' domain='0x0000' bus='0x00'
slot='0x04' function='0x0'/>
    </sound>
    <video>
      <model type='cirrus' vram='9216' heads='1'/>
      <alias name='video0'/>
      <address type='pci' domain='0x0000' bus='0x00'
slot='0x02' function='0x0'/>
    </video>
    <memballoon model='virtio'>
      <alias name='balloon0'/>
      <address type='pci' domain='0x0000' bus='0x00'
slot='0x06' function='0x0'/>
    </memballoon>
  </devices>
  <seclabel type='dynamic' model='selinux'
relabel='yes'>
    <label>system_u:system_r:svirt_t:s0:c369,c592</label>
   
<imagelabel>system_u:object_r:svirt_image_t:s0:c369,c592</imagelabel>
  </seclabel>
</domain>
------ end ub140464.xml --------------------

------ begin virbr1.xml ---------------------
<network connections='1'>
  <name>virbr1</name>
  <uuid>c2621cc7-49d7-a94d-d682-a77a3f1fcbef</uuid>
  <forward dev='em1' mode='bridge'>
    <interface dev='em1' connections='1'/>
  </forward>
</network>
------ end virbr1.xml ---------------------

The Ububtu VM can connect to the LAN the T20 is on and off into the 
public Internet.  Machines on the LAN (eg my laptop) can connect to Ububtu 
VM.  *BUT* the host server cannot connect to the Ububtu VM and the Ububtu 
cannot connect to the host server.

Netstat -r on the T20 (host server):
[root at newserver ~]# netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.1.0     *               255.255.255.0   U         0 0          0 em1
192.168.122.0   *               255.255.255.0   U         0 0          0 virbr0
link-local      *               255.255.0.0     U         0 0          0 em1
default         server1.wendell 0.0.0.0         UG        0 0          0 em1


Netstat -r on the Ubuntu VM:
heller at ub140464:~$ netstat -r
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
default         server1.wendell 0.0.0.0         UG        0 0          0 eth0
192.168.1.0     *               255.255.255.0   U         0 0          0 eth0

(server1 is the older PowerEdge server running CentOS 5 that *presently* 
serves as the router to the public Internet and is also the dhcp and DNS 
server for the LAN.  Eventually, the new T20 server will take that over, once 
it is fully set up.)

I have set up VMs like this on my CentOS 5 (Xen) machine without any problems, 
but I must be missing something here.



-- 
Robert Heller             -- 978-544-6933 / heller at deepsoft.com
Deepwoods Software        -- http://www.deepsoft.com/
()  ascii ribbon campaign -- against html e-mail
/\  www.asciiribbon.org   -- against proprietary attachments

On 05/31/2014 12:50 PM, Robert Heller wrote:
>       <target dev='macvtap0'/>

This is why.
> 
> The Ububtu VM can connect to the LAN the T20 is on and off into the 
> public Internet.  Machines on the LAN (eg my laptop) can connect to Ububtu 
> VM.  *BUT* the host server cannot connect to the Ububtu VM and the Ububtu 
> cannot connect to the host server.

That's pretty much how macvtap works.

http://wiki.libvirt.org/page/Guest_can_reach_outside_network,_but_can't_reach_host_(macvtap)

https://ask.fedoraproject.org/en/question/8833/bridged-networking-with-kvm-and-macvtap/

-- 
Jim Perrin
The CentOS Project | http://www.centos.org
twitter: @BitIntegrity | GPG Key: FA09AD77