libvirt users - Oct 2013 - bridged networking using VLAN : guest with 2 NIC

hello all,

I have been trying to set-up bridged network with VLAN and not able to
succeed as many tutorials address only single NIC.

I am trying to setup 2 guests (backtrack instance) each guest has NIC1 and
NIC2. following is snippet for guest1

I am not able to get 192.168.0.2 address back on guest eth0.


VIRT-MANAGER  GUI :

guest1-lan details radio button

left side panel

NIC1 ------------------> Virtual Network Interface
                            Source Device : Virtual Network "default"
NAT
                            Device Model : Hypervisor default
                             MAc Address : xxxxxxxxxxxxxx

NIC2 ------------------> Virtual Network Interface
                            Source Device : Specify Shared Device Name
                                        Bridge name : guest1-lan
                            Device Model : virto
                             MAc Address : xxxxxxxxxxxxxx

HOST MACHINE :

brctl show has br0 for bridge
and virbr0 with 192.168.122.x address (created by default virtual network
NAT)


 /etc/sysconfig/network-scripts/

1) Bridge BR0 (cat ifcfg-br0)

DEVICE="br0"
TYPE="Bridge"
ONBOOT="yes"
NM_CONTROLLED="no"
BOOTPROTO="static"
IPADDR="xx.xx.xx.xx"
NETMASK="255.255.254.0"
GATEWAY="xx.xx.xx.xx"
DNS1="x.y.z.s"
DNS2="x.y.q.s"

2) cat ifcfg-em1
NM_CONTROLLED="yes"
HWADDR="02:12D:E2:B1:32"
BOOTPROTO="static"
DEVICE="em1"
BRIDGE="br0"
ONBOOT="yes"

3) ifcfg-em2
NM_CONTROLLED="yes"
HWADDR="02:24:7e:d0:b1:42"
BOOTPROTO="static"
DEVICE="em2"
ONBOOT="yes"

4) THIS IS GUEST   (cat ifcfg-guest1-lan)
DEVICE=guest1-lan
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=static
DELAY=1

5) GUEST VLAN (cat ifcfg-em2.620)

DEVICE=em2.620
VLAN=yes
ONBOOT=yes
BRIDGE=guest1-lan

BRCTL Show Command :

br0  8000.00237de0a132  no              em1
                                                       vnet0
guest1-lan 8000.00237de0a133   no    em2.620
virbr0        8000.5254003e19b3    yes  virbr0-nic


VIRSH :

virsh # net-list
Name                 State      Autostart
-----------------------------------------
guest1-lan           active     yes
default              active     yes


virsh # iface-list
Name                 State      MAC Address
--------------------------------------------
br0                  active     00:23:7d:e0:a1:32
guest1-lan       active     00:23:7d:e0:a1:33


iface-edit :

virsh # iface-edit guest1-lan

<interface type='bridge' name='guest1-lan'>
  <start mode='onboot'/>
  <bridge delay='1'>
    <interface type='vlan' name='em2.620'>
      <vlan tag='620'>
        <interface name='em2'/>
      </vlan>
    </interface>
  </bridge>
</interface>

------------------------------------------------------------------

/etc/libvirt/qemu/networks

cat guest1-lan.xml
<network>
  <name>guest1-lan</name>
  <uuid>a12747ec-21c9-0d21-ab06-064ba204bc52</uuid>
  <forward mode='bridge' dev="br0"/>
  <bridge name='guest1-lan' />
  <ip address='192.168.0.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.0.2' end='192.168.0.254' />
    </dhcp>
  </ip>
</network>


cat default.xml

<network>
  <name>default</name>
  <uuid>8778244b-1a0c-c15f-c348-26462a07a639</uuid>
  <forward mode='nat'/>
  <bridge name='virbr0' stp='on' delay='0' />
  <mac address='52:54:00:3E:19:B3'/>
  <ip address='192.168.122.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.122.2' end='192.168.122.254'
/>
    </dhcp>
  </ip>
</network>

any guidance will be appriciated

regards
dan

(There is no need or advantage to Cc'ing individuals who are already
subscribed to the mailing list.)

On 10/28/2013 05:34 PM, Dan Sa wrote:
> hello all,
>
> I have been trying to set-up bridged network with VLAN and not able to
> succeed as many tutorials address only single NIC.
>
> I am trying to setup 2 guests (backtrack instance) each guest has NIC1
> and NIC2. following is snippet for guest1
>
> I am not able to get 192.168.0.2 address back on guest eth0.

See the comment below about <forward mode='bridge'>. you'll
need some
other entity on your vlan to run a dhcp server, because libvirt won't be
doing it for you in this case.

>
>
> VIRT-MANAGER  GUI :
>
> guest1-lan details radio button
>
> left side panel
>
> NIC1 ------------------> Virtual Network Interface
>                             Source Device : Virtual Network
"default" NAT
>                             Device Model : Hypervisor default
>                              MAc Address : xxxxxxxxxxxxxx
>
> NIC2 ------------------> Virtual Network Interface
>                             Source Device : Specify Shared Device Name
>                                         Bridge name : guest1-lan
>                             Device Model : virto
>                              MAc Address : xxxxxxxxxxxxxx
The output of "virsh dumpxml $guestname" is much more useful than a
transcription of the virt-manager screens.
>
> HOST MACHINE :
>
> brctl show has br0 for bridge
> and virbr0 with 192.168.122.x address (created by default virtual
> network NAT)
>
>
>  /etc/sysconfig/network-scripts/
>
> 1) Bridge BR0 (cat ifcfg-br0)
>
> DEVICE="br0"
> TYPE="Bridge"
> ONBOOT="yes"
> NM_CONTROLLED="no"
> BOOTPROTO="static"
> IPADDR="xx.xx.xx.xx"
> NETMASK="255.255.254.0"
> GATEWAY="xx.xx.xx.xx"
> DNS1="x.y.z.s"
> DNS2="x.y.q.s"
>
> 2) cat ifcfg-em1
> NM_CONTROLLED="yes"
> HWADDR="02:12D:E2:B1:32"
> BOOTPROTO="static"
> DEVICE="em1"
> BRIDGE="br0"
> ONBOOT="yes"
>
> 3) ifcfg-em2
> NM_CONTROLLED="yes"
> HWADDR="02:24:7e:d0:b1:42"
> BOOTPROTO="static"
> DEVICE="em2"
> ONBOOT="yes"
>
> 4) THIS IS GUEST   (cat ifcfg-guest1-lan)
I don't understand what you mean by "this is guest". It isn't
a part of
the guest; it is a bridge on the host that could be *used* by a guest.

> DEVICE=guest1-lan
> TYPE=Bridge
> ONBOOT=yes
> BOOTPROTO=static
> DELAY=1
>
> 5) GUEST VLAN (cat ifcfg-em2.620)
>
> DEVICE=em2.620
> VLAN=yes
> ONBOOT=yes
> BRIDGE=guest1-lan
>
> BRCTL Show Command :
>
> br0  8000.00237de0a132  no              em1
>                                                        vnet0
> guest1-lan 8000.00237de0a133   no    em2.620
> virbr0        8000.5254003e19b3    yes  virbr0-nic
>From the above, it appears that there is only a single guest running,
and that it is connected via the br0 bridge; apparently you took this
output when neither of your dual-nic guests were running, as they should
have each attached tun devices to both guest1-lan and virbr0.

>
>
> VIRSH :
>
> virsh # net-list
> Name                 State      Autostart
> -----------------------------------------
> guest1-lan           active     yes
> default              active     yes
>
>
> virsh # iface-list
> Name                 State      MAC Address
> --------------------------------------------
> br0                  active     00:23:7d:e0:a1:32
> guest1-lan       active     00:23:7d:e0:a1:33
>
>
> iface-edit :
>
> virsh # iface-edit guest1-lan
>
> <interface type='bridge' name='guest1-lan'>
>   <start mode='onboot'/>
>   <bridge delay='1'>
>     <interface type='vlan' name='em2.620'>
>       <vlan tag='620'>
>         <interface name='em2'/>
>       </vlan>
>     </interface>
>   </bridge>
> </interface>
>
> ------------------------------------------------------------------
>
> /etc/libvirt/qemu/networks

(You shouldn't be looking at/modifying the files in
/etc/libvirt/qemu/networks directly. Instead, use "virsh net-dumpxml
guest1-lan" (for example) to look at the network config, and "virsh
net-edit guest1-lan" to modify it.)

>
> cat guest1-lan.xml
> <network>
>   <name>guest1-lan</name>
>   <uuid>a12747ec-21c9-0d21-ab06-064ba204bc52</uuid>
>   <forward mode='bridge' dev="br0"/>
>   <bridge name='guest1-lan' />
>   <ip address='192.168.0.1' netmask='255.255.255.0'>
>     <dhcp>
>       <range start='192.168.0.2' end='192.168.0.254'
/>
>     </dhcp>
>   </ip>

Any network with <forward mode='bridge'...> is an
"unmanaged" network
from libvirt's POV, and thus the <ip> element and all its subelements
are ignored. If you use <forward mode='bridge'> then libvirt
assumes
that the bridge device is already configured by the base OS config.

As of libvirt-1.0.1, attempts to define an <ip> element in a network
with <forward mode='bridge'> are flagged as an error. (It would be
helpful in future reports if you indicate your 1) libvirt version, 2)
qemu version, 3) distro and version, 4) kernel version. Although not
always applicable, sometime it can help in framing the issue.

> </network>
>
>
> cat default.xml
>
> <network>
>   <name>default</name>
>   <uuid>8778244b-1a0c-c15f-c348-26462a07a639</uuid>
>   <forward mode='nat'/>
>   <bridge name='virbr0' stp='on' delay='0' />
>   <mac address='52:54:00:3E:19:B3'/>
>   <ip address='192.168.122.1'
netmask='255.255.255.0'>
>     <dhcp>
>       <range start='192.168.122.2' end='192.168.122.254'
/>
>     </dhcp>
>   </ip>
> </network>
>
> any guidance will be appriciated
Since you're defining a vlan tag, I assume that the physical network
attached to your host's em2 is actually using vlan 620? If not, and you
just need a network that's private to your guests and the host, I would
recommend simply defining a libvirt network with no <forward> element at
all. This network *will* be managed by libvirt, so libvirt will create a
bridge and give it an IP address, as well as running a dnsmasq instance
to serve up IP addresses to guests, but the guests won't be able to get
traffic anywhere beyond that bridge via their interface connected to the
bridge.

If you *are* using vlan 620 on the physical network, then you'll need to
setup some other dhcp server somewhere on that network (either run a
system instance of dnsmasq on the host that listens on em2.620, or run
dnsmasq or dhcpd on some other physical host or guest that listens on
its own vlan-tagged interface).