KVM Networking

Issues related to configuring your network
smrtalex1
Posts: 14
Joined: 2022/08/14 00:30:23

Re: KVM Networking

Post by smrtalex1 » 2022/08/16 12:59:44

jlehtone wrote:
2022/08/16 10:55:23
Thanks,

The first thing is to test whether that connects the VM to "the internet".

The "2.3.4.5 dev eth0" is a static route. The "2.3.4.5" is more specific destination than
the "default", so it should match "first" even when the default route is added "prior".


Alas, the ip commands affect only currently running session.
There are multiple ways to store the config so that it is applied on every boot.

The default on EL (starting with EL7) is to configure network with NetworkManager.service (NM).
  • nmcli con mod eth0 ipv4.routes 2.3.4.5 might add the static route "the NM way"
  • If one installs package NetworkManager-dispatcher-routing-rules, then NM will read initscripts-format files.
    Then file /etc/sysconfig/network-scripts/route-eth0 with content:
    2.3.4.5 dev eth0
    should create the static route on service start.
If one does revert to network.service, then the same initscripts-format file should work.

Note: the "eth0" for nmcli is name of connection. The "eth0" for 'ip' and initscripts is name of interface.
Great information! What is the recommended way to store the config without using NetworkManager?

Thanks!

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: KVM Networking

Post by jlehtone » 2022/08/16 13:19:21

TrevorH wrote:
2022/08/16 11:35:20
so it should match "first" even when the default route is added "prior".
IIRC, it won't let you add a route via a destination it cannot currently reach, hence the need to add the specific route before you can try to add the default route via it.
My bad. :oops: Yes, 'ip' would do that. Whether the services set default before or after static routes ... initscripts route file, like in OVH manual below, looks a safe bet.
smrtalex1 wrote:
2022/08/16 12:54:19
OVH is not very helpful when it comes to configuration. :( They basically provided this link: https://docs.ovh.com/gb/en/dedicated/network-bridging/
Oh, but they do write:
OVH wrote:configuring the IP address, netmask, gateway and route to the gateway inside the VM
and further down, for CentOS guests:
OVH wrote:Next, open the virtual machine’s routing file, which is located in /etc/sysconfig/network-scripts/route-eth0. Edit the file so that it reflects the configuration below (please remember to fill in your own values).

Code: Select all

GATEWAY_IP dev eth0
default via GATEWAY_IP dev eth0
smrtalex1 wrote:
2022/08/16 12:58:00
Whoever wrote:
2022/08/16 04:58:01
I would also suggest that you change your obfuscation scheme and post the last 2 octets of all the IP addresses and address ranges. Without the first two octets it should still be sufficiently obfuscated.
Good idea!
The last 2 octets in a.b.c.146 are the c.146, not the a.b and 146.
smrtalex1 wrote:
2022/08/16 12:59:44
Great information! What is the recommended way to store the config without using NetworkManager?
Run command nmcli in the guest. If it shows something about you current config, then guest has NM in use.

If you have NM, then use the 'ip' commands in the guest (replace the 2.3.4.5. with your gateway IP) to get net up,
run yum install NetworkManager-dispatcher-routing-rules
and add the route-eth0 file.

If you don't have NM (nmcli says "not running" or something) then just add the route-eth0 file.
(Assuming that the name of the interface in the guest is "eth0".)

smrtalex1
Posts: 14
Joined: 2022/08/14 00:30:23

Re: KVM Networking

Post by smrtalex1 » 2022/08/16 14:11:48

smrtalex1 wrote:
2022/08/16 12:54:19
OVH is not very helpful when it comes to configuration. :( They basically provided this link: https://docs.ovh.com/gb/en/dedicated/network-bridging/
Oh, but they do write:
OVH wrote:configuring the IP address, netmask, gateway and route to the gateway inside the VM
and further down, for CentOS guests:
OVH wrote:Next, open the virtual machine’s routing file, which is located in /etc/sysconfig/network-scripts/route-eth0. Edit the file so that it reflects the configuration below (please remember to fill in your own values).

Code: Select all

GATEWAY_IP dev eth0
default via GATEWAY_IP dev eth0
I have tried that and it does not fix it, but it seems to make a step. Before doing that, when I ping:

#ping 8.8.8.8
connect: Network unreachable

When I add the route-eth0 file:

#ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 recievied, 100% packet loss, time 1999ms

smrtalex1 wrote:
2022/08/16 12:58:00
Whoever wrote:
2022/08/16 04:58:01
I would also suggest that you change your obfuscation scheme and post the last 2 octets of all the IP addresses and address ranges. Without the first two octets it should still be sufficiently obfuscated.
Good idea!
The last 2 octets in a.b.c.146 are the c.146, not the a.b and 146.
Sorry, I missed that. I have corrected in my post and here is the updated config:

Server MAIN IP = ZZZ.ZZZ.79.146
FAILOVER IP = xxx.xxx.149.161
GATEWAY FOR BOTH MAIN IP AND FAILOVER IP = ZZZ.ZZZ.79.254
NETMASK FOR FAILOVER IP = 255.255.255.252

The ZZZ.ZZZ and xxx.xxx are completely different numbers from each other.
smrtalex1 wrote:
2022/08/16 12:59:44
Great information! What is the recommended way to store the config without using NetworkManager?
Run command nmcli in the guest. If it shows something about you current config, then guest has NM in use.

If you have NM, then use the 'ip' commands in the guest (replace the 2.3.4.5. with your gateway IP) to get net up,
run yum install NetworkManager-dispatcher-routing-rules
and add the route-eth0 file.

If you don't have NM (nmcli says "not running" or something) then just add the route-eth0 file.
(Assuming that the name of the interface in the guest is "eth0".)
running nmcli states that NetworkManager is not running.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: KVM Networking

Post by jlehtone » 2022/08/16 17:35:09

What does ip ro show now on the guest?

Whoever
Posts: 1357
Joined: 2013/09/06 03:12:10

Re: KVM Networking

Post by Whoever » 2022/08/16 19:54:22

TrevorH wrote:
2022/08/16 09:29:24
OVH use a weird network setup where the gateway is not in the same subnet as the host ip. You have to do special stuff to add a route to the gateway ip via the device prior to adding the default route. Something like

ip ro add 2.3.4.5 dev eth0
ip ro add default via 2.3.4.5

Interesting. I did not know there was any way to do this. In fact, I have been trying to do something similar with a custom routing table.

smrtalex1
Posts: 14
Joined: 2022/08/14 00:30:23

Re: KVM Networking

Post by smrtalex1 » 2022/08/17 17:12:04

Solved and published here for prosperity

Thanks for everyone's suggestions here! It was extremely helpful!!!

OVH sets their systems to utilize DHCP on their servers for the main IP of your dedicated server. You have to convert their setup to STATIC IP. You also have to create the Virtual Mac Address for the Failover IP in the OVH Dashboard under IP management.

Server MAIN IP = ZZZ.ZZZ.79.146
FAILOVER IP = xxx.xxx.149.161
GATEWAY FOR BOTH MAIN IP AND FAILOVER IP = ZZZ.ZZZ.79.254
NETMASK FOR FAILOVER IP = 255.255.255.252 (although it appears that I did not need it)
FAILOVER IP VIRTUAL MAC ADDRESS: MY:VI:RT:UA:LM:AC

Here is the setup that worked for me. I did this from a fresh Centos 7 reinstall:

I prefer using network over NetworkManager

On the host:

Code: Select all

# systemctl stop NetworkManager
# systemctl disable NetworkManager
To get the KVM Hypervisor installed:

On the host:

Code: Select all

# yum install qemu-kvm libvirt libvirt-python libguestfs-tools virt-install
# systemctl enable libvirtd
# systemctl start libvirtd
On the host, my configuration files are as follows:

On the host:

Code: Select all

# cat /etc/sysconfig/network-scripts/ifcfg-br0 
DEVICE=br0
ONBOOT=yes
NETBOOT=no
NM_CONTROLLED="no"
BOOTPROTO=static
HWADDR=a4:bf:01:29:36:f6
TYPE=Bridge
NAME="br0"
IPADDR=ZZZ.ZZZ.79.146
NETMASK=255.255.255.0
On the host:

Code: Select all

# cat  /etc/sysconfig/network-scripts/ifcfg-eth0 
DEVICE=eth0
ONBOOT=yes
NETBOOT=no
NM_CONTROLLED="no"
BOOTPROTO=static
BRIDGE=br0
On the host:

Code: Select all

# cat  /etc/sysconfig/network
NOZEROCONF=yes

# Created by cloud-init on instance boot automatically, do not edit.
#
NETWORKING=yes
GATEWAY=ZZZ.ZZZ.79.254
I rebooted several times to ensure that everything was coming back up without issue.

So now that I was confident with the host, I created the VM:

From the host:
* don't forget to put in the virtual Mac Address in the virt-install statement.

Code: Select all

# cd /
# mkdir -p vm/ISO
# mkdir -p mv/images
# cd /vm/ISO

# wget https://mirrors.edge.kernel.org/centos/7.9.2009/isos/x86_64/CentOS-7-x86_64-Everything-2207-02.iso

# virt-install --graphics=vnc,password=##########,listen=0.0.0.0 --virt-type=kvm --name test --ram 4096 --vcpus 1 --disk path=/vm/images/test.img,size=30,bus=virtio,format=raw --os-variant=centos7.0 --network=bridge=br0,model=virtio,mac=MY:VI:RT:UA:LM:AC --cdrom=/vm/ISO/CentOS-7-x86_64-Everything-2207-02.iso
I then logged into the VM via VNC to complete the VM setup:

Disabled SELinux on VM

On the VM:

Code: Select all

# vi /etc/selinux/config
Changed 
SELINUX=enforcing
to
SELINUX=disabled

I prefer using network over NetworkManager

On the VM:

Code: Select all

# systemctl disable NetworkManager
Rebooted the VM

Logged into the VM via VNC

On the VM:

Code: Select all

# cat  /etc/sysconfig/network-scripts/ifcfg-eth0 

TYPE=Ethernet
BOOTPROTO=static
USERCTL=no
IPV6INIT=no
PEERDNS=yes
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=xxx.xxx.149.161
GATEWAY=ZZZ.ZZZ.79.254
NETMASK=255.255.255.255
ARP=yes
On the VM:

Code: Select all

# cat  /etc/sysconfig/network-scripts/route-eth0
ZZZ.ZZZ.79.254/32 dev eth0
default via ZZZ.ZZZ.79.254 dev eth0
On the VM:

Code: Select all

# cat /etc/resolv.conf
nameserver 8.8.8.8
search localdomain
All set! I am able to ping to the VM as well as ping out!

Lots of trial and error to get here, but many thanks to the posters here that guided me to the finish line!!!

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: KVM Networking

Post by jlehtone » 2022/08/17 17:55:16

Good.

Why do you disable the SELinux? Extra layer of security is a Good Thing to have.


Note that you can use PREFIX instead of NETMASK. It is easier to type and read (correctly).
(If you are told to use prefix 30 by OVH, then it is better to set it, rather than the 32 that you now set.)

You don't need GATEWAY in the ifcfg-eth0 of the [edit]guest[/edit] because you set it already in route-eth0; better not set it twice.
Last edited by jlehtone on 2022/08/18 05:39:10, edited 1 time in total.

smrtalex1
Posts: 14
Joined: 2022/08/14 00:30:23

Re: KVM Networking

Post by smrtalex1 » 2022/08/17 22:03:48

jlehtone wrote:
2022/08/17 17:55:16
Good.

Why do you disable the SELinux? Extra layer of security is a Good Thing to have.


Note that you can use PREFIX instead of NETMASK. It is easier to type and read (correctly).
(If you are told to use prefix 30 by OVH, then it is better to set it, rather than the 32 that you now set.)

You don't need GATEWAY in the ifcfg-eth0 of the host because you set it already in route-eth0; better not set it twice.
For some reason SELinux gives me issues, so I just automatically disable it. I need to revisit that.

I figured there was cleaning up I could do on the setup. I was just thrilled to get it going!!! I will take your suggestions in my implementation!

Thanks again for your help!!! Really appreciate it!

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: KVM Networking

Post by jlehtone » 2022/08/18 05:41:43

I had typo in previous post: I did mean GATEWAY in guest.


On SELinux, see https://stopdisablingselinux.com/

smrtalex1
Posts: 14
Joined: 2022/08/14 00:30:23

Re: KVM Networking

Post by smrtalex1 » 2022/08/18 18:21:11

jlehtone wrote:
2022/08/18 05:41:43
I had typo in previous post: I did mean GATEWAY in guest.


On SELinux, see https://stopdisablingselinux.com/
Thanks for the link!

I was able to remove both GATEWAY and NETMASK in the VM (Guest) ifcfg-eth0 file without affecting the functionality. I also did not need to use PREFIX.

Thanks again!

Post Reply