KVM Networking

Issues related to configuring your network
smrtalex1
Posts: 14
Joined: 2022/08/14 00:30:23

KVM Networking

Post by smrtalex1 » 2022/08/14 00:34:04

Have a Centos 7 dedicated system, utilizing KVM Hypervisor.

I have the bridge successfully running and have created a VM (using Centos 7) that I can access via VNC. I have a working failover IP that I am trying to setup on the VM. To test the failover IP, I have installed it on the dedicated system and verified that I can ping it from the outside successfully. The IP has since been removed from the dedicated system. I have been unsuccessful in getting IP setup on the VM with the ability to ping the IP from the outside or ping anything from the inside of the VM. Obviously the main IP is completely different that the Failover IP. Here is the config for the IP from the VM:

Code: Select all

cat /etc/sysconfig/network-scripts/ifcfg-eth0

TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="eth0"
UUID="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
DEVICE"eth0"=
ONBOOT="yes"
IPADDR="xxx.xxx.xx.161"    #  IP has been changed here in the public forum
PREFIX="30"
GATEWAY="ZZZ.ZZZ.ZZZ.254"    #  Told by Datacenter this is the main IP of the dedicated server with the last ocelet being 254
IPV6_PRIVACY="no"
Any thoughts or suggestions on why the IP is not visible?
Last edited by smrtalex1 on 2022/08/14 13:47:11, edited 1 time in total.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: KVM Networking

Post by jlehtone » 2022/08/14 09:09:50

Are the obfuscated xxx.xxx.xxx and xxx.xxx.xxx the same or different subnets?

On the host:

Code: Select all

brctl show
ip ro

smrtalex1
Posts: 14
Joined: 2022/08/14 00:30:23

Re: KVM Networking

Post by smrtalex1 » 2022/08/14 13:35:35

Sorry should have clarified that clearer. I have edited the initial post for the correction.

The gateway and IP are different subnets.

Let's call the GATEWAY = "ZZZ.ZZZ.ZZZ.254" so it is different.

From the host:

Code: Select all

# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.a4bf011f03aa       no              eth0
virbr0          8000.5254006cf828       yes             virbr0-nic

Code: Select all

# ip ro
default via ZZZ.ZZZ.ZZZ.254 dev br0 
ZZZ.ZZZ.ZZZ.0/24 dev br0 proto kernel scope link src ZZZ.ZZZ.ZZZ.146 
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 
I am not able to ping anything including the gateway from the VM.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: KVM Networking

Post by jlehtone » 2022/08/14 15:55:02

First, the brctl shows two bridges and only one interface in each.
(The virbr0 is a bridge created by default libvirt config and represents virtual network -- 192.168.122.0/24 named "default". We don't need to care about that.)

The important point here is that your VM does not have an interface on these bridges.
That is why it cannot reach anything else that is on these bridges.

How is the interface of VM defined? Output of virsh dumpxml <domain> contains that bit.


There is another logical issue:
Lets say that a machine has an interface that has address a.b/c, where the 'a' is the network part.
When it sends something to wire, all possible recipients are link-local subnet a/c and do have address a.*

When the machine wants to send someone that is not in a/c, it has to send the packet to a gateway -- router -- who is connected to other subnets.
You say that the gateway for the VM is not in the subnet that the VM is in. Not in xxx.xxx.xxx.160/30 subnet.
How could it possibly send anything to gateway, if the gateway is not xxx.xxx.xxx.162 -- the only other legal address in the xxx.xxx.xxx.160/30 subnet?

Code: Select all

$ ipcalc -n -b 10.20.30.161/30
BROADCAST=10.20.30.163
NETWORK=10.20.30.160

smrtalex1
Posts: 14
Joined: 2022/08/14 00:30:23

Re: KVM Networking

Post by smrtalex1 » 2022/08/14 16:03:30

Thank you for your response.... and I agree. These are the settings OVH said they were. :(

Here is the xml dump:

Code: Select all

# virsh dumpxml KKKK
<domain type='kvm' id='4'>
  <name>CIBOX</name>
  <uuid>969bb09f-67bd-4958-8f41-8ab293846bef</uuid>
  <memory unit='KiB'>4194304</memory>
  <currentMemory unit='KiB'>4194304</currentMemory>
  <vcpu placement='static'>1</vcpu>
  <resource>
    <partition>/machine</partition>
  </resource>
  <os>
    <type arch='x86_64' machine='pc-i440fx-rhel7.0.0'>hvm</type>
    <boot dev='hd'/>
  </os>
  <features>
    <acpi/>
    <apic/>
  </features>
  <cpu mode='custom' match='exact' check='full'>
    <model fallback='forbid'>Skylake-Client-IBRS</model>
    <feature policy='require' name='md-clear'/>
    <feature policy='require' name='spec-ctrl'/>
    <feature policy='require' name='ssbd'/>
    <feature policy='require' name='hypervisor'/>
    <feature policy='disable' name='arat'/>
  </cpu>
  <clock offset='utc'>
    <timer name='rtc' tickpolicy='catchup'/>
    <timer name='pit' tickpolicy='delay'/>
    <timer name='hpet' present='no'/>
  </clock>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <pm>
    <suspend-to-mem enabled='no'/>
    <suspend-to-disk enabled='no'/>
  </pm>
  <devices>
    <emulator>/usr/libexec/qemu-kvm</emulator>
    <disk type='file' device='disk'>
      <driver name='qemu' type='raw'/>
      <source file='/vm/images/CIBOX.img'/>
      <backingStore/>
      <target dev='vda' bus='virtio'/>
      <alias name='virtio-disk0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
    </disk>
    <disk type='file' device='cdrom'>
      <driver name='qemu'/>
      <target dev='hda' bus='ide'/>
      <readonly/>
      <alias name='ide0-0-0'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>
    <controller type='usb' index='0' model='ich9-ehci1'>
      <alias name='usb'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x7'/>
    </controller>
    <controller type='usb' index='0' model='ich9-uhci1'>
      <alias name='usb'/>
      <master startport='0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0' multifunction='on'/>
    </controller>
    <controller type='usb' index='0' model='ich9-uhci2'>
      <alias name='usb'/>
      <master startport='2'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x1'/>
    </controller>
    <controller type='usb' index='0' model='ich9-uhci3'>
      <alias name='usb'/>
      <master startport='4'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x2'/>
    </controller>
    <controller type='pci' index='0' model='pci-root'>
      <alias name='pci.0'/>
    </controller>
    <controller type='ide' index='0'>
      <alias name='ide'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
    </controller>
    <controller type='virtio-serial' index='0'>
      <alias name='virtio-serial0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
    </controller>
    <interface type='bridge'>
      <mac address='52:54:00:7c:3a:f9'/>
      <source bridge='br0'/>
      <target dev='vnet0'/>
      <model type='virtio'/>
      <alias name='net0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
    <serial type='pty'>
      <source path='/dev/pts/1'/>
      <target type='isa-serial' port='0'>
        <model name='isa-serial'/>
      </target>
      <alias name='serial0'/>
    </serial>
    <console type='pty' tty='/dev/pts/1'>
      <source path='/dev/pts/1'/>
      <target type='serial' port='0'/>
      <alias name='serial0'/>
    </console>
    <channel type='unix'>
      <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/domain-4-CIBOX/org.qemu.guest_agent.0'/>
      <target type='virtio' name='org.qemu.guest_agent.0' state='connected'/>
      <alias name='channel0'/>
      <address type='virtio-serial' controller='0' bus='0' port='1'/>
    </channel>
    <input type='tablet' bus='usb'>
      <alias name='input0'/>
      <address type='usb' bus='0' port='1'/>
    </input>
    <input type='mouse' bus='ps2'>
      <alias name='input1'/>
    </input>
    <input type='keyboard' bus='ps2'>
      <alias name='input2'/>
    </input>
    <graphics type='vnc' port='5900' autoport='yes' listen='0.0.0.0'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>
    <video>
      <model type='cirrus' vram='16384' heads='1' primary='yes'/>
      <alias name='video0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
    </video>
    <memballoon model='virtio'>
      <alias name='balloon0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
    </memballoon>
    <rng model='virtio'>
      <backend model='random'>/dev/urandom</backend>
      <alias name='rng0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
    </rng>
  </devices>
  <seclabel type='dynamic' model='dac' relabel='yes'>
    <label>+107:+107</label>
    <imagelabel>+107:+107</imagelabel>
  </seclabel>
</domain>

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: KVM Networking

Post by jlehtone » 2022/08/14 17:06:12

My VM's look very similar, with entries like:

Code: Select all

    <interface type='bridge'>
      <mac address='52:54:00:*:*:*/>
      <source bridge='brlan'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
    </interface>
The difference is that when my VM's are up, they do show on the bridge:

Code: Select all

$ brctl show
bridge name	bridge id		STP enabled	interfaces
brlan		8000.000af776d530	yes		p1p1
							vnet0
							vnet1
(The "vnet0" and "vnet1" are from two VM's. They do show in ip li output too.)

Have you tried shutting down the VM and then start it again?

smrtalex1
Posts: 14
Joined: 2022/08/14 00:30:23

Re: KVM Networking

Post by smrtalex1 » 2022/08/14 17:25:27

We have restarted the VM multiple times. Every completely deleted it and reinstalled multiple time.

This is what I am showing on the host right now:

Code: Select all

# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.a4bf011f03aa       no              eth0
                                                        vnet0
                                                        vnet1
virbr0          8000.5254006cf828       yes             virbr0-nic
so the vnet0 is there. vnet1 is another test.

It is likely something very small that I am missing, but have NO idea what.

Whoever
Posts: 1357
Joined: 2013/09/06 03:12:10

Re: KVM Networking

Post by Whoever » 2022/08/14 18:36:38

Have you resolved the issue that the VM's IP address and gateway are in different subnets? This simply won't work.

smrtalex1
Posts: 14
Joined: 2022/08/14 00:30:23

Re: KVM Networking

Post by smrtalex1 » 2022/08/14 18:40:37

I ha
Whoever wrote:
2022/08/14 18:36:38
Have you resolved the issue that the VM's IP address and gateway are in different subnets? This simply won't work.
I have not. OVH states that is what the proper settings are. And the IP does work if I put it directly on the host server. Does something need to be done on the host server side?

Whoever
Posts: 1357
Joined: 2013/09/06 03:12:10

Re: KVM Networking

Post by Whoever » 2022/08/14 23:51:32

smrtalex1 wrote:
2022/08/14 18:40:37
I ha
Whoever wrote:
2022/08/14 18:36:38
Have you resolved the issue that the VM's IP address and gateway are in different subnets? This simply won't work.
I have not. OVH states that is what the proper settings are. And the IP does work if I put it directly on the host server. Does something need to be done on the host server side?
I can confidently say that it does not work when put on the host server, or not working the way you think it is working. The gateway (default route) must be in the same subnet as the IP address. Something else is going on: the host server must have additional IP addresses, or you would not be able to communicate with it when you remove the IP address from the host and put it on the VM. I suggest that it is this additional IP address that is "working", and not the one that you want to assign to the VM.
Last edited by Whoever on 2022/08/15 00:07:07, edited 3 times in total.

Post Reply