help voor KVM network bridge.

Issues related to configuring your network
leeuw
Posts: 18
Joined: 2020/10/17 21:58:25

help voor KVM network bridge.

Post by leeuw » 2021/05/24 13:57:22

Guys,


If anyone feels sorry for a noob in linux networking please help me.


situation:

I've installed KVM on my Centos 8 x64 server. Followed the manuals, switched of selinux to simplify configuration.
All that is allright, the system is waiting for a vm machine to get installed. I tested it by starting a live bootcd, it works fine.

But... :roll: what I need is a virtual machine that had it's own ip address in the LAN network. And that is where my problem started. :|

I followed and combined several sources on the internet where indian guys (usually very young) give instructions, but it doesn't work for me. Like this one:

https://kirelos.com/how-to-install-kvm- ... -centos-8/

And I felt later most charmed by this one, cause it included variables for all individual parameters, so the commands could be used exactly the same for another pc or server:
https://computingforgeeks.com/how-to-cr ... -in-linux/
(I followed Method 5: Using Nmcli tool )


when running:

sudo nmcli connection show

It gives me basically the idea. what it was supposed to do:


NAME UUID TYPE DEVICE
Wired connection 1 b66746a4-f250-4878-ab8b-09cd4e54b7a5 ethernet eno1
brug10 a8c3d191-6690-48a9-8c21-34d4f2b4ca23 bridge brug10
virbr0 1f646742-3abf-4c05-a53f-bc3f70405db5 bridge virbr0


eno1 2397a37e-07d7-4948-9004-9eff8feedc6f ethernet --
eno2 d8e45418-e97d-4feb-bdaa-5f1e92d9bf36 ethernet --

where eno1, brug10 (bridge) and the KVM's default 'vibr0' are green and active.
But the result in unusable for me.

Maybe my understanding of how a bridge is operating is not good enough.
What I mainly try to achieve is having a bridge (brug10) where the default networking card (eno1)
will be a slave under together with the new eno1 connection , so that the bridge will act as a network card for KVM and
I can configure the KVM virtual machine settings like for example:


sudo virt-install --name mytestvirtualcomputer \
...
...
...
--network network=brug10 \
...


To let it connect to the new bridge which gives a new individual ip on the LAN.
Only...it doesn't work.
When I try to set the bridge active and the 'old' eno1 off
(cause it will be replaced by the slave version like in the manualif I understand right),
my physical wired connection stops and the server looses connection to the LAN (and my running SSH connection)
So the whole system becomes unusable. Later I tried to repeat the whole thing by a screen, mouse and keyboard.
But the same happens. Then I need to reactivate the old eno1 before connection to the LAN (and WAN) works again.

some details:

$ ip addr show dev virbr0


5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:f1:f2:3d brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever


$ sudo nmcli connection up brug10

Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)

$ ip addr show dev brug10


4: brug10: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 72:00:42:8e:49:c0 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.10/24 brd 192.168.1.255 scope global noprefixroute brug10
valid_lft forever preferred_lft forever


Yes, I know it says DOWN now, but I can't reactivate the 'new' eno1 like in the manual, cause it will disconnect the server...
to me it seems that, this part from those manuals:


nmcli conn add type ethernet slave-type bridge con-name bridge-brug10 ifname eno1 master brug10


is not working.


What do I do wrong, or is my understanding of what a bridge does not correct?
If not, how to keep a wired connection running and still have a bridge with slaves to run my virtual kvm machine,
so, that the physical server gets it's ip, and the virtual one in KVM gets another?

To be sure there is no other annoying reason I switched off selinux and firewalld first before testing.
If anyone has help I would be most happy. This is the kind of job you need experience with to be successful ;)
I know there other members asked similar questions like these, but none of the answers got me further...
Last edited by leeuw on 2021/05/24 21:38:09, edited 2 times in total.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: help voor KVM network bridge.

Post by jlehtone » 2021/05/24 20:06:55

Command bridge link list "links" and whether they have "master"; are linked to a bridge. If you have config right, then brug10 is the master of eno1.


Bridge is a switch. Switch is a bridge. Switch has ports. Managed switch has IP address. On the switch, not in a port.

man nmcli-examples has Example 9.

Code: Select all

$ nmcli con add type bridge con-name bridge-brug10 ifname brug10 bridge.stp no
$ nmcli con add type ethernet con-name br-slave-1 ifname eno1 master bridge-brug10
This assumes that there is no connection configured for eno1.

The result is that connection "br-slave-1" is on device "eno1" and has no ipv4 nor ipv6 options. No IP address on eno1.
The eno1 is just a port of bridge device "brug10". Connection "bridge-brug10" is the configuration of that bridge.
The bridge-brug10 has IP address. The IP address of the host.
This config gets the address from the DHCP server of the physical network.

If VM is given interface of type bridge and the brug10 is chosen as source, then VM will be connected to the bridge like you would plug patch cable from a machine into port of a switch.

If VM is connected to the bridge, then its DHCP request broadcasts propagate through the bridge like any other switch out to the DHCP server of the physical network.

The firewall does not filter the bridged traffic. Not without explicit changes.


The "virbr0" is a bridge too. It has no physical ports. It was created by libvirtd.service to represent the libvirt's "default" network (which is created and enabled by default).

The host has IP address on the virbr0. The host runs DHCP and DNS servers for the virtual network that the virbr0 represents. VM's connected to virbr0 will get address from the host and use the host as router; default gateway.

The host routes traffic between virbr0 network and external network. Routing requires passing through the firewall's filter, but libvirtd adds those rules for virbr0.
Furthermore, the routed traffic is NATted. Masqueraded. The host hides the existence of virbr0 subnet. This requires firewall rules.

leeuw
Posts: 18
Joined: 2020/10/17 21:58:25

Re: help voor KVM network bridge.

Post by leeuw » 2021/05/25 16:20:57

jlehtone,

Thanks for this. I think I need some more time to comprehend all this new
logic. Usually I learn best if I see a complete manual with steps, but as you know
I already tried that. All-right. I will puzzle on it again when there is time,
I will reply later. It so easy to setup KVM, but difficult to get the bridge work right.

leeuw
Posts: 18
Joined: 2020/10/17 21:58:25

Re: help voor KVM network bridge.

Post by leeuw » 2021/05/26 12:32:28

It is not working. I am not getting there.

After a lot of experimenting with different ip range settings for the bridge and switching on bridge setting off networks I didn't reach anything.
In the end I used:

sudo nmcli conn up b66746a4-f250-4878-ab8b-09cd4e54b7a5 (eno1 wired network original)

To have the network connection on the server working again.
The only stable relation I see is that whenever I do:

sudo nmcli conn up 2397a37e-07d7-4948-9004-9eff8feedc6f (the other slave eno1 for brug10)

the eno1 wired connection stops and alle network activity is blocked till I switch the eno1 wired network connection on again.

My knowledge is simply not enough to eliminate enough variables and I keep trying in a circle.
Also i tried to find my way in using the centos8 gnome gui.
#nm-connection-editor
Last edited by leeuw on 2021/05/28 15:46:00, edited 2 times in total.

leeuw
Posts: 18
Joined: 2020/10/17 21:58:25

Re: help voor KVM network bridge.

Post by leeuw » 2021/05/28 15:36:43

I understand this stuff is not attractive to support for linux admins.

I understand. Once you start.....

Just one thing then. Is what I want possble? Am i on the right track in my vision?


I have a server with a networkcard. After installation of centos8
a device name 'eno1' was used for this device to connect to the LAN and WAN.

Now my KVM idea came. And I started looking for manuals on the net.

In my recent understanding, I create a bridge 'brug10' give it a new subnet and gateway the is different from my LAN's,
Let it be master for a new 'virtual' KVM network which will be slave, and further add a secondary slave,
the old 'eno1' which was the default network card at start....

Am I correct so far?

It is really need some networking vision here to get results.
Just to be sure: My goal is

1. 1 real network wired connection from the network card to the router.
2. 1 software created bridge that can handle several virtual slaves for KVM. (But I only need 1)
3. under the same software bridge another slave, the real wired connection to have the real connection to the network. (old eno1)

So, there is 1 software built bridge, 2 slaves networks of which only one is the real connection to the network.
In the end the router gets 2 clients. My physical server, and the KVM guest. Both have individual ip addresses.

Is this part allright, or am I on the wrong track from start? Thanks for the help so far, but I simply need more direction
for my limited view

MartinR
Posts: 714
Joined: 2015/05/11 07:53:27
Location: UK

Re: help voor KVM network bridge.

Post by MartinR » 2021/05/28 15:58:24

During testing for the CentOS replacement I had about 10 VMs available in my machine on a bridge. In the past I've even had Windows 10 running as a VM. I use the routed approach so that the VMs are visible to other machines on my network. I'm going to try and include a writeup from my personal Wiki that I did some years ago, it may help firm up ideas in your mind. Because the forum won't allow .odt or .pdf, I've used JPEG, one page per file.

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: help voor KVM network bridge.

Post by jlehtone » 2021/05/28 20:28:10

leeuw wrote:
2021/05/28 15:36:43
Am I correct so far?
No.

You have only one physical network port. It can have only one connection.
That connection cannot have any IP address. That connection must be a slave of the bridge.
The bridge must have the IP address of the host.

Can you configure your host while it has no network connectivity?
If yes, then remove existing connections. Start from scratch.

How does your host get its IP (on eno1) now? From DHCP server? Manually set?
The bridge should use that same method.


PS. Libvirt can create bridges. The 'virbr0' is an example.

Libvirt can even create "bridge" bridge. However, since you have only one physical port, host
would have its IP address on that bridge and the network connectivity of the host would require that
the libvirtd service starts first. Not good.

leeuw
Posts: 18
Joined: 2020/10/17 21:58:25

Re: help voor KVM network bridge.

Post by leeuw » 2021/05/31 11:39:57

Thanks guys,

Still no luck. I spent one hour again.
Sometimes this just happens. You hear a bell, but you keep searching.
Just thank you for all effort and uploading the
images.

One thing still is not clear for me.

Is the new bridge replacing the default network connection 'eno1' or not?
The manuals on the net always instruct to 'nmcli connection down' the old network after setting up the
new bridge and slave network. When I do this I lose connection logically, so still think I don't see the basic idea.

I have a router with a DHCP server, but I manually configured the eno1 ethernet adapter to a static ip address
Logically I tried the same for brug10
The network situation is very simple. A router, a server with a networking card, KVM installed on the server, server needs IP and KVM guest needs different IP.

update:

I did exactly this (with my ethernet and bridge name):

(Setting Up a Network Bridge Using nmcli Tool)
https://www.tecmint.com/create-network- ... -centos-8/
based on:"Now add the Ethernet interface (eno1) as a portable device to the bridge (brug10) connection as shown."

i followed all steps in this manual. At this point the bridge looks active, slave is active.
But when I switch off the ethernet network as in the last step in the instruction:

"Then deactivate or bring down the Ethernet or Wired connection."
nmcli conn down wired connection

I loose all network connectivity.
Next, I can't ping google.com and when I check the router webportal for networking connection
I see the normal ip address 192.168.177.35 presented in the network list....


configuration:

router gateway:
192.168.177.1

the router serves also DNS on the same ip.

The server network card has: 192.168.177.35 (manual) before start creating the bridge.

When following the manual I configured the bridge:

ipv4.adresses 192.168.2.1/25
ipv4.gateway 192.168.2.1
ipv4.dns 192.168.177.1 (dns router address)
ipv4.method manual

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: help voor KVM network bridge.

Post by jlehtone » 2021/05/31 17:26:24

leeuw wrote:
2021/05/31 11:39:57
Is the new bridge replacing the default network connection 'eno1' or not?
Yes. Bridge must replace the default connection.
leeuw wrote:
2021/05/31 11:39:57
router gateway:
192.168.177.1

the router serves also DNS on the same ip.

The server network card has: 192.168.177.35 (manual) before start creating the bridge.

When following the manual I configured the bridge:

ipv4.adresses 192.168.2.1/25
ipv4.gateway 192.168.2.1
ipv4.dns 192.168.177.1 (dns router address)
ipv4.method manual
No. If the IP address of the host is 192.168.177.35 (when on eno1), then the IP address of the host must be 192.168.177.35 (when on bridge). You must "move" ipv4-config from eno1 to brug10.


I like DHCP server, because I can tell the DHCP server to always give same config to my device. That way the devices can use the default "use DHCP" config. In this case, since the bridge tends to inherit MAC address from the physical port (unless there are many), it will look like same device to DHCP server as the eno1 was before and therefore get the same, correct configuration.

leeuw
Posts: 18
Joined: 2020/10/17 21:58:25

Re: help voor KVM network bridge.

Post by leeuw » 2021/06/04 11:48:04

Guys,

It works! Thanks for the last instruction jlehtone.

Sorry for not updating you in the last days.
What actually was the problem here, it's difficult to say.
In previous attempts I did try using the exact wired connection manual ip config
on the bridge, but then it didn't work then so i started following a wrong lead.

What I did ;

-Deleting the slaves.
-'nmcli connection down' the bridge
-reconfigure the bridge ip, gateway, dns according to jlehtone's instruction.

- used this command to set the ethernet interface under the bridge as slave:
# nmcli conn add type ethernet slave-type bridge con-name bridge- brug10 ifname eno1 master brug10
(green must be changed)

and followed the manual again from here.
(Setting Up a Network Bridge Using nmcli Tool)

The new bridge-brug10 was replacing the eno1 interface as a slave under brug10, after
the correct command above it started replying on my 'ping google.com' command and I knew
it worked.
Later I used brug10 directly in my KVM with 'virt-install' settings to setup a guest
and have a seperated LAN ip for it.

I understand this feedback is difficult to follow, but when you are busy for days
to find a solution with different experiments, you forget the exact chronological
order when the right solution comes.
Last edited by leeuw on 2021/06/05 18:04:59, edited 1 time in total.

Post Reply