Re: [libvirt-users] bridged networking using VLAN : guest with 2 NIC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/30/2013 09:14 PM, Dan Sa wrote:
I created another Virtual Machine with DHCP enabled 192.168.0.0/16 DHCP Range 192.168.0.2 192.168.0.2 (as I want same IP to all three guests) Forwarding : NAT to em2

now on host I see two instances of dnsmasq

netstat -anlp | grep -w dnsmasq
tcp        0      0 192.168.0.1:53          0.0.0.0:*               LISTEN      1907/dnsmasq <<<< is this right ? I created
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      6666/dnsmasq  <<< default NAT


however I am seeing dnsmasq is not Active

systemctl status dnsmasq.service
dnsmasq.service - DNS caching server.
          Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled)
          Active: failed (Result: exit-code) since Wed, 30 Oct 2013 12:30:39 -0600; 41min ago

all my guest are on physical VLAN so how I should go about giving them 192.168.0.2 address using dnsmasq ?

1) PLEASE stop top-posting new random information and guesses at solutions to the top of your old messages. You are quickly creating a cascade of text that is so large and rambling that nobody will have the ambition to unscramble it and make a reply.

It is generally accepted good etiquette to post responses to earlier messages in-line with the original, so that the flow of the conversation can be easily followed by someone reading just the last message. (If there is no "flow" to the conversation, then something more fundamental has gone wrong.)

2) If you've now realized (as I told you in my first response) that you need to run a system instance of dhcpd or dnsmasq to service dhcp for the vlan of your guests, then what you have is a networking problem, not a virtualization problem. There are tutorials for setting up dnsmasq in various places on the web, or you can simply read the comments in /etc/dnsmasq.conf to figure out how to make it listen on just a specific interface, and how to tell it what addresses to serve for that interface.

See below for more comments.


thanks
dan






On Wed, Oct 30, 2013 at 11:20 AM, Dan Sa <dreamrider787@xxxxxxxxx> wrote:
UPDATE :

Adding more information about dnsmasq on box running fedora (host)

dispatcher.d]# nmcli nm status
RUNNING         STATE           WIFI-HARDWARE   WIFI       WWAN-HARDWARE   WWAN
running         connecting      enabled         enabled    enabled         disabled

 nmcli nm status
RUNNING         STATE           WIFI-HARDWARE   WIFI       WWAN-HARDWARE   WWAN
running         disconnected    enabled         enabled    enabled         disabled


systemctl --all|grep -i network

NetworkManager.service    loaded active   running       Network Manager

 dnsmasq.d]# ls -al
total 8
drwxr-xr-x  2 root root 4096 Nov 20  2012 .
drwxr-xr-x. 6 root root 4096 Oct 30 08:56 ..


 dispatcher.d]# ls -al
total 32
drwxr-xr-x. 2 root root 4096 Sep 23 12:59 .
drwxr-xr-x. 6 root root 4096 Oct 30 08:56 ..
-rwxr-xr-x  1 root root  175 Nov 15  2012 00-netreport
-rwxr-xr-x. 1 root root  335 Feb 14  2012 04-iscsi
-rwxr-xr-x. 1 root root  111 Jun 25  2012 10-sendmail
-rwxr-xr-x  1 root root  933 Jul 10 04:38 11-dhclient
-rwxr-xr-x. 1 root root  317 Apr 27  2012 20-chrony
-rwxr-xr-x  1 root root  138 Mar 19  2013 20-squid

 cat dnsmasq.conf

all lines are commented only line active is

# Include another lot of configuration options.
#conf-file=/etc/dnsmasq.more.conf
conf-dir=/etc/dnsmasq.d  <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

*All* of the above is just random data, which says nothing. Please try to spend more time figuring out what you are trying to do and what has gone wrong before just pasting random bits into a message to a mailing list. Remember that the people reading the messages on this list are doing it for free, and they also have day jobs they need to attend to. The less excess garbage is in a message, the less time they have to use up sifting through it for useful information.






On Wed, Oct 30, 2013 at 10:10 AM, Dan Sa <dreamrider787@xxxxxxxxx> wrote:
BRCTL SHOW
bridge name bridge id      STP enabled interfaces
br0       8000.00237de0a132 no         em1
                                       vnet0
guest1-lan 8000.00237de0a133 no        em2.620
                                       vnet3
guest1-wan 8000.0022642b6586 no        p1p1.110
guest2-lan 8000.00237de0a133 no        em2.619
guest2-wan 8000.0022642b6586 no        p1p1.108
guest3-lan 8000.00237de0a133 no        em2.621
guest3-wan 8000.0022642b6586 no        p1p1.111

virbr0     8000.5254003e19b3 yes       virbr0-nic
                                       vnet2

The above list of bridges connected to vlan interfaces implies that, for some reason, you are putting each interface of each guest on a separate vlan. Is this really what you think you want to do? Why? How will these guests connect to the rest of the network? Unless you have a requirement to isolate each guest entirely from every other guest and force each guest's traffic to travel through a different path out to the rest of the network, then I think you've misunderstood when/why vlans should be used. It is much more common to just setup a single network that many (or even all) guests will attach to, and generally you don't need a vlan tag to do this.

(an earlier comment you made implying that a *host* bridge attached to a host vlan interface *was actually the guest interface* makes me believe you are confused about the function of each bit and how they all fit together. I think it would be useful for you to step back from all of this and just explain how you want your guests to connect to the rest of the network. Do you have a specific requirement for each to be connected to a separate vlan on the physical network? Or do they just need to be connected "somehow"? Do they need to be prevented from communicating with each other, or was this just a side effect of a mistaken network configuration?



On Wed, Oct 30, 2013 at 10:10 AM, Dan Sa <dreamrider787@xxxxxxxxx> wrote:
Laine,

first thank you very much for your input, it cleared some doubts ... please find below the information in the desired format.

Versions:

1) Virtual Machine Manager 0.9.5[root@dsl-test qemu]# uname -a
2) Linux  3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
3) Fedora release 17 (Beefy Miracle) Kernel \r on an \m (\l)

Fedora 17 is > 1 year old, and thus no longer gets any updates, not even security updates. You need to upgrade to a newer release of Fedora (F20 is already in beta, so that may be a good choice)

4) virsh --version 0.9.11.10

Likewise, 0.9.11 is very old. *Many* improvements have been made since then, which is another good reason to upgrade your OS.

5) rpm -qa | grep kvm
libvirt-daemon-kvm-0.9.11.10-1.fc17.x86_64
qemu-kvm-1.0.1-6.fc17.x86_64

I have 3 Guest information for guest1 follows : (my questions are after that)

virsh dumpxml guest1 :

virsh dumpxml guest1

<domain type='kvm' id='5'>

  <name>guest1</name>

  <uuid>bcc29de1-ba90-5dd8-81fe-7450852df7f6</uuid>

  <memory unit='KiB'>1048576</memory>

  <currentMemory unit='KiB'>1048576</currentMemory>

  <vcpu>4</vcpu>

  <os>

    <type arch='x86_64' machine='pc-0.15'>hvm</type>

    <boot dev='hd'/>

  </os>

  <features>

    <acpi/>

    <apic/>

    <pae/>

  </features>

  <cpu mode='custom' match='exact'>

    <model fallback='allow'>Penryn</model>

    <vendor>Intel</vendor>

    <feature policy='require' name='tm2'/>

    <feature policy='require' name='est'/>

    <feature policy='require' name='monitor'/>

    <feature policy='require' name='osxsave'/>

    <feature policy='require' name='ss'/>

    <feature policy='require' name='ds'/>

    <feature policy='require' name='vme'/>

    <feature policy='require' name='dtes64'/>

    <feature policy='require' name='ht'/>

    <feature policy='require' name='dca'/>

    <feature policy='require' name='pbe'/>

    <feature policy='require' name='xsave'/>

    <feature policy='require' name='tm'/>

    <feature policy='require' name='pdcm'/>

    <feature policy='require' name='vmx'/>

    <feature policy='require' name='ds_cpl'/>

    <feature policy='require' name='xtpr'/>

    <feature policy='require' name='acpi'/>

  </cpu>

  <clock offset='utc'/>

  <on_poweroff>destroy</on_poweroff>

  <on_reboot>restart</on_reboot>

  <on_crash>restart</on_crash>

  <devices>

    <emulator>/usr/bin/qemu-kvm</emulator>

    <disk type='file' device='disk'>

      <driver name='qemu' type='raw'/>

      <source file='/var/lib/libvirt/images/guest1.img'/>

      <target dev='vda' bus='virtio'/>

      <alias name='virtio-disk0'/>

      <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>

    </disk>

    <controller type='usb' index='0'>

      <alias name='usb0'/>

      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>

    </controller>

    <controller type='virtio-serial' index='0'>

      <alias name='virtio-serial0'/>

      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>

    </controller>

    <interface type='network'>

      <mac address='52:54:00:ea:80:df'/>

      <source network='default'/>

      <target dev='vnet2'/>

      <alias name='net0'/>

      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>

    </interface>

    <interface type='bridge'>

      <mac address='52:54:00:d5:1d:01'/>

      <source bridge='guest1-lan'/>

      <target dev='vnet3'/>

      <model type='virtio'/>

      <alias name='net1'/>

      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>

    </interface>

    <serial type='pty'>

      <source path='/dev/pts/3'/>

      <target port='0'/>

      <alias name='serial0'/>

    </serial>

    <console type='pty' tty='/dev/pts/3'>

      <source path='/dev/pts/3'/>

      <target type='serial' port='0'/>

      <alias name='serial0'/>

    </console>

    <input type='mouse' bus='ps2'/>

    <graphics type='vnc' port='5901' autoport='yes'/>

    <video>

      <model type='cirrus' vram='9216' heads='1'/>

      <alias name='video0'/>

      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>

    </video>

    <memballoon model='virtio'>

      <alias name='balloon0'/>

      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>

    </memballoon>

  </devices>

  <seclabel type='none'/>

</domain>

 

 

Here is revised BRCTL Show after guest1 is running


BRCTL SHOW

bridge name bridge id               STP enabled     interfaces

br0                  8000.00237de0a132       no              em1

                                                        vnet0

c1000z-lan              8000.00237de0a133       no              em2.620

                                                        vnet3

c1000z-wan              8000.0022642b6586       no              p1p1.110

c2000t-lan              8000.00237de0a133       no              em2.619

c2000t-wan              8000.0022642b6586       no              p1p1.108

pk5001a-lan             8000.00237de0a133       no              em2.621

pk5001a-wan             8000.0022642b6586       no              p1p1.111

virbr0          8000.5254003e19b3       yes             virbr0-nic

                                                        vnet2



The above is obviously *not* the output of brctl on the same host as the above-listed guest, since that guest connects to a bridge called "guest1-lan", which isn't even in the brctl output at all.


 ----------------------------------------------------------------------------------------------------------


on guest1-lan terminal I see following :


route -n

destination      gateway          genmask         flags metric ref use iface

0.0.0.0            192.168.122.1  0.0.0.0           UG    100      0   eth0

192.168.122.0  0.0.0.0            255.255.255.0 U      0          0  eth0


DHCPDISCOVER on eth 1 to 255.255.255.255 port 67 interval 6 then 14, 13, 15

and then sleeping


so you are right I am not getting DHCP IP and I have "forward mode bridge" so libvirt is ignoring it

I want 192.168.0.2 on this with gateway 192.168.0.1


so looks like my problem is DHCP .... how can I able to run DHCP for all three guest which are part of em2

interface like em2.629, em2.621 and em2/622


Again, WHY do you need a separate vlan for each guest? I think you may be confused.


awaiting your suggestions....


1) stop top-posting.

2) either explain why you need each guest on a separate vlan, or give up on that idea and just connect all guest interfaces to a single network (or possible 2 networks - on lan and one wan, which you seen to have some requirement for).

3) if you really do require the guests to each be on a separate vlan, and you don't have any other host on the network that already serves dhcp on those vlans, then read /etc/dnsmasq.conf to learn how to configure it.


regards

dan



On Wed, Oct 30, 2013 at 9:56 AM, Dan Sa <dreamrider787@xxxxxxxxx> wrote:
Laine,

first thank you very much for your input, it cleared some doubts ... please find below the information in the desired format.

Versions:

1) Virtual Machine Manager 0.9.5[root@dsl-test qemu]# uname -a
2) Linux  3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
3) Fedora release 17 (Beefy Miracle) Kernel \r on an \m (\l)
4) virsh --version 0.9.11.10
5) rpm -qa | grep kvm
libvirt-daemon-kvm-0.9.11.10-1.fc17.x86_64
qemu-kvm-1.0.1-6.fc17.x86_64

I have 3 Guest and here is




On Wed, Oct 30, 2013 at 5:19 AM, Laine Stump <laine@xxxxxxxxx> wrote:
(There is no need or advantage to Cc'ing individuals who are already
subscribed to the mailing list.)

On 10/28/2013 05:34 PM, Dan Sa wrote:
> hello all,
>
> I have been trying to set-up bridged network with VLAN and not able to
> succeed as many tutorials address only single NIC.
>
> I am trying to setup 2 guests (backtrack instance) each guest has NIC1
> and NIC2. following is snippet for guest1
>
> I am not able to get 192.168.0.2 address back on guest eth0.


See the comment below about <forward mode='bridge'>. you'll need some
other entity on your vlan to run a dhcp server, because libvirt won't be
doing it for you in this case.


>
>
> VIRT-MANAGER  GUI :
>
> guest1-lan details radio button
>
> left side panel
>
> NIC1 ------------------> Virtual Network Interface
>                             Source Device : Virtual Network "default" NAT
>                             Device Model : Hypervisor default
>                              MAc Address : xxxxxxxxxxxxxx
>
> NIC2 ------------------> Virtual Network Interface
>                             Source Device : Specify Shared Device Name
>                                         Bridge name : guest1-lan
>                             Device Model : virto
>                              MAc Address : xxxxxxxxxxxxxx

The output of "virsh dumpxml $guestname" is much more useful than a
transcription of the virt-manager screens.

>
> HOST MACHINE :
>
> brctl show has br0 for bridge
> and virbr0 with 192.168.122.x address (created by default virtual
> network NAT)
>
>
>  /etc/sysconfig/network-scripts/
>
> 1) Bridge BR0 (cat ifcfg-br0)
>
> DEVICE="br0"
> TYPE="Bridge"
> _ONBOOT_="yes"
> NM_CONTROLLED="no"
> BOOTPROTO="static"
> IPADDR="xx.xx.xx.xx"
> NETMASK="255.255.254.0"
> GATEWAY="xx.xx.xx.xx"
> DNS1="x.y.z.s"
> DNS2="x.y.q.s"
>
> 2) cat ifcfg-em1
> NM_CONTROLLED="yes"
> HWADDR="02:12D:E2:B1:32"
> BOOTPROTO="static"
> DEVICE="em1"
> BRIDGE="br0"
> _ONBOOT_="yes"
>
> 3) ifcfg-em2
> NM_CONTROLLED="yes"
> HWADDR="02:24:7e:d0:b1:42"
> BOOTPROTO="static"
> DEVICE="em2"
> _ONBOOT_="yes"
>
> 4) THIS IS GUEST   (cat ifcfg-guest1-lan)

I don't understand what you mean by "this is guest". It isn't a part of
the guest; it is a bridge on the host that could be *used* by a guest.


> DEVICE=guest1-lan
> TYPE=Bridge
> _ONBOOT_=yes
> BOOTPROTO=static
> DELAY=1
>
> 5) GUEST VLAN (cat ifcfg-em2.620)
>
> DEVICE=em2.620
> VLAN=yes
> _ONBOOT_=yes
> BRIDGE=guest1-lan
>
> BRCTL Show Command :
>
> br0  8000.00237de0a132  no              em1
>                                                        vnet0
> guest1-lan 8000.00237de0a133   no    em2.620
> virbr0        8000.5254003e19b3    yes  virbr0-nic


From the above, it appears that there is only a single guest running,
and that it is connected via the br0 bridge; apparently you took this
output when neither of your dual-nic guests were running, as they should
have each attached tun devices to both guest1-lan and virbr0.


>
>
> VIRSH :
>
> virsh # net-list
> Name                 State      Autostart
> -----------------------------------------
> guest1-lan           active     yes
> default              active     yes
>
>
> virsh # iface-list
> Name                 State      MAC Address
> --------------------------------------------
> br0                  active     00:23:7d:e0:a1:32
> guest1-lan       active     00:23:7d:e0:a1:33
>
>
> iface-edit :
>
> virsh # iface-edit guest1-lan
>
> <interface type='bridge' name='guest1-lan'>
>   <start mode='onboot'/>
>   <bridge delay='1'>
>     <interface type='vlan' name='em2.620'>
>       <vlan tag='620'>
>         <interface name='em2'/>
>       </vlan>
>     </interface>
>   </bridge>
> </interface>
>
> ------------------------------------------------------------------
>
> /etc/libvirt/qemu/networks


(You shouldn't be looking at/modifying the files in
/etc/libvirt/qemu/networks directly. Instead, use "virsh net-dumpxml
guest1-lan" (for example) to look at the network config, and "virsh
net-edit guest1-lan" to modify it.)


>
> cat guest1-lan.xml
> <network>
>   <name>guest1-lan</name>
>   <uuid>a12747ec-21c9-0d21-ab06-064ba204bc52</uuid>
>   <forward mode='bridge' dev="br0"/>
>   <bridge name='guest1-lan' />
>   <ip address='192.168.0.1' netmask='255.255.255.0'>
>     <dhcp>
>       <range start='192.168.0.2' end='192.168.0.254' />
>     </dhcp>
>   </ip>


Any network with <forward mode='bridge'...> is an "unmanaged" network
from libvirt's POV, and thus the <ip> element and all its subelements
are ignored. If you use <forward mode='bridge'> then libvirt assumes
that the bridge device is already configured by the base OS config.

As of libvirt-1.0.1, attempts to define an <ip> element in a network
with <forward mode='bridge'> are flagged as an error. (It would be
helpful in future reports if you indicate your 1) libvirt version, 2)
qemu version, 3) distro and version, 4) kernel version. Although not
always applicable, sometime it can help in framing the issue.


> </network>
>
>
> cat default.xml
>
> <network>
>   <name>default</name>
>   <uuid>8778244b-1a0c-c15f-c348-26462a07a639</uuid>
>   <forward mode='nat'/>
>   <bridge name='virbr0' stp='on' delay='0' />
>   <mac address='52:54:00:3E:19:B3'/>
>   <ip address='192.168.122.1' netmask='255.255.255.0'>
>     <dhcp>
>       <range start='192.168.122.2' end='192.168.122.254' />
>     </dhcp>
>   </ip>
> </network>
>
> any guidance will be appriciated

Since you're defining a vlan tag, I assume that the physical network
attached to your host's em2 is actually using vlan 620? If not, and you
just need a network that's private to your guests and the host, I would
recommend simply defining a libvirt network with no <forward> element at
all. This network *will* be managed by libvirt, so libvirt will create a
bridge and give it an IP address, as well as running a dnsmasq instance
to serve up IP addresses to guests, but the guests won't be able to get
traffic anywhere beyond that bridge via their interface connected to the
bridge.

If you *are* using vlan 620 on the physical network, then you'll need to
setup some other dhcp server somewhere on that network (either run a
system instance of dnsmasq on the host that listens on em2.620, or run
dnsmasq or dhcpd on some other physical host or guest that listens on
its own vlan-tagged interface).






--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]