On 4/4/22 2:08 PM, Ian Pilcher wrote:
I've added an interface element to a libvirt network, but it isn't
working. The interface is not being added to the bridge, even after the
system is rebooted.
That's not what the <interface> element in a <network> is used for. It's
actual use is (in my opinion) not all that useful, which has led to
people assuming other functionality for it that doesn't exist.
The *actual* use of the <interface> element is simply to add an extra
iptables rule that will drop all traffic originating from a guest and
outbound to the real network if the interface it uses for egress doesn't
match the one listed in the <interface> element. It doesn't attach this
egress interface to the network's bridge, and it doesn't modify the
next-hop routing of the traffic (which is the more common mistaken
belief of its function).
Anyway, if you want to have a bridge device that is directly attached to
a physical ethernet, then you should set up a bridge in the host OS
outside the scope of libvirt, with the physical ethernet attached to it,
and then configure your libvirt guests to use that bridge with, e.g.
<interface type='bridge'>
<source bridge='br0'/>
...
# virsh net-dumpxml ocp4-net
<network>
<name>ocp4-net</name>
<uuid>b5852945-9889-4d22-ba61-879125316cec</uuid>
<forward dev='eno2' mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
<interface dev='eno2'/>
</forward>
<bridge name='virbr-ocp4' stp='on' delay='0'/>
<mac address='52:54:00:99:99:99'/>
<ip address='192.168.123.1' netmask='255.255.255.0'>
</ip>
</network>
# brctl show
bridge name bridge id STP enabled interfaces
virbr-ocp4 8000.525400999999 yes vnet0
virbr0 8000.525400a7ce7f yes
virbr1 8000.52540051eb1f yes vnet1
# rpm -q libvirt
libvirt-8.0.0-2.module_el8.6.0+1087+b42c8331.x86_64
Any ideas?
