I am unable to get a linux bridge network working properly inside of a libvirt/kvm/qemu guest VM. Perhaps notably, guest VM networking is connected to host’s networking device also by a network bridge.
Here is a small diagram of what i am trying to achieve.
physical switch (LAN)
||
host adapter (enp4s0)
||
host linux bridge (br0)
||
guest adapter (vnet1/enp1s0)
||
guest linux bridge (gbr0) <------ doesn’t seem to work
||
lxc adapter (lxeth0) <------- haven’t bothered with this yet
The goal is to develop an Ansible installation process for LXC containers, and to prototype that process within a safe environment (a disposable VM) before eventually applying that same process on a bare metal machine. It is my hope to use LXC on bare metal, to avoid some of the costs and limitations that a VM is presenting me, specifically 1) NFS/SMB only for simultaneous guest access to host ZFS array, and 2) VM overhead costs. (#1 is especially problematic for SQLite DB locking)
I have been successful in connecting the VM adapter (vnet1) to the host network bridge (br0), having successfully stood up various services on the guest. This is done simply by adding the following file to the host:
$ cat /etc/network/interfaces.d/br0
auto br0
iface br0 inet dhcp
bridge_ports enp4s0
bridge_stp off
bridge_waitport 0
bridge_fd 0
When I tried to add the equivalent file into the guest, the guest was not accessible by SSH after restart. Additionally, when accessing the guest from virt-manager, I found that the guest was unable to ping external websites. I won’t bother to add LXC until I’ve correctly resolved the bridge issue and can connect to the guest via SSH again. Here is what I tried to configure inside the guest.
$ cat /etc/network/interfaces.d/gbr0
auto gbr0
iface gbr0 inet dhcp
bridge_ports enp1s0
bridge_stp off
bridge_waitport 0
bridge_fd 0
I admit that i don’t know enough about bridges or networking to know if what i am doing is invalid in some way. For reference, the host and guest are both Debian 10
Any help that can be provided would be much appreciated.
Yes. The second bridge gbr0 should be created within the VM.
For clarification:
vnet1 is the name of the qemu adapter that connects the guest to the host bridge br0. vnet0 (not shown on my diagram above) is the adapter name of another vm connected to br0.
enp1s0 is the name of the guest’s network adapter, as viewed from within the guest, to which i would connect the guest bridge gbr0
I want automate the installation of LXC and containers that are configured to use a supplied bridge. The idea was that if i could reproduce all of the relevant components inside a VM, then I could test all aspects of the automation in a “safe” environment that was easy to tear down and rebuild quickly. This is for a home-lab, so i am limited in my tools and resources to “practice” on.
Ok. I feel dumb. The reason my bridge wasn’t working is because there were other settings in /etc/network/interfaces that were conflicting with my custom setting in /etc/network/interfaces.d/gbr0
/etc/network/interfaces read:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug enp1s0
iface enp1s0 inet dhcp
All i needed to do was to comment out the last two lines, and my configs above would have been correct. D’oh!
As a rule:
When things start working against your assumptions, always reread the documentation! At the very least, it might remind you to go look at some things, which could in turn lead to a humbling epiphany.
Edit… or not. It worked, and now it doesn’t again. Maybe i learned something, but still trying to figure out what.
let me restart the rule!
When things start working against your assumptions, always reread the documentation! At the very least, it might remind you to go look at some things, which could in turn lead to a humbling epiphany.
Turns out i needed to reread my own advice!
install bridge-utils. This isn’t just for some CLI tools to create one-off bridge instances in an adhoc manner. (You could use ip for temporary bridges too.) bridge-utils is necessary for supporting the permanent configuration!
configure your network:
$ cat /etc/network/interfaces
source /etc/network/interfaces.d/*
#The loopback network interface
auto lo
iface lo inet loopback
#The primary network interface
#allow-hotplug enp1s0
#iface enp1s0 inet dhcp
(bottom lines are commented out so that the bridge owns the connection, as follows)
Create a configuration for the bridge. Note, the contents of this file could be moved to the above, but i like the dedicated file.
$ cat /etc/network/interfaces.d/gbr0
auto gbr0
iface gbr0 inet dhcp
bridge_ports enp1s0
bridge_stp off
bridge_waitport 0
bridge_fd 0
And that is it. I now have a guest VM with its own internal bridge network, connected to the host’s own bridge network. The next step is to install LXC on the guest, using the (guest-internal) bridge network to support the LXC containers.
