[fedora-virt] vanilla bridging network

Pavel Lisý pavel.lisy at gmail.com
Thu Sep 18 08:54:47 UTC 2014 

Robert Strickler píše v St 17. 09. 2014 v 18:49 -0700:
> I am trying to define a network tht just bridges the traffic between
> the virtual machine network and the LAN attached to eth0
> 
> 
> No dnsmasq/dhcp as it is difficult to impossible to tie dnsmasq to the
> master ISC servers on the LAN.
> 
> 
> It should forward/receive packets like a standard hardware bridge
> The virtual guests should get their addressing from the dhcp server on
> the LAN and DNS from the server as well.
> 
> 
> with the following I can not get dhcp discover reply from the LAN
> server, nor can I manually code the IP/gateway/DNS and ping the hard
> address (172.30.2.33) can anyone tell me what I am missing? Vhost and
> vguest are both CENTOS7

There is longstanding bug in Fedora (from F13 to F20, CentOS7 incl.)
which breaks bridge communication for libvirt.
It is combination of systemd/NetworkManager/firewalld/libvirtd. See:
https://bugzilla.redhat.com/show_bug.cgi?id=634736
and solution is described in: 
man sysctl.d

If you disable firewalld and it will work you have the same problem. 
Or you can check if sysctl returns 0 or 1 for bridge (0 is correct for
bridge settings)
sysctl -a | grep bridge
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
or
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0

One solution is to create udev rule:
echo 'ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/proc/sys/net/bridge"' > /etc/udev/rules.d/99-bridge.rules

It works for me.

Pavel

> ======================
> <networkstatus>
>   <class_id bitmap='0-2'/>
>   <floor sum='0'/>
>   <network>
>     <name>plain</name>
>     <uuid>31f78c2c-257d-4c57-82e5-0c53deadbeef</uuid>
>     <forward mode='bridge'/>
>     <bridge name='virbr1' />
>     <mac address='52:54:00:b1:34:77'/>
>     <domain name='plain'/>
>     <ip address='172.30.2.1' netmask='255.255.255.0'>
>         <dhcp relay='yes'/>
>         <dhcp enable='no' relay='yes'/>
> <!--
> The relay will not be started if the "enable" property is 'no':
> -->
>     </ip>
>   </network>
> </networkstatus>
> ===========================
> 
> 
> A routed environment would be acceptable, but bridged is better as it
> should not be required to change my routing on the gateway router 
> 
> 
> TIA,
> Bob
> _______________________________________________
> virt mailing list
> virt at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/virt

-- 
Pavel Lisý <pavel.lisy at tmapy.cz>

More information about the virt mailing list