<div dir="ltr">I'm posting from work, so I'm using gmail. Sorry for any weird formatting.<br><div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Aug 15, 2014 at 3:56 PM, unsolicited <span dir="ltr"><<a href="mailto:unsolicited@swiz.ca" target="_blank">unsolicited@swiz.ca</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Thanks for the message.<div class=""><br>
<br>
> - The second NIC is an 'UP', but an unconfigured member of a bridge<br>
> (brvm), which is also 'UP' but unconfigured. My virtual machines all<br>
> connect to the brvm bridge for direct network access.<br>
<br></div>
Huh? 'UP'? As in catches DHCP from house router / not specifically configured?<br></blockquote><div><br></div><div>No, no IP address, but the interface isn't 'DOWN'. Here's a snipped portion of my IP information. (Also, I use br_lan instead of brvm, which is easier to understand)<br>
<br>- p4p1 is my only ethernet device with an IP address (Just noticed that I still have ipv6 enabled on the other interfaces, but I don't use it).<br><br></div><div>- p6p1 is my "Public" interface, which is a member of br_wan<br>
<br></div><div>- p12p1 is my "LAN" interface, which is a member of br_lan.<br></div><div><br><div style="margin-left:40px">[root@zeus ~]# ip a<br>2: p6p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master <b>br_wan</b> state UP group default qlen 1000<br>
link/ether 00:1f:c6:36:98:cc brd ff:ff:ff:ff:ff:ff<br> inet6 fe80::21f:c6ff:fe36:98cc/64 scope link <br> valid_lft forever preferred_lft forever<br>3: p4p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000<br>
link/ether 00:1b:21:05:27:7f brd ff:ff:ff:ff:ff:ff<br><b> inet <a href="http://10.10.10.21/16">10.10.10.21/16</a> brd 10.10.255.255 scope global p4p1</b><br> valid_lft forever preferred_lft forever<br> inet6 fe80::21b:21ff:fe05:277f/64 scope link <br>
valid_lft forever preferred_lft forever<br>4: p12p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master <b>br_lan</b> state UP group default qlen 1000<br> link/ether 00:0e:0c:cf:80:4d brd ff:ff:ff:ff:ff:ff<br>
inet6 fe80::20e:cff:fecf:804d/64 scope link <br> valid_lft forever preferred_lft forever<br></div><br></div><div>When you create a VM, creates a virtual network interface on the host, which are joined to the appropriate bridge interfaces (All VMs are on br_lan, but my routing machine is also on br_wan).<br>
<br></div><div>libvirt itself creates the vibr* interfaces, for host-only and NAT routing. I don't use them, but haven't had a need to clean them up.<br></div><div><br><div style="margin-left:40px">[root@zeus ~]# brctl show<br>
bridge name bridge id STP enabled interfaces<br>br_lan 8000.000e0ccf804d no p12p1<br> vnet0<br> vnet2<br> vnet3<br>
vnet4<br> vnet5<br>br_wan 8000.001fc63698cc no p6p1<br> vnet1<br>virbr0 8000.525400e39548 yes virbr0-nic<br>
virbr1 8000.525400e7c266 yes virbr1-nic<br></div><br></div><div>I can make a tar.gz of my network configs if wanted, but here's the important bits from /etc/sysconfig/network-scripts/ (Note that this is all on a F20 machine):<br>
<br></div><div><b>ifcfg-p4p1</b> is a normal network config, for the normal host network.<br><br><div style="margin-left:40px">TYPE="Ethernet"<br>BOOTPROTO="none"<br>DEFROUTE="yes"<br>IPV4_FAILURE_FATAL="no"<br>
IPV6_FAILURE_FATAL="no"<br>NAME="p4p1"<br>UUID="3eb7febd-bd65-4758-a6ef-9e44d3426c2d"<br>ONBOOT="yes"<br>HWADDR="00:1B:21:05:27:7F"<br>IPADDR0=10.10.10.21<br>PREFIX0=16<br>
GATEWAY=10.10.10.1<br>DNS1=10.10.10.1<br>DOMAIN="<a href="http://chrisirwin.ca">chrisirwin.ca</a>"<br>NM_CONTROLLED=no<br></div><br></div><div><br></div><div><b>ifcfg-br_lan</b> and <b>ifcfg-br_wan</b> are identical, except for the DEVICE line.<br>
</div><div><br></div><div><div style="margin-left:40px">DEVICE=br_lan<br>TYPE=Bridge<br>BOOTPROTO=none<br>NM_CONTROLLED=no<br>IPV6INIT="no"<br>IPV6_AUTOCONF="no"<br>IPV6_DEFROUTE="no"<br></div>
<br></div><div><b>ifcfg-p12p1</b> and <b>ifcfg-p6p1</b> are identical, except for HWADDR and BRIDGE lines.<br><br><div style="margin-left:40px">TYPE="Ethernet"<br>ONBOOT="yes"<br>NM_CONTROLLED=no<br>BRIDGE=br_lan<br>
HWADDR="00:0e:0c:cf:80:4d"<br>IPV6INIT="no"<br></div><br></div><div><br> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<br>
So you must have a route on the host to direct traffic to the vm from it via this interface. [I get that all traffic outside this host would have vm traffic arrive via this interface. The arp'ing should keep the lines straight, as you don't have two ways externally to get to the host itself.]<br>
</blockquote><div><br>I didn't make any special routing rules, just whatever the system sets up from the above configs. The VMs get connectivity via the bridge -- think of it like a software network switch. (Ignore the annoying link-local lines, and the vibr0 lines, which are not used).<br>
<br><div style="margin-left:40px">[root@zeus network-scripts]# route<br>Kernel IP routing table<br>Destination Gateway Genmask Flags Metric Ref Use Iface<br><b>default ipfire.chrisirw 0.0.0.0 UG 0 0 0 p4p1<br>
10.10.0.0 0.0.0.0 255.255.0.0 U 0 0 0 p4p1</b><br>link-local 0.0.0.0 255.255.0.0 U 1003 0 0 p4p1<br>link-local 0.0.0.0 255.255.0.0 U 1005 0 0 br_wan<br>
link-local 0.0.0.0 255.255.0.0 U 1006 0 0 br_lan<br>192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr1<br>192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0<br>
</div> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
(Do you have the vm's on a separate subnet?)<br></blockquote><div><br></div><div>Nope, it's just like they are physically connected to my network. They are on the same network, can see broadcasts, can get DHCP, etc.<br>
<br> <br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
I'll bet Cranky would love you even more if you posted config examples or specifically pertinent links. (-:</blockquote><div><br></div><div>Apparently Network Manager is capable of handling bridges now, so this might be easier to configure. I haven't revisited in a few versions.<br>
</div></div><br clear="all"><br>-- <br><div dir="ltr">Chris Irwin<br><<a href="mailto:chris@chrisirwin.ca" target="_blank">chris@chrisirwin.ca</a>></div>
</div></div></div>