KVM/BRIDGE/SUBNET

seven_skies · July 19, 2018, 1:31pm

Hi All,
host Leap 15, with kvm and the default bridge installed, i am trying to add public statip ip subnet without luck, tried yast modifying the existing bridge to static ip with subnet prefix, saving settings,> running the vm making sue it is suing br0 but still the vm have not an ip or internet access, beside all , what is the right and correct way to add bridge with sibnet/29 and make sure both subnet and server ip are accessible .
Thanks.

tsu2 · July 19, 2018, 4:27pm

Hello,
Welcome to the openSUSE Technical Help Forums.
When you post, there are a few conventions and practices you should follow to make your post as clearly understood as possible…

Be as descriptive as possible. In your case, this would mean that when you describe the steps you tried (Thank you, sometimes people don’t even describe as much as you did), you need to include the specific commands you ran or the specific fields you may have filled out in YaST (screenshots are helpful, when that isn’t possible a picture from your phone can work)
When you post a specific command or the result from a command, include that within

 tags, which can easily be created by using the hash button #] in your Forum Post editor web page.

Now, for your actual post...

Before I go writing up another long post describing bridge devices (You'll find many if you search "tsu2 bridge" in both this Networking and more often in the Virtualization forums), this time I'm going to build on some official documentation this time...

First, you should understand the idea that a bridge device is created to represent and provide access to a type of virtual network, so once created it's probably not a good idea to modify the device. Existing bridge devices were configured a certain way when created for a reason, and if you modify it that configuration will be altered and to some extent destroyed, and so not available for use in that form again.

Instead, you should want to create new bridge devices from scratch each time, but only if an existing bridge device doesn't already provide access to a virtual network of your liking.

Now,
At this point I'd suggest you at least skim the following, you don't need to understand it in depth yet but you will need to know many of the concepts described at the 30,000 foot level. Come back to this document when you want to drill down for more detail

https://wiki.libvirt.org/page/VirtualNetworking

I'd mention that you may run into bridge devices named a number of different ways but usually with "br" somewhere in the name, eg br0, br1, virbr0, virbr1, etc. All such bridge devices may be named differently but function the same. Bridge devices are typically named by the tool used to create the device but there is no hard, fast rule for device naming. If you have a machine with multiple virtualization technologies installed, although you **cannot or should not ever run any virtualization technology** without first killing everything related to every other virtualization technology (including stopping services!), you can certainly use bridge devices created by some other virtualization technology. So, for instance you could be running KVM and use a bridge device created by libvirt, YaST, VMware, Virtualbox, etc. without a problem.

You should also understand that there are 3 types of bridge devices, and some services and configurations are possible in some but not others...

- Network Bridging, aka "transparent," aka "Routed" - Allows the Guest to function the same as any physical machine on a physical network. No services can be configured within the bridge device like DHCP. Network Services must be provided by the network. Unlike NAT and Host-only bridge devices, because this bridge device is "transparent" to the physical network, no NetworkID and mask are configured.

- NAT (and derivatives like what you'll find in VBox) - Most common and useful configuration because it enables the network to be completely portable on a mobile device (eg laptop). Is a "host only" type virtual network but connected to a physical interface with NAT. Supports a DHCP service configured within the bridge device, and by extension an IPv4 scope. Like a host-only network, a NAT network must be defined by NetworkID and mask.

- Host Only, aka "isolated" - As its name implies, is functional only on the physical machine. Because unlike NAT, this bridge device is not connected to a physical interface, there is no network connectivity with the outside world both physical and other virtual. Is normally not scoped but the virtual network is defined by NetworkID and mask.

As for creating a virtual network...
I personally recommend using libvirt's virt-manager as the easiest tool to use.
Skimming the reference link I gave you earlier, I see what looks like a good description with screenshots in the links for "Creating a virtual network" just below "The Virtual Machine Manager (virt-manager) Here is the link to the section on that page

https://wiki.libvirt.org/page/VirtualNetworking#Creating_a_virtual_network

From the above,
I hope you can understand your approach to trying to set up a bridging bridge device with some kind of network configuration makes no sense.

If still unclear, post again.

TSU

seven_skies · July 19, 2018, 10:29pm

tsu2:

Hello,
Welcome to the openSUSE Technical Help Forums.
When you post, there are a few conventions and practices you should follow to make your post as clearly understood as possible…

Be as descriptive as possible. In your case, this would mean that when you describe the steps you tried (Thank you, sometimes people don’t even describe as much as you did), you need to include the specific commands you ran or the specific fields you may have filled out in YaST (screenshots are helpful, when that isn’t possible a picture from your phone can work)
When you post a specific command or the result from a command, include that within

 tags, which can easily be created by using the hash button #] in your Forum Post editor web page.

Now, for your actual post...

Before I go writing up another long post describing bridge devices (You'll find many if you search "tsu2 bridge" in both this Networking and more often in the Virtualization forums), this time I'm going to build on some official documentation this time...

First, you should understand the idea that a bridge device is created to represent and provide access to a type of virtual network, so once created it's probably not a good idea to modify the device. Existing bridge devices were configured a certain way when created for a reason, and if you modify it that configuration will be altered and to some extent destroyed, and so not available for use in that form again.

Instead, you should want to create new bridge devices from scratch each time, but only if an existing bridge device doesn't already provide access to a virtual network of your liking.

Now,
At this point I'd suggest you at least skim the following, you don't need to understand it in depth yet but you will need to know many of the concepts described at the 30,000 foot level. Come back to this document when you want to drill down for more detail

https://wiki.libvirt.org/page/VirtualNetworking

I'd mention that you may run into bridge devices named a number of different ways but usually with "br" somewhere in the name, eg br0, br1, virbr0, virbr1, etc. All such bridge devices may be named differently but function the same. Bridge devices are typically named by the tool used to create the device but there is no hard, fast rule for device naming. If you have a machine with multiple virtualization technologies installed, although you **cannot or should not ever run any virtualization technology** without first killing everything related to every other virtualization technology (including stopping services!), you can certainly use bridge devices created by some other virtualization technology. So, for instance you could be running KVM and use a bridge device created by libvirt, YaST, VMware, Virtualbox, etc. without a problem.

You should also understand that there are 3 types of bridge devices, and some services and configurations are possible in some but not others...

- Network Bridging, aka "transparent," aka "Routed" - Allows the Guest to function the same as any physical machine on a physical network. No services can be configured within the bridge device like DHCP. Network Services must be provided by the network. Unlike NAT and Host-only bridge devices, because this bridge device is "transparent" to the physical network, no NetworkID and mask are configured.

- NAT (and derivatives like what you'll find in VBox) - Most common and useful configuration because it enables the network to be completely portable on a mobile device (eg laptop). Is a "host only" type virtual network but connected to a physical interface with NAT. Supports a DHCP service configured within the bridge device, and by extension an IPv4 scope. Like a host-only network, a NAT network must be defined by NetworkID and mask.

- Host Only, aka "isolated" - As its name implies, is functional only on the physical machine. Because unlike NAT, this bridge device is not connected to a physical interface, there is no network connectivity with the outside world both physical and other virtual. Is normally not scoped but the virtual network is defined by NetworkID and mask.

As for creating a virtual network...
I personally recommend using libvirt's virt-manager as the easiest tool to use.
Skimming the reference link I gave you earlier, I see what looks like a good description with screenshots in the links for "Creating a virtual network" just below "The Virtual Machine Manager (virt-manager) Here is the link to the section on that page

https://wiki.libvirt.org/page/VirtualNetworking#Creating_a_virtual_network

From the above,
I hope you can understand your approach to trying to set up a bridging bridge device with some kind of network configuration makes no sense.

If still unclear, post again.

TSU

Hi,
i understand what you mean by be more descriptive, which i will try here;
the link mentioned i went through them many times before, and the terminology behind types of bridges on host and on libvirt i am familiar with.
now opensues with two static ips on same subnet; first one used for hhost and second for kvm, is already accomplished with the default br0 after libvoirt installation with adding libvirt network bridge type according to opensuse kvm docs
https://doc.opensuse.org/documentation/leap/virtualization/html/book.virt/cha.libvirt.networks.html#libvirt.networks.bridged ;
<network> <name>host-bridge</name>
<forward mode=“bridge”/>
<bridge name=“br0”/>
</network>
############################
now you ask me what are you trying to active? what have you tried and what is wrong?
here you go;
i have ded server runing opesuse leap 15+ libvirt kvm all frehs install + static ip for the ded + subnet/29 on diffrent gateway on same eth card; which i want to use for kvm; allright?

what have you tried to accomplish this and what are you facing ?

i have trid two ways; yast terminal, and direct terminal;
with yast tried br1; ip of the subnet + netmask of subnet;
all good now;
ip a;
i get default host ip for eth0; and ip/subnet of “subnet” for br1;
from kvm side;
virsh define ; <network> <name>host-bridge</name>
<forward mode=“bridge”/>
<bridge name=“br1”/>
</network>
virsh net-start host-bridge;
virsh edit vm;“change network bridge name accordingly+ did not know about what to do with mac because there autogenrated mac i gusie which is diffrent from the eth0 mac, however i tried both mac auto genrated and the eth0 instead of same out come >>keep followin me”
virsh start vm;
vm starts; it has ip from the subnet range but no network connectivity!!!
###################################
keep followin with yast terminal but this time with eth1 + ip of subnet+ subnet
from kvm libvirt side ; <network>
<name>vnet_routed</name>
<bridge name=“virbr1” />
<forward mode=“route” dev=“eth1”/>1
<ip address=“192.168.122.1” netmask=“255.255.255.0”>
<dhcp>
<range start=“192.168.122.2” end=“192.168.122.254” />
</dhcp>
</ip>
</network>
note; i changed the bridges values according to my subnet numbers; i am just explaining the step i followed which did not work;
virsh net-define vnet_routed
virsh net-start vnet routed
virsh edit vm; change bridge name accordingly;
virsh start vm;
vm starts has ip from range but no internet activity;
NOTE; it came to my mind maybe i need to do routes so went to yast network routes destination firtst usable ip; netmask of subnet; gatway eth0 static ip"which the subnet email states i should use the eth0 as gateway for the subnet", and yes there is no gudie jsut subnet gatways; for device tried all one by one for the previouse two ways; eth1; and br1;
all did not work; same result vm gets ip but not internet connectivity;
###################################
now with my non yast but direct terminal way;
firs i had to remove the bridge and modify the eth device filling all info related to my main dedicated server sttic ip, as ip netmask and name server and default gateway as well; so teh host has internet connectivity and the ip it should have;
now i still have subnet/29 on diffrent gateway which i still need to use it for kvm so here is what i tried from teminal;

cat /etc/sysconfig/network/routes
default eth0GatewayIp - eth0
subnetip/29 eth0MainIp br0systemctl restart network;systemctl restart network-online;virsh destroy vm;virsh net-destroy host-bridge;virsh start host-bridge;virsh start vm;vm hangs for 5 min no ip no internet connectivity;to be honest i am frustrated right now;my ways could be wrong; do not debug me please, instead you already know aht i a tring to achive gudie to how to make it work the right way instead please.Thank you;

tsu2 · July 20, 2018, 12:51am

I’m afraid you’ve fallen victim to our openSUSE virtualization documentation…
Although it can make sense to someone experienced who can pick out what might be applicable in a particular situation, an inexperienced person cannot simply step through what is written and make something work.

I wish I could say it in a place all persons can see…
Although most openSUSE documentation is really, really good, the openSUSE Virtualization documentation should not be read by anyone but very experienced people… because of the numerous issues lack of clarity and questionable terminology. And, SUSE 12 virtualization is now infected with the same problems which shoed up first in openSUSE documentation. I can only recommend new Users look up the old SUSE 11 SP3 documentation for early learinng. There are some valuable nuggets of information in there, but only the experienced can identify those and filter out the misleading. For the most part, most parts won’t actually cause damage, but it seems you’ve happened on such a case… Everything you say you did to your bridge device has to be either undone or simply don’t use that device, ever.

The flaw in the particular documentation you reference that describes creating a bridge device using YaST describes a number of options that <are available> but does not give any guidance what should be configured for any specific type of bridge device.

So, for instance as I tried to state clearly in my previous post, if you are configuring a “network bridging” bridge device, you <do not> configure any IP address, range of addresses or any network services like DHCP. The reasons for this lack of network configuration should be obvious to anyone who pauses to reason this out… The objective is to enable the Guest to function as a fully capable Host on the physical network, and any configuration can only restrict or mis-configure, and enabling a DHCP service could cause contention and collisions with an existing DHCP service on the physical network. So, it should be obvious that configuring <anything> is bad, you’d have to be very lucky to avoid numerous and major problems.

Specifically regarding your situation,
If I’m interpreting your attempts to describe your networking, should be described as follows…

The host is a multi-homed machine with two physical networks, eth0 connected to the upstream network (toward the Internet) and eth1 connected to a downstream network. The next thing you have to state is whether DHCP services are available on either physical network. You describe trying to configure static addresses (which you should not do) which can be done correctly, but if you have DHCP available on either or both networks, you should probably decide instead to configure “DHCP Reserved Leases.”

Then you should say that you have KVM installed, and you want to configure your Guest to also be connected to each physical network.
You should then say whether you installed your KVM by using the YaST “Install Virtualization” module, and whether during the installation you accepted the recommendation to allow the installer to create br0 for you.

You should then post the following which describes any and all bridge devices

brctl show

As I described in my prior post, you should not touch the configuration of br0, You’ll likely want to use it as it was created, and anything you might do to modify it has to be undone or you’ll have to create another bridge that does what br0 originally did. If you need to create a new bridge device, I recommend using virt manager because you’ll be guided how to create what you need instead of blindly thrashing about in YaST.

I would suggest that you configure your Guest to connect to your upstream network only to start, and set aside configuring your second network adapter. The following is a rough graphic of what you want to set up, and assumes that your br0 can be returned to its original configuration (maybe if you’ve installed on BTRFS you may simply want to roll back and undo everything up to the point before you installed virtualization and start over).

Configured correctly, your Guest network configuration where your IP address, DG and DNS are configured inside the Guest only and can even be a DHCP client if DHCP services are available on the physical network.

TSU

tsu2 · July 20, 2018, 1:04am

After you’ve configured your upstream network configuration and understand what you’ve done,
You can then try to replicate your upstream confiugration to setting up your downstream configuration (should be nearly the same but without a DG)

TSU

seven_skies · July 20, 2018, 3:05am

Hi. Thanks for the reply.
I am not sure what did you mean in your second post by i might have two physical networks. As i explained on what i am trying to achieve. I have one eth0 card which have its own public ip. And i have subnet on different gate way using same card. In other words. I have dedicated server one eth card has offcours static ip.i ordered additional ipa as subnet to the server so i can use them for virtualization. They provided me with subnet they sating its routed to my server. Dose that make sense now?
I installed kvm virtualization while i installed the OS itself from software menue.
I do not see why should i repeat what i did over and over again. Seems to me you did not read my post well. However you are not supposed to but your reply dose not help at all. Thanks.

tsu2 · July 20, 2018, 5:22am

seven_skies:

Hi. Thanks for the reply.
I am not sure what did you mean in your second post by i might have two physical networks. As i explained on what i am trying to achieve. I have one eth0 card which have its own public ip. And i have subnet on different gate way using same card. In other words. I have dedicated server one eth card has offcours static ip.i ordered additional ipa as subnet to the server so i can use them for virtualization. They provided me with subnet they sating its routed to my server. Dose that make sense now?
I installed kvm virtualization while i installed the OS itself from software menue.
I do not see why should i repeat what i did over and over again. Seems to me you did not read my post well. However you are not supposed to but your reply dose not help at all. Thanks.

OK, apparently I didn’t understand what you originally posted and still don’t understand after what you just posted.

I understand now that you have only one physical network card.
I do not understand what you are describing when you say that you have “subnet on different gate way”

In all likelihood you could be mis-using the term to subnet… That means that you have an assigned network, and typically by using a subnet mask define a portion of the network.
And, I don’t understand what this subnet (if it is a network) has to do with “a different gateway,” Different from what? And, why should a “different gateway” be required, with a single physical NIC, unless there is a lot of virtual networking you haven’t described there’s not much opportunity for complexity.

If you really are subnetting something, then probably the best way to show what you have done is to actually post the network and your subnetted networks.

It might also be helpful to know what the role of your Guest is… what you expect it to do.
Since you describe addresses from your Provider, I suspect your Guest will function as some kind of edge device… Perhaps as a VPN beachhead? Firewall? Web server? File Server? Something else?

If you can better describe what you are trying to do, I can better recommend what you should set up.
But,even with more info I can almost guarantee you that your br0 should not have been modified.

TSU

KVM/BRIDGE/SUBNET

cat /etc/sysconfig/network/ifcfg-br0