KVM bridge config for LAN VM guest

[t3kg33k]

I have a Lenovo workstation that I have Centos 7 installed and KVM setup. The Lenovo only has one NIC. By default, of course, the KVM setup has configure a virbr0 as a NAT on the 192.168.122.0/24 network. However, I would rather have a bridged network to my one NIC so that all my VM guest can be on the same LAN network.
What is the best way to configure this?
Thanks in advance.

[jlehtone]

1. Disable the auto-start of the libvirt "default" network. There is no reason to have it('s interfaces) around if you won't use it.
2. Create bridge connection ("br0") on the host
3. Enslave physical NIC to br0
4. Configure br0 to get the host IP that used to be on the physical NIC
5. Change VM's to use br0

"Best way" to actually do those is debatable.
NetworkManager is the default method for host network configuration, but some prefer the older network.service.
Similarly, libvirt has more than one way to adjust VM's.

[t3kg33k]

1. Disable the auto-start of the libvirt "default" network. There is no reason to have it('s interfaces) around if you won't use it.
2. Create bridge connection ("br0") on the host
3. Enslave physical NIC to br0
4. Configure br0 to get the host IP that used to be on the physical NIC
5. Change VM's to use br0

"Best way" to actually do those is debatable.
NetworkManager is the default method for host network configuration, but some prefer the older network.service.
Similarly, libvirt has more than one way to adjust VM's.

I would prefer to use Network Manager. I have some Red Hat training and am still new to bridging and entirely new to KVM. Based on two different sites I found online (https://www.cyberciti.biz/faq/how-to-ad ... -on-linux/ and https://computingforgeeks.com/managing- ... -in-linux/) here are the steps I think should be completed to accomplish what I need. Please let me know if I am doing something wrong before I implement and, potentially, totally screw up my server.

First, here is the current state:

nmcli con show
NAME UUID TYPE DEVICE
eno1 b726c6c3-32e4-4026-a052-1eb351b48d0d ethernet eno1
virbr0 8dfb24a4-4bfd-4e4a-850f-aa42e18edecf bridge virbr0

ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether fc:4d:d4:3d:0c:ce brd ff:ff:ff:ff:ff:ff
inet 192.168.x.30/24 brd 192.168.x.255 scope global noprefixroute eno1
valid_lft forever preferred_lft forever
inet6 x:xx/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:47:35:c5 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:47:35:c5 brd ff:ff:ff:ff:ff:ff

Here is where I think I need to get to:

1. Create the bridge and configure with current IP address of eno1

nmcli con add type bridge con-name br0 ifname br0 autoconnect yes
nmcli con add type bridge-slave ifname eno1 master br0
nmcli con down eno1
nmcli connection modify br0 ipv4.addresses 192.168.x.30/24 ipv4.method manual ipv4.gateway 192.168.x.1 ipv4.dns 8.8.8.8
nmcli con up br0

2. Disable default NAT bridge

virsh net-autostart --network default --disable

3. Create bridge configuration for VM guest

vim br0.xml

<network>
<name>br0</name>
<forwardmode="bridge"/>
<bridgename="br0"/>
</network>

virsh net-define br0.xml
virsh net-start br0
virsh net-auto start br0

Again, those steps above are based on two different sites I found. I'm not entirely sure if step 3 is required.

[jlehtone]

Quick questions, before we proceed:

How do you configure the eno1 currently?

Code: Select all

nmcli -f ipv4.method con show eno1

Is that 'auto' or 'manual'?

If manual, why? You are on private 192.168/16 subnet, so you probably have "home router" that offers DHCP. I would use that.
If you don't have DHCP server, then you have to manually configure each VM too.


Do you use IPv6? (If not, then we can set it to 'ignore'.)

[t3kg33k]

Quick questions, before we proceed:

How do you configure the eno1 currently?

Code: Select all

nmcli -f ipv4.method con show eno1

Is that 'auto' or 'manual'?

If manual, why? You are on private 192.168/16 subnet, so you probably have "home router" that offers DHCP. I would use that.
If you don't have DHCP server, then you have to manually configure each VM too.


Do you use IPv6? (If not, then we can set it to 'ignore'.)

Yes, I have it set to manual. I always set my servers to manual/static IP, even though I have a DHCP server on my router. And, I have no problem setting my VM guest to manual also. A majority of the time I am creating VM guest that are server labs, and sometimes servers that serve specific purposes, so most of the time they will be VM servers with static IP addresses. I will rarely create a VM desktop that requires DHCP.
I do not use ipv6.

[jlehtone]

Note: All my machines have static IP addresses, but they all (except the DHCP server itself) get the static address from DHCP.

2. Disable default NAT bridge

Code: Select all

virsh net-autostart --network default --disable

Yes. (Note that stopping the "default" will not remove the virbr0. Won't be created on boot.)

3. Create bridge configuration for VM guest

No. This creates a "network" like the "default". It is a bridge, but it starts when libvirt starts.
Distinct from the "br0" on the host (and a name conflict). Not coupled to eno1 either.
We do not want any libvirt networks.


Example 9 in: man nmcli-examples
If I would be sitting on the host (i.e. not affected by temporary loss of connections), then I would:

Code: Select all

nmcli con down eno1
nmcli con delete eno1
nmcli con add type bridge con-name br0 ifname br0 ipv6.method ignore ipv4.method manual ipv4.addresses 192.168.x.30/24  ipv4.gateway 192.168.x.1 ipv4.dns 8.8.8.8 bridge.stp no
nmcli con add type ethernet con-name br-eno1 ifname eno1 master br0
nmcli con up br0

One should be able to set most attributes directly on "con add".


man virsh describes command attach-interface
Lets say that you have VM named "hotel". You should be able to "hotplug a NIC card" to it with:

Code: Select all

virsh attach-interface hotel bridge br0 --persistent --model virtio

You could set MAC there too. I'm not sure whether 'virtio' is the default model. Hence explicit.

Disclaimer: While I dislike GUIs, I frequently use virt-manager or virsh edit the xml. Hence the above is "what the book says".

[t3kg33k]

Thank you for this. The bridge network is working now. However, when I open virt-manager the bridge network was not available. I did end up having to create the .xml file and run the commands for it to be visible within virt-manager.

vim br0.xml

<network>
<name>br0</name>
<forward mode="bridge"/>
<bridge name="br0"/>
</network>

virsh net-define br0.xml
virsh net-start br0
virsh net-auto start br0

Also the command to delete the eno1 did not work either...

nmcli con delete eno1

...so I left it, even though it is disabled.

nmcli connection show
NAME UUID TYPE DEVICE
br0 387fb419-58a4-4e37-b056-67cae0d5df03 bridge br0
br-eno1 e86196b9-7572-4c66-b5c3-3660aebf8cd3 ethernet eno1
eno1 b726c6c3-32e4-4026-a052-1eb351b48d0d ethernet --

I haven't created a VM guest yet but once I do I will report back.

[jlehtone]

However, when I open virt-manager the bridge network was not available. I did end up having to create the .xml file and run the commands for it to be visible within virt-manager.

I have no networks in virt-manager either (except the disabled 'default' that I have not erased completely).

Instead, on a VM I can:
> Add Hardware
-> Network
--> select "Bridge br0: Host device br0" as "Network source"
--> select "virtio" as "Device model"

Creation of new VM dialog does have the same "Network source" list, that has entries like:

Code: Select all

Bridge br0: Host device br0
Virtual network 'default' : NAT
Host device eno1: macvtap
Specify shared device name

Did you (re)start libvirtd after the host-bridge was created?
(My guess: you did not and libvirt does not dynamically detect new host interfaces.)

the command to delete the eno1 did not work

"did not work" ... What exactly happens? Error message? If yes, what?

[t3kg33k]

Did you (re)start libvirtd after the host-bridge was created?
(My guess: you did not and libvirt does not dynamically detect new host interfaces.)

Actually, I had completely rebooted the server after creating the bridge. When br0 was not available for the VM guest is what led me to creating the .xml file and running the commands to create the br0 network for the VM guest from that .xml file.

"did not work" ... What exactly happens? Error message? If yes, what?

nmcli delete eno1
Error: argument 'delete' not understood. Try passing --help instead.

[t3kg33k]

Okay. I may have spoke too soon. I now rebooted after creating the .xml and running those commands and now my VM guest is no longer communicating via the bridge. Before I was able to get an IP address via DHCP, now I am getting nothing. I even assigned a static IP address on the VM guest and still no network connection.
So, I think creating that .xml screwed something up. I have to find a way to back that out now.