libvirt Bridging thru VLANs
by lpallard from LinuxQuestions.org on (#52YDH)
Hello
I have libvirt running on a Linux mint desktop physically connected to a pfSense router via physical interface "enp2s0". This desktop gets an IP from pfSense under VLAN 100 via a procurve managed switch which tags traffic as necessary.
I am trying to have libvirt virtual machines get an IP from pfSense under different VLAN's via the same physical network. Basically VM1 would get its IP under subnet 192.168.1.0/24 while VM2 would get it from sub 192.168.2.0/24. The host would remain attached to subnet 192.168.3.0/24.
It works with Virtualbox. I configured the VM's with a bridged adapter, selected the physical interface on the host as its parent interface (en2ps0), then used tagging inside of the VM (via the intel networking driver). Works flawlessly. The Windows VM gets an IP from pfsense under the proper subnet and is reachable on the network.
I am trying to reproduce the same with libvirt (1.5.1) with the exception that I'd prefer to have the VLAN assignment done outside of the VM... Following tutorials and other "how-to's" didn't produce any results other than losing the network connection on the host and having to reset the entire network stack and services....
This is what I tried:
From what I understand, I need to create the VLAN interfaces on the host first (called "vlan.200" & "vlan.300"), assign the VLAN tag (number) and select the physical interface (enp2s0) as parent interface.
Then I need to create a bridge (lets call it br0) via:
Code:sudo brctl addbr br0and make the VLAN's members of it with:
Code:sudo brctl addif br0 vlan.200 vlan.300I experience several anomalies. the network manager (GUI) of Linux Mint doesn't play will with what happens in the CLI. For example, creating the VLAN's on the GUI, when I do a "ifconfig -a" I do not see vlan.200 while it is in the GUI.
Code:br0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether b5:20:10:80:6e:60 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.3.112 netmask 255.255.255.0 broadcast 192.168.3.255
inet6 fe80::ca60:ff:fe70:1e70 prefixlen 64 scopeid 0x20<link>
ether b5:20:10:80:6e:60 txqueuelen 1000 (Ethernet)
RX packets 399520 bytes 598852155 (598.8 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 202091 bytes 12670772 (12.6 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 3219 bytes 347531 (347.5 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3219 bytes 347531 (347.5 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vlan.300: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether b5:20:10:80:6e:60 txqueuelen 1000 (Ethernet)
RX packets 60677 bytes 90894485 (90.8 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 35093 bytes 1945042 (1.9 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0If I try to make vlan.200 a member of br0, it says:
Code:interface vlan.200 does not exist!Finally, if I end up creating vlan.200 so ifconfig sees it, and attach it to br0, I lose all connectivity (the host loses network connectivity).
Right now, I deleted everything and re-created the basic "Ethernet" connection in the GUI so at least I have network connectivity.
What am I doing wrong?
Thanks!
I have libvirt running on a Linux mint desktop physically connected to a pfSense router via physical interface "enp2s0". This desktop gets an IP from pfSense under VLAN 100 via a procurve managed switch which tags traffic as necessary.
I am trying to have libvirt virtual machines get an IP from pfSense under different VLAN's via the same physical network. Basically VM1 would get its IP under subnet 192.168.1.0/24 while VM2 would get it from sub 192.168.2.0/24. The host would remain attached to subnet 192.168.3.0/24.
It works with Virtualbox. I configured the VM's with a bridged adapter, selected the physical interface on the host as its parent interface (en2ps0), then used tagging inside of the VM (via the intel networking driver). Works flawlessly. The Windows VM gets an IP from pfsense under the proper subnet and is reachable on the network.
I am trying to reproduce the same with libvirt (1.5.1) with the exception that I'd prefer to have the VLAN assignment done outside of the VM... Following tutorials and other "how-to's" didn't produce any results other than losing the network connection on the host and having to reset the entire network stack and services....
This is what I tried:
From what I understand, I need to create the VLAN interfaces on the host first (called "vlan.200" & "vlan.300"), assign the VLAN tag (number) and select the physical interface (enp2s0) as parent interface.
Then I need to create a bridge (lets call it br0) via:
Code:sudo brctl addbr br0and make the VLAN's members of it with:
Code:sudo brctl addif br0 vlan.200 vlan.300I experience several anomalies. the network manager (GUI) of Linux Mint doesn't play will with what happens in the CLI. For example, creating the VLAN's on the GUI, when I do a "ifconfig -a" I do not see vlan.200 while it is in the GUI.
Code:br0: flags=4098<BROADCAST,MULTICAST> mtu 1500
ether b5:20:10:80:6e:60 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.3.112 netmask 255.255.255.0 broadcast 192.168.3.255
inet6 fe80::ca60:ff:fe70:1e70 prefixlen 64 scopeid 0x20<link>
ether b5:20:10:80:6e:60 txqueuelen 1000 (Ethernet)
RX packets 399520 bytes 598852155 (598.8 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 202091 bytes 12670772 (12.6 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 3219 bytes 347531 (347.5 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3219 bytes 347531 (347.5 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vlan.300: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether b5:20:10:80:6e:60 txqueuelen 1000 (Ethernet)
RX packets 60677 bytes 90894485 (90.8 MB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 35093 bytes 1945042 (1.9 MB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0If I try to make vlan.200 a member of br0, it says:
Code:interface vlan.200 does not exist!Finally, if I end up creating vlan.200 so ifconfig sees it, and attach it to br0, I lose all connectivity (the host loses network connectivity).
Right now, I deleted everything and re-created the basic "Ethernet" connection in the GUI so at least I have network connectivity.
What am I doing wrong?
Thanks!