Re: Network routing!
Posted by jlehtone on 2012/3/28 20:41:22
Quote:
That is correct. eth0 is a member of the br0 and does not need any address. Let br0 and only br0 have that public address.
There actually isn't "bridged network". The eth0-br0 is an interface just to outside. The virbr0 is more like a virtual LAN that presumably connect the guest and host. Name "virbr0" looks like it is the "default" network created by libvirt.
If libvirt is used, the guest configuration can be used to bind the NIC of the guest directly to the br0. Then there would be a bridged network, but then the guest would need a public IP.
Title of the thread is routing, so lets route. Remove the br0 entirely and let the eth0 to keep the address. I presume that the guest gets IP in 192.168.122.0/24 from "DHCP", and its gateway is 192.168.122.1. (Have to presume, for only host-side info has been shown so far.) The "DHCP" is actually dnsmasq process spawned by libvirtd. Therefore, the guest should be able to connect to the host (192.168.122.1) and vice versa. dnsmasq will do NAT too. I'm quite sure the libvirt offers the configuration options for this, even in the "virt-manager" tool.
I did last week install a guest into a Fedora host, and I didn't activate routing nor tamper iptables myself. The virt-manager & libvirt did. The host routes and SNAT's packets that originate from the 192.168.122.0/24 and go out from eth0. It just works.
Summary:
1. Remove the br0.
2. Fire up 'virt-manager'
2a. Set the "default network" to NAT mode (or whatever it is called).
2b. Change type of the NIC of the guest (or remove&add).
pschaff wrote:
I am admittedly out of my depth here as I don't use KVM or bridges, but I believe that the IP address should be assigned to br0 and not to eth0. Hopefully someone with more knowledge in this domain can comment.
That is correct. eth0 is a member of the br0 and does not need any address. Let br0 and only br0 have that public address.
There actually isn't "bridged network". The eth0-br0 is an interface just to outside. The virbr0 is more like a virtual LAN that presumably connect the guest and host. Name "virbr0" looks like it is the "default" network created by libvirt.
If libvirt is used, the guest configuration can be used to bind the NIC of the guest directly to the br0. Then there would be a bridged network, but then the guest would need a public IP.
Title of the thread is routing, so lets route. Remove the br0 entirely and let the eth0 to keep the address. I presume that the guest gets IP in 192.168.122.0/24 from "DHCP", and its gateway is 192.168.122.1. (Have to presume, for only host-side info has been shown so far.) The "DHCP" is actually dnsmasq process spawned by libvirtd. Therefore, the guest should be able to connect to the host (192.168.122.1) and vice versa. dnsmasq will do NAT too. I'm quite sure the libvirt offers the configuration options for this, even in the "virt-manager" tool.
I did last week install a guest into a Fedora host, and I didn't activate routing nor tamper iptables myself. The virt-manager & libvirt did. The host routes and SNAT's packets that originate from the 192.168.122.0/24 and go out from eth0. It just works.
Summary:
1. Remove the br0.
2. Fire up 'virt-manager'
2a. Set the "default network" to NAT mode (or whatever it is called).
2b. Change type of the NIC of the guest (or remove&add).
Re: Network routing!
Posted by pschaff on 2012/3/28 18:32:04
Quote:
Somewhat OT: Thats a very old CentOS-6.0 series kernel. Apparently you either have not updated everything, or are still running an obsolete kernel. A "yum update" and reboot are recommended.
Quote:
I am admittedly out of my depth here as I don't use KVM or bridges, but I believe that the IP address should be assigned to br0 and not to eth0. Hopefully someone with more knowledge in this domain can comment. Some of the upstream docs and information may be helpful.
Quote:
OT: If that's in reference to the CentOS web site - there are lots of things that fall short of best practices and modern infrastructure. Hopefully one day we'll get get Website Ver2 AKA "Website 2.0", but we've been waiting for years already.
rot3r wrote:
...
== BEGIN uname -rmi ==
2.6.32-71.29.1.el6.x86_64 x86_64 x86_64
== END uname -rmi ==
Somewhat OT: Thats a very old CentOS-6.0 series kernel. Apparently you either have not updated everything, or are still running an obsolete kernel. A "yum update" and reboot are recommended.
Quote:
...
== BEGIN route -n ==
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
188.40.134.193 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
188.40.134.193 0.0.0.0 255.255.255.255 UH 0 0 0 br0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 br0
0.0.0.0 188.40.134.193 0.0.0.0 UG 0 0 0 eth0
== END route -n ==
I am admittedly out of my depth here as I don't use KVM or bridges, but I believe that the IP address should be assigned to br0 and not to eth0. Hopefully someone with more knowledge in this domain can comment. Some of the upstream docs and information may be helpful.
Quote:
...
as a web designer:it's best practice to put hover tooltip for your button in your editor....
OT: If that's in reference to the CentOS web site - there are lots of things that fall short of best practices and modern infrastructure. Hopefully one day we'll get get Website Ver2 AKA "Website 2.0", but we've been waiting for years already.
Re: Network routing!
Posted by rot3r on 2012/3/28 9:41:29
OK!i got it..
here are my result
Information for network problems.
as a web designer:it's best practice to put hover tooltip for your button in your editor....
here are my result
Information for network problems.
== BEGIN uname -rmi ==
2.6.32-71.29.1.el6.x86_64 x86_64 x86_64
== END uname -rmi ==
== BEGIN rpm -qa \*-release\* ==
epel-release-6-5.noarch
centos-release-6-2.el6.centos.7.x86_64
== END rpm -qa \*-release\* ==
== BEGIN cat /etc/redhat-release ==
CentOS release 6.2 (Final)
== END cat /etc/redhat-release ==
== BEGIN getenforce ==
Disabled
== END getenforce ==
== BEGIN free -m ==
total used free shared buffers cached
Mem: 24153 7222 16930 0 277 5816
-/+ buffers/cache: 1128 23024
Swap: 2046 0 2046
== END free -m ==
== BEGIN lspci -nn ==
00:00.0 Host bridge [0600]: Intel Corporation 5520/5500/X58 I/O Hub to ESI Port [8086:3405] (rev 13)
00:01.0 PCI bridge [0604]: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 1 [8086:3408] (rev 13)
00:03.0 PCI bridge [0604]: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 3 [8086:340a] (rev 13)
00:07.0 PCI bridge [0604]: Intel Corporation 5520/5500/X58 I/O Hub PCI Express Root Port 7 [8086:340e] (rev 13)
00:14.0 PIC [0800]: Intel Corporation 5520/5500/X58 I/O Hub System Management Registers [8086:342e] (rev 13)
00:14.1 PIC [0800]: Intel Corporation 5520/5500/X58 I/O Hub GPIO and Scratch Pad Registers [8086:3422] (rev 13)
00:14.2 PIC [0800]: Intel Corporation 5520/5500/X58 I/O Hub Control Status and RAS Registers [8086:3423] (rev 13)
00:14.3 PIC [0800]: Intel Corporation 5520/5500/X58 I/O Hub Throttle Registers [8086:3438] (rev 13)
00:1a.0 USB controller [0c03]: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #4 [8086:3a37]
00:1a.1 USB controller [0c03]: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #5 [8086:3a38]
00:1a.2 USB controller [0c03]: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #6 [8086:3a39]
00:1a.7 USB controller [0c03]: Intel Corporation 82801JI (ICH10 Family) USB2 EHCI Controller #2 [8086:3a3c]
00:1c.0 PCI bridge [0604]: Intel Corporation 82801JI (ICH10 Family) PCI Express Root Port 1 [8086:3a40]
00:1c.4 PCI bridge [0604]: Intel Corporation 82801JI (ICH10 Family) PCI Express Root Port 5 [8086:3a48]
00:1d.0 USB controller [0c03]: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #1 [8086:3a34]
00:1d.1 USB controller [0c03]: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #2 [8086:3a35]
00:1d.2 USB controller [0c03]: Intel Corporation 82801JI (ICH10 Family) USB UHCI Controller #3 [8086:3a36]
00:1d.7 USB controller [0c03]: Intel Corporation 82801JI (ICH10 Family) USB2 EHCI Controller #1 [8086:3a3a]
00:1e.0 PCI bridge [0604]: Intel Corporation 82801 PCI Bridge [8086:244e] (rev 90)
00:1f.0 ISA bridge [0601]: Intel Corporation 82801JIR (ICH10R) LPC Interface Controller [8086:3a16]
00:1f.2 SATA controller [0106]: Intel Corporation 82801JI (ICH10 Family) SATA AHCI Controller [8086:3a22]
00:1f.3 SMBus [0c05]: Intel Corporation 82801JI (ICH10 Family) SMBus Controller [8086:3a30]
02:00.0 VGA compatible controller [0300]: nVidia Corporation G98 [GeForce 8400 GS] [10de:06e4] (rev a1)
06:00.0 Ethernet controller [0200]: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller [10ec:8168] (rev 02)
ff:00.0 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 QuickPath Architecture Generic Non-Core Registers [8086:2c41] (rev 04)
ff:00.1 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 QuickPath Architecture System Address Decoder [8086:2c01] (rev 04)
ff:02.0 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 QPI Link 0 [8086:2c10] (rev 04)
ff:02.1 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 QPI Physical 0 [8086:2c11] (rev 04)
ff:03.0 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller [8086:2c18] (rev 04)
ff:03.1 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Target Address Decoder [8086:2c19] (rev 04)
ff:03.4 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Test Registers [8086:2c1c] (rev 04)
ff:03.1 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Target Address Decoder [8086:2c19] (rev 04)
ff:03.4 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Test Registers [8086:2c1c] (rev 04)
ff:04.0 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 0 Control Registers [8086:2c20] (rev 04)
ff:04.1 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 0 Address Registers [8086:2c21] (rev 04)
ff:04.2 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 0 Rank Registers [8086:2c22] (rev 04)
ff:04.3 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 0 Thermal Control Registers [8086:2c23] (rev 04)
ff:05.0 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 1 Control Registers [8086:2c28] (rev 04)
ff:05.1 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 1 Address Registers [8086:2c29] (rev 04)
ff:05.2 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 1 Rank Registers [8086:2c2a] (rev 04)
ff:05.3 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 1 Thermal Control Registers [8086:2c2b] (rev 04)
ff:06.0 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 2 Control Registers [8086:2c30] (rev 04)
ff:06.1 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 2 Address Registers [8086:2c31] (rev 04)
ff:06.2 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 2 Rank Registers [8086:2c32] (rev 04)
ff:06.3 Host bridge [0600]: Intel Corporation Xeon 5500/Core i7 Integrated Memory Controller Channel 2 Thermal Control Registers [8086:2c33] (rev 04)
== END lspci -nn ==
== BEGIN lsusb ==
./getinfo.sh: line 86: lsusb: command not found
== END lsusb ==
== BEGIN rpm -qa kmod\* kmdl\* ==
== END rpm -qa kmod\* kmdl\* ==
== BEGIN ifconfig -a ==
br0 Link encap:Ethernet HWaddr 16:BD:43:A9:86:DC
inet addr:188.40.134.199 Bcast:188.40.134.255 Mask:255.255.255.255
inet6 addr: fe80::14bd:43ff:fea9:86dc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:13 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:830 (830.0 b)
eth0 Link encap:Ethernet HWaddr 40:61:86:2B:8B:D2
inet addr:188.40.134.199 Bcast:188.40.134.255 Mask:255.255.255.255
inet6 addr: fe80::4261:86ff:fe2b:8bd2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1349799 errors:0 dropped:0 overruns:0 frame:0
TX packets:2044006 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:95342255 (90.9 MiB) TX bytes:2969691023 (2.7 GiB)
Interrupt:30 Base address:0xe000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:157344 errors:0 dropped:0 overruns:0 frame:0
TX packets:157344 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:23890463 (22.7 MiB) TX bytes:23890463 (22.7 MiB)
virbr0 Link encap:Ethernet HWaddr 52:54:00:F7:3E:8A
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
virbr0-nic Link encap:Ethernet HWaddr 52:54:00:F7:3E:8A
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
== END ifconfig -a ==
== BEGIN brctl show ==
bridge name bridge id STP enabled interfaces
br0 8000.000000000000 no
virbr0 8000.525400f73e8a yes virbr0-nic
== END brctl show ==
== BEGIN route -n ==
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
188.40.134.193 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
188.40.134.193 0.0.0.0 255.255.255.255 UH 0 0 0 br0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 br0
0.0.0.0 188.40.134.193 0.0.0.0 UG 0 0 0 eth0
== END route -n ==
== BEGIN cat /etc/resolv.conf ==
### Hetzner Online AG installimage
# nameserver config
nameserver 213.133.99.99
nameserver 213.133.100.100
nameserver 213.133.98.98
== END cat /etc/resolv.conf ==
== BEGIN grep net /etc/nsswitch.conf ==
#networks: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
netmasks: files
networks: files
netgroup: nisplus
== END grep net /etc/nsswitch.conf ==
== BEGIN chkconfig --list | grep -Ei 'network|wpa' ==
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
== END chkconfig --list | grep -Ei 'network|wpa' ==
as a web designer:it's best practice to put hover tooltip for your button in your editor....
Re: Network routing!
Posted by pschaff on 2012/3/26 23:28:12
Welcome to the CentOS fora. Please see the recommended reading for new users linked in my signature, particularly the part about formatting your posts, and not using broken code and quote widgets. Also, there is no need to post what you have already linked.
Please provide more information about your system by running "./getinfo.sh network" and showing us the output file.
Please provide more information about your system by running "./getinfo.sh network" and showing us the output file.
Network routing!
Posted by rot3r on 2012/3/26 22:02:33
Hello everyone...
I setup our virtualization based on KVM and official RHEL 6 documentation but in networking i set every thing i made a bridged but when i add BRIDGE to my eth0 interface my server access goes away...
after research found that in hetzner datacenter that my server located packet routed based on MAC address so bridge are useless after more research i found a webpage that solve the problem but the instruction is based on debian/gentoo distrubation and i don't know how to do it in our centos 6.2 i paste the guide here ....I'm really thankful everyone that can help me....
Hetzner EQ Server + KVM and subnet
Quote:[Moderator edit: Changed code to quote tags to wrap long lines.]
I setup our virtualization based on KVM and official RHEL 6 documentation but in networking i set every thing i made a bridged but when i add BRIDGE to my eth0 interface my server access goes away...
after research found that in hetzner datacenter that my server located packet routed based on MAC address so bridge are useless after more research i found a webpage that solve the problem but the instruction is based on debian/gentoo distrubation and i don't know how to do it in our centos 6.2 i paste the guide here ....I'm really thankful everyone that can help me....
Hetzner EQ Server + KVM and subnet
Quote:
Hetzner EQ Server + KVM and subnet Posted by mark on 2011-01-25, 02:01 under technology related Last week I have rented an EQ series server from Hetzner’s with four IPs and an additional subnet. After having installed Gentoo on that host I have wanted to assign all these IP addresses to XEN/KVM virtual servers (henceforth called “guests”). Unfortunately most tutorials on the net suggest to dedicate one as bridge gateway address. Yet I even want to not spare a single one, and came up with this: You can set up a bridge by the means of net-misc/bridge-utils without adding an interface to it. Connect your guests to that bridge. On the host, enable IP forwarding and have requests to any guest IP forwarded to that bridge. On the guests, set the host’s IP as gateway address. Without (4) no packets from the LAN, constituted by the bridge, can find their way to the Internet and by (3) vice versa. Provided following IPs (which you should change to yours): main and thus host’s IP 188.40.1.17 three additional IPs 188.40.1.43 188.40.1.44 188.40.1.51 additional subnet 178.40.1.40/27 You will have to do: On the host, install packages: view sourceprint? 1.emerge -n net-misc/bridge-utils sys-apps/iproute2 On the host, edit /etc/conf.d/net so it reads: view sourceprint? 01.modules=( "iproute2") 02. 03.# IP with mask, and gateway - as assigned by Hetzner's DHCP 04.config_eth0=( "188.40.1.17/26") 05.routes_eth0=( "default via 188.40.1.1") 06. 07.# Hetzner nameserver; could be your DNS resolver 08.dns_servers_eth0=( 09."213.133.98.98" 10."213.133.99.99" 11."213.133.100.100" 12.) 13. 14.brctl_br0=( "setfd 0" "sethello 2" "stp off") 15.config_br0=("188.40.1.17/32") 16.depend_br0() { 17.need net.eth0 18.} 19. 20.postup() { 21.if [ "${IFACE}" = "br0" ]; then 22.# repeat that line for every IP but host's IP 23.route add 188.40.1.43 br0 24.fi 25.} On the host, enable IP forwarding: view sourceprint? 1.# add "net.ipv4.ip_forward = 1" to /etc/sysctl.conf 2.sysctl -w net.ipv4.ip_forward=1 You will have to restrict forwarding to your own IPs by iptables. (See Sven Lauritzen’s blogpost for an example.) On the host, have the bridge started automatically: view sourceprint? 1.cd /etc/init.d 2.ln -s net.lo net.br0 3.rc-update add net.br0 default You could start br0 right away if you want. On every guest /etc/conf.d/net should look like: view sourceprint? 1.modules=( "iproute2" ) 2.config_eth0=( "188.40.1.43/32 peer 188.40.1.17") 3.routes_eth0=( "default via 188.40.1.17") 4.dns_servers_eth0=( 5."213.133.98.98" 6."213.133.99.99" 7."213.133.100.100" 8.) … where the first in eth0 is the guest’s IP and the other as well as the in routes_eth0 host’s. With the “peer” thing the host is reachable by that guest without having to be in the same subnet. By that you won’t waste a single IP address.
This Post was from: https://www.centos.org/newbb/viewtopic.php?forum=58&topic_id=36602