In response to Emanuel's question,
> How did you configured eth2? dhcp too? why you tap as bridge port intend
of eth2?
and Bob's question below on network managers:
When the system started /etc/network/interfaces did not mention eth2.
network-manager is installed but wicd is not.
My wireless router is currently serving as a dhcp server; it has a reserved
IP for the system under discussion. This is not the long-run plan. The
router keeps flaking out, perhaps in part because of some interaction with
the bridging: I've had 2 or 3 problems since I started the bridging, and
none since I took it down. I solve them by power cycling the router; I
haven't diagnosed them further.
I thought the system hotplug behavior was doing the configuring and that
network-manager was not installed. Wrong on both apparently.
That configuration did not work after a system restart: no packets traveled
to outside networks.
I then did "ifdown br0", which took down eth2 as well. I added a simple
dhcp stanza for eth2 to /etc/network/interfaces and ifup'd it. That works,
in that I can reach the internet, but obviously it has no bridge.
As to " why you tap as bridge port intend of eth2?" I don't understand the
question, even reading "intend" as "instead". But basically I was just
copying a configuration and had no deep reason.
Arun made a suggestion that
> Your 'physical' device eth0/eth2 or whatever needs to be added to the
bridge.
I believe that is done by the /etc/kvm/kvm-ifup script that is executed
when I launch the virtual machine.
It says, in part
switch=$(ip route ls | \
awk '/^default / {
for(i=0;i<NF;i++) { if ($i == "dev") { print $(i+1); next; } }
}'
)
# i.e, switch=eth2 (RB)
# only add the interface to default-route bridge if we
# have such interface (with default route) and if that
# interface is actually a bridge.
# It is possible to have several default routes too
for br in $switch; do
if [ -d /sys/class/net/$br/bridge/. ]; then
brctl addif $br "$1"
exit # exit with status of brctl
fi
done
# I think $1=tap0 as invoked, though maybe its br0 (RB)
Then again, I don't understand things well enough to know what adding
something to a bridge means, or how that is accomplished.
Arun also asked
> List the output of 'brctl -show'
But that's empty (since I did ifdown br0, presumably).
More below
On Wed, Oct 2, 2013 at 1:49 AM, Bob Proulx <[email protected]> wrote:
> Ross Boylan wrote:
> > /etc/network/interfaces has (on the advice of a wiki page on Debian and
> > kvm)
>
> Which page is "a wiki page"? I didn't find a wiki.debian.org one that
> had an example like it.
>
>
https://wiki.debian.org/QEMU#Host_and_guests_on_same_network
> How about this one? It has good working examples.
>
> http://wiki.libvirt.org/page/Networking
>
One thing I struggled with was that qemu-kvm, via the /etc/kvm/kvm-ifup
script I mentioned above, does some stuff automatically. Help that is
written without that in mind tends to include instructions that either
duplicate or, perhaps, are at cross-purposes with it.
>
> > auto br0
> > iface br0 inet dhcp
> > pre-up ip tuntap add dev tap0 mode tap user root
> > pre-up ip link set tap0 up
> > bridge_ports all tap0
> > bridge_stp off
> > bridge_maxwait 0
> > bridge_fd 0
> > post-down ip link set tap0 down
> > post-down ip tuntap del dev tap0 mode tap
>
> Hmm... To me it doesn't make sense to use dhcp along with a network
> bridge. Normally you would use a bridge with a static IP address. So
> that external processes can connect to the VMs.
>
> But you are using dhcp. That implies that you are operating with
> dynamic addresses. Not necessarily true. You could have the dhcp
> server configured to give you reserved addresses. But if not then it
> doesn't make sense.
>
The dhcp server is configured for a reserved address.
I think I tried a much different bridge specification with a static IP; it
didn't work.
It doesn't seem to me as if the ip address of the bridge gets used, as
opposed to names like eth2, br0, and tap0
>
> I am using this:
>
> iface eth0 inet manual
> auto br0
> iface br0 inet static
> address 192.168.1.119
> netmask 255.255.255.0
> gateway 192.168.1.1
> bridge_ports eth0
> bridge_stp off
> bridge_fd 0
> bridge_maxwait 0
>
I thought for servers the recommendation was to hook into the hotplug
mechanism. For lenny I had (IP address altered slightly)
mapping ethslow
script /etc/network/trivial
map ethwan
allow-hotplug ethslow
iface ethwan inet static
address 66.181.128.33
netmask 255.255.255.0
gateway 66.181.128.1
dns-nameservers 198.144.192.2 198.144.192.4
pre-up /etc/network/rb-iptables
The wireless router did not serve as a dhcp server, firewall, NAT, or
anything else in that configuration--which eventually is what I want to
return to. The main system we're discussing is insufficiently hardened to
be directly on the internet for now.
>
> But if you want to use dhcp then I recommend dumping the bridge and
> using "virt-install ... --network network=default" instead. Set the
> default network to autostart "virsh net-autostart default". It is a
> simpler configuration. Note that if you have Recommends: disabled (as
> I do) then you need to manually ensure that dnsmasq-base (a Recommends:
> package) is installed.
>
I'm not sure how that interacts with the kvm-ifup script I mentioned.
Even in the short run I can assign an IP address while continuing to use
the external router.
> > My one connected interface, eth2, was brought up by hotplug with no
> > mention in interfaces.
>
> Do you have network-manager or wicd installed? If so then that daemon
> brought up the interface.
>
Yes, network-manager. Oops. I guess it got pulled in as part of KDE. The
recommendation is not to use the package for a server, right?
>
> > Originally, with the system up, I added the br0 stanza to interfaces and
> > did ifup br0. This temporarily interrupted my network connections,
> > which was not good, but they resumed afterwords.
>
> If it was previously controlled by network-manager or wicd then things
> would be in an inconsistent state with both it and ifupdown trying to
> control it.
>
Oh my. It's amazing it's working at all :) I guess I should straighten
this out before rebooting.
> Bob
>
Can anyone explain to me what difference between tap and the bridge is?
They both seem to do the same thing*, but apparently tap needs to be hooked
in to a bridge. And for some reason the qemu/kvm docs seems to recommend
tap.
*OK, maybe they are at different levels of the network stack. But once
sharing is going on, I can't see why that matters.
Ross
