On Wednesday, September 18th, 2024 at 12:39, bd730c5053df9efb via Users <users@lists.libvirt.org> wrote:
> On Tuesday, September 17th, 2024 at 17:27, Laine Stump la...@redhat.com wrote: > > > On 9/17/24 12:27 PM, bd730c5053df9efb via Users wrote: > > > > > Hi! Thanks for the reply and I'm sorry if my question wasn't clear enough. > > > > > > I have a network, let's say 192.168.0.0/24, and two servers 192.168.0.1 > > > and 192.168.0.2. On this same network I have a wokstation, lets call it > > > 192.168.0.100 which is running libvirt using qemu for the emultation. > > > This workstation has a network device called br0 which has the ip > > > address 192.168.0.100 and when I try to create an isolated network which > > > is also on the 192.168.0.0/24 range I get an error stating that this > > > range is already in use on the host. I need to be able to recreate an > > > absolutely isolated network in the 192.168.0.0/24 range to be able to > > > copy the servers 192.168.0.1 and 192.168.0.2 in here and perform the > > > tests I need. > > > > > > I hope I've been able to clarify. > > > > Yep! That was one of my guesses, but I didn't want to assume anything :-). > > > > The most straightforward solution to what you're talking about requires > > the libvirt network to be in a separate network namespace. This is an > > idea I've thought about in the past, but haven't done anything for it, > > and nobody else has either, so so it's unfortunately not supported by > > libvirt (as always, patches welcome :-) > > > > Although... if the tests you need to perform involve having your > > workstation (192.168.0.100 in your example) interact with the servers at > > 192.168.0.1 & .2, then you're going to have to disconnect your > > workstation from the physical network for the duration of the test anyway. > > > > So here's a solution if those are the parameters (and even if you just > > need the two servers to communicate with each other and nothing else): > > > > If it's just the two test servers and the workstation that need to be > > able to interact during your test, and the workstation won't need to > > directly contact any other machine on the 192.168.0.0/24 network, then > > you could probably rig up a solution with a small consumer router - just > > insert the router in between the workstation and the real > > 192.168.0.0/24 network with the "internet" side towards that network and > > the "local" side plugged into the workstation, with the router > > configured to do NAT and have use a local-side subnet of, say, > > 192.168.1.0/24, and get a new IP address for the workstation from that > > subnet (either automatically with DHCP, or by manually setting it to, > > e.g. 192.168.1.100/24. then create an isolated network similar to this: > > > > https://www.libvirt.org/formatnetwork.html#isolated-network-config > > > > but with the ip address set to 192.168.0.100. Now you can configure you > > test servers to connect their interface to this isolated network. > > > > With this setup, the workstation will still be able to get to the > > internet (except for the real 192.168.0.0/24 subnet) via its > > connection to the router, and also will be able to interact with the > > test servers via the isolated network that you created. > > > > When you're done with your tests, just shutdown the to test VMs (with > > their own internal shutdown command, possibly followed by "virsh > > destroy" if the qemu processes aren't automatically terminated by the > > shutdown) then "virsh net-destroy" the isolated network (you can leave > > it defined so that it's simple to do the test again later), and plug the > > workstation directly into the real network again (updating its IP > > address if necessary). > > > > Does that make sense, or is it too much rambling? > > > Hi Laine! Thank you very much for your answer, it does make perfect sense but > my use case is much simpler. The two servers are two samba 4 ad domain > controllers and I have to demote one of them remove it from the net and then > add another one with the same ip address as the demoted one. All the test is > between these two servers, the host workstation doesn't get involved in this > test and I can't change their ip addresses. I had considered created an > isolated network in the 192.168.1.0/24 address space and keep the manually > set address on the servers in the 192.168.0.0/24 address space but I'm not > quite sure that will work. I I needed to test a workstation I could add to > the test another guest workstation also in the 192.168.0.0/24 address space, > but it wont be the host. > > Thanks again. > Best regards, > Dave. Hi all! As follow up to my own mail. I was able to test the procedure creating an isolated network in the 192.168.1.0/24 address space and placing in there the replica of the two samba ad dc servers with their ip addresses fixed in the 192.168.0.0/24 address space and the servers where able to contact each other but where completely isolated from the host and the 192.168.0.0/24 physical network. Best regards! Dave.
