You are not logged in.

#1 2013-05-16 13:58:28

fax
Member
Registered: 2013-01-07
Posts: 16

[SOLVED] bridge for dummies?

I have spent a couple of days now trying to set up a bridge connection but apparently I cannot wrap my head around the documentation. I want to use the bridge for a KVM virtual machine that I am managing with libvirt/virt-manager. I have a very simple standard PC network setup with one Ethernet port and DHCP.

When I started I had netctl, dhcpcd, dhclient, NetworkManager and VMware installed and mostly running in parallel and one eth0 network interface (and lo and some VMware ones) and my network worked fine. By now I have disabled or uninstalled dhclient, NetworkManager and VMware, i.e. only netctl and dhcpcd are still active. That seems fine, i.e. I have a working network connection and I have this profile for eth0 in /etc/netctl:

Description='A basic dhcp ethernet connection'
Interface=eth0
Connection=ethernet
IP=dhcp

Things get troublesome when I add a bridge profile and start it with "netctl start br0". What I find is that eth0 does not have an IP address anymore after that:

$ ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.128.134.151  netmask 255.255.252.0  broadcast 10.128.135.255
        inet6 fe80::16fe:b5ff:fee4:e0cd  prefixlen 64  scopeid 0x20<link>
        ether 23:de:43:54:e1:bd  txqueuelen 0  (Ethernet)
        ...

eth0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        ether 23:de:43:54:e1:bd  txqueuelen 1000  (Ethernet)
        ...

dhcpcd seems fine to me:

$ ps -ef|grep dhc
root       880     1  0 11:36 ?        00:00:00 /usr/sbin/dhcpcd -q -w eth0
root      5845     1  0 16:47 ?        00:00:00 dhcpcd -qL -t 10 br0

The system journal says:

May 16 16:47:01 pc1 systemd[1]: Starting KVM Bridge connection...
-- Subject: Unit netctl@br0.service has begun with start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit netctl@br0.service has begun starting up.
May 16 16:47:01 pc1 network[5710]: Starting network profile 'br0'...
May 16 16:47:01 pc1 systemd-sysctl[5717]: Duplicate assignment of kernel/sysrq in file '/usr/lib/sysctl.d/50-default.conf', ignoring.
May 16 16:47:01 pc1 dhcpcd[880]: eth0: removing IP address 10.128.134.151/22
May 16 16:47:01 pc1 kernel: device eth0 entered promiscuous mode
May 16 16:47:01 pc1 kernel: br0: port 1(eth0) entered forwarding state
May 16 16:47:01 pc1 kernel: br0: port 1(eth0) entered forwarding state
May 16 16:47:01 pc1 dhcpcd[5726]: version 5.6.8 starting
May 16 16:47:01 pc1 dhcpcd[5726]: br0: waiting for carrier
May 16 16:47:02 pc1 dhcpcd[5726]: br0: carrier acquired
May 16 16:47:02 pc1 dhcpcd[5726]: br0: sending IPv6 Router Solicitation
May 16 16:47:02 pc1 dhcpcd[5726]: br0: rebinding lease of 10.128.134.151
May 16 16:47:02 pc1 dhcpcd[5726]: br0: acknowledged 10.128.134.151 from 10.190.48.48
May 16 16:47:02 pc1 dhcpcd[5726]: br0: checking for 10.128.134.151
May 16 16:47:04 pc1 ntpd[887]: Listen normally on 10 br0 fe80::16fe:b5ff:fee4:e0cd UDP 123
May 16 16:47:04 pc1 ntpd[887]: Deleting interface #5 eth0, fe80::16fe:b5ff:fee4:e0cd#123, interface stats: received=0, sent=0, dropped=
May 16 16:47:04 pc1 ntpd[887]: Deleting interface #3 eth0, 10.128.134.151#123, interface stats: received=162, sent=162, dropped=0, acti
May 16 16:47:04 pc1 ntpd[887]: 193.64.205.220 interface 10.128.134.151 -> (none)
May 16 16:47:04 pc1 ntpd[887]: 193.110.109.18 interface 10.128.134.151 -> (none)
May 16 16:47:04 pc1 ntpd[887]: peers refreshed
May 16 16:47:04 pc1 ntpd[887]: new interface(s) found: waking up resolver
May 16 16:47:06 pc1 dhcpcd[5726]: br0: sending IPv6 Router Solicitation
May 16 16:47:07 pc1 dhcpcd[5726]: br0: leased 10.128.134.151 for 345600 seconds
May 16 16:47:07 pc1 dhcpcd[5726]: forked to background, child pid 5845
May 16 16:47:07 pc1 network[5710]: Started network profile 'br0'
May 16 16:47:07 pc1 systemd[1]: Started KVM Bridge connection.
-- Subject: Unit netctl@br0.service has finished start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- 
-- Unit netctl@br0.service has finished starting up.
-- 
-- The start-up result is done.

Am I doing anything wrong or maybe I am just fundamentally misunderstanding how bridging is supposed to work?

Last edited by fax (2013-05-18 17:51:38)

Offline

#2 2013-05-16 14:08:00

alphaniner
Member
From: Ancapistan
Registered: 2010-07-12
Posts: 2,810

Re: [SOLVED] bridge for dummies?

The bound interface should not have an IP when the bridge is up. More to the point, you should not have a netctl profile (or dhcpcd) for the physical interface enabled or running alongside the bridge profile.

For example, net0b is one of my bridges, using net0:

$ cat /etc/netctl/net0b
Description="Internet bridge"
Interface=net0b
Connection=bridge
BindsToInterfaces=(net0)
IP=dhcp
$ ip a s net0
4: net0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master net0b state UP qlen 1000
    link/ether 00:23:54:31:81:03 brd ff:ff:ff:ff:ff:ff
$ ip a s net0b
7: net0b: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 00:23:54:31:81:03 brd ff:ff:ff:ff:ff:ff
    inet 10.10.1.2/24 brd 10.10.1.255 scope global net0b
    inet6 fe80::223:54ff:fe31:8103/64 scope link 
       valid_lft forever preferred_lft forever

But whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case, it is unfit to exist.
-Lysander Spooner

Offline

#3 2013-05-16 14:50:56

fax
Member
Registered: 2013-01-07
Posts: 16

Re: [SOLVED] bridge for dummies?

alphaniner wrote:

The bound interface should not have an IP when the bridge is up. More to the point, you should not have a netctl profile (or dhcpcd) for the physical interface enabled or running alongside the bridge profile.

Great, thanks and sorry for even dumber questions now: Does that mean I need two bridges? One for the guest system in the KVM virtual machine and one for my host system? I rechecked the netctl profile man page but I am not clear how I would make sure the routing table is configured properly on the host system in that scenario?

I just tried to "netctl enable br0" and "netctl disable eth0" and then rebooted. The result was that neither the bridge nor the eth0 interface had an IP address. The system log says:

May 16 17:19:24 pc1 kernel: IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
May 16 17:19:24 pc1 kernel: br0: port 1(eth0) entered forwarding state
May 16 17:19:24 pc1 kernel: br0: port 1(eth0) entered forwarding state
May 16 17:19:24 pc1 kernel: IPv6: ADDRCONF(NETDEV_CHANGE): br0: link becomes ready
...
May 16 17:19:24 pc1 dhcpcd[571]: eth0: sending IPv6 Router Solicitation
May 16 17:19:24 pc1 dhcpcd[571]: eth0: sendmsg: Cannot assign requested address
May 16 17:19:24 pc1 dhcpcd[646]: br0: sending IPv6 Router Solicitation
May 16 17:19:24 pc1 dhcpcd[646]: br0: sendmsg: Cannot assign requested address
May 16 17:19:24 pc1 dhcpcd[646]: br0: rebinding lease of 10.128.134.151
May 16 17:19:24 pc1 dhcpcd[571]: eth0: rebinding lease of 10.128.134.151
...
May 16 17:19:28 pc1 dhcpcd[571]: eth0: sending IPv6 Router Solicitation
May 16 17:19:28 pc1 dhcpcd[646]: br0: sending IPv6 Router Solicitation
May 16 17:19:28 pc1 dhcpcd[646]: br0: acknowledged 10.128.134.151 from 10.190.48.48
May 16 17:19:28 pc1 dhcpcd[646]: br0: checking for 10.128.134.151
May 16 17:19:29 pc1 dhcpcd[571]: eth0: broadcasting for a lease
May 16 17:19:32 pc1 dhcpcd[646]: br0: sending IPv6 Router Solicitation
May 16 17:19:32 pc1 dhcpcd[571]: eth0: sending IPv6 Router Solicitation
May 16 17:19:33 pc1 dhcpcd[646]: timed out
May 16 17:19:33 pc1 network[586]: DHCP IP lease attempt failed on interface 'br0'
May 16 17:19:33 pc1 network[586]: Failed to bring the network up for profile 'br0'
May 16 17:19:33 pc1 systemd[1]: netctl@br0.service: main process exited, code=exited, status=1/FAILURE
May 16 17:19:33 pc1 systemd[1]: Failed to start KVM Bridge connection.
...
May 16 17:19:33 pc1 systemd[1]: Unit netctl@br0.service entered failed state.
May 16 17:19:36 pc1 dhcpcd[571]: eth0: sending IPv6 Router Solicitation
May 16 17:19:36 pc1 dhcpcd[571]: eth0: no IPv6 Routers available
May 16 17:19:39 pc1 kernel: br0: port 1(eth0) entered forwarding state
May 16 17:19:51 pc1 dhcpcd[571]: timed out
May 16 17:19:51 pc1 systemd[1]: dhcpcd@eth0.service: control process exited, code=exited status=1
May 16 17:19:51 pc1 systemd[1]: Failed to start dhcpcd on eth0.

Offline

#4 2013-05-16 15:04:05

alphaniner
Member
From: Ancapistan
Registered: 2010-07-12
Posts: 2,810

Re: [SOLVED] bridge for dummies?

May 16 17:19:24 pc1 dhcpcd[646]: br0: rebinding lease of 10.128.134.151
May 16 17:19:24 pc1 dhcpcd[571]: eth0: rebinding lease of 10.128.134.151

You still have something enabled for eth0; there shouldn't be a dhcpcd process for it. dhcpcd@eth0.service maybe? Run systemctl list-units -t service to show all services.


But whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case, it is unfit to exist.
-Lysander Spooner

Offline

#5 2013-05-16 17:43:37

fax
Member
Registered: 2013-01-07
Posts: 16

Re: [SOLVED] bridge for dummies?

Thanks, I will check tomorrow. There probably is some ifplugd service still lurking. I also realized that the bridge interface for the virtual machine probably shouldn't acquire any IP address itself since the guest OS will be running a DHCP client.

Offline

#6 2013-05-16 17:50:43

alphaniner
Member
From: Ancapistan
Registered: 2010-07-12
Posts: 2,810

Re: [SOLVED] bridge for dummies?

I use 'straight' qemu without libvirt, so I don't know how libvirt does networking. But br0 should get an IP. And unless there's NAT involved, the guest will get an IP from the same DHCP server as the host.


But whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case, it is unfit to exist.
-Lysander Spooner

Offline

#7 2013-05-17 06:51:59

fax
Member
Registered: 2013-01-07
Posts: 16

Re: [SOLVED] bridge for dummies?

Looks like I have a proper setup now after making sure that all eth0 profiles and services are disabled. Thanks, that was great help! I also had to bump up the timeout for the DHCP client somewhat, 10 seconds was a bit tight in my network.

$ ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.128.134.151  netmask 255.255.252.0  broadcast 10.128.135.255
        inet6 fe80::16fe:b5ff:fee4:e0cd  prefixlen 64  scopeid 0x20<link>

eth0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        inet6 fe80::16fe:b5ff:fee4:e0cd  prefixlen 64  scopeid 0x20<link>

My Windows 7 guest isn't able to acquire a lease yet but maybe I will just try plain qemu instead of trying to figure out what is going on behind the scenes of libvirt.

Offline

#8 2013-05-17 08:20:52

fax
Member
Registered: 2013-01-07
Posts: 16

Re: [SOLVED] bridge for dummies?

fax wrote:

My Windows 7 guest isn't able to acquire a lease yet

That was just the firewall on my host blocking traffic on the bridge.

Offline

#9 2013-05-17 13:48:18

alphaniner
Member
From: Ancapistan
Registered: 2010-07-12
Posts: 2,810

Re: [SOLVED] bridge for dummies?

Happy to help. Be sure to mark the thread [Solved] if that's the case.


But whether the Constitution really be one thing, or another, this much is certain - that it has either authorized such a government as we have had, or has been powerless to prevent it. In either case, it is unfit to exist.
-Lysander Spooner

Offline

Board footer

Powered by FluxBB