Libvirtd networking - host with trunk port and bridge a vlan to a guest

Ask Fedora
,
1

I have a vlan trunk connection to my computer.

Inside, there are two tagged vlans:

  • vlan1, DHCP from an OpenWRT router
  • vlan2, DHCP from ISP

I want my Fedora host to using vlan1 IPs, while allowing one of its libvirtd guest to use vlan2 IPs.

My ISP is allowing me two connections: OpenWRT is using one, and I want to make one libvirtd guest to use the second. (Both sets of IPs are working, when I configured my Fedora host to use the second link.)

Under this trunk port connection, how can I make Fedora host use vlan1 only, and make one guest to use vlan2?

reference:
I found this document
https://raymii.org/s/tutorials/KVM_with_bonding_and_VLAN_tagging_setup_on_Ubuntu_12.04.html

So now I need to “translate” the details for a Fedora 32 setup, without bonding.

2

How can be two untagged vlans on the same trunk link? That’s not possible.

Create two bridges with NetworkManager, and connect each vlan as a slave interface to each bridge. Using NetworkManager, assign a IP in the desired bridge for the Fedora host and connect the VM to the second bridge in the libvirt XML definition of the domain.

3

Sorry, they should be tagged. My mistake.

4

After further study, I made this setup working:

I am using systemd-neworkd and virt-manager at host.

At Host:

brctl show

bridge name bridge id STP enabled interfaces
br1 8000.ee7804c0a17b no vlan1
br2 8000.96097f2367ec no vlan2
vnet0

ls /etc/systemd/network

20-wired.network br1.netdev br1.network br2.netdev br2.network vlan1.netdev vlan1.network vlan2.netdev vlan2.network

cat 20-wired.network

[Match]
Name=enp1s0

[Network]
DHCP=no
VLAN=vlan1
VLAN=vlan2

cat vlan1.netdev

[NetDev]
Name=vlan1
Kind=vlan

[VLAN]
Id=1

cat vlan2.netdev

[NetDev]
Name=vlan2
Kind=vlan

[VLAN]
Id=2

cat vlan1.network

[Match]
Name=vlan1

[Network]
Bridge=br1

cat vlan2.network

[Match]
Name=vlan2

[Network]
#when create a bridge this this interface, do not get IP here
Bridge=br2

cat br1.netdev

[Match]
Name=vlan1
Kind=bridge

cat br2.netdev

[Match]
Name=vlan2
Kind=bridge

cat br1.network

[Match]
Name=br1

[Network]
DHCP=yes

cat br2.network

[Match]
Name=br2

[Network]
DHCP=no

This is what I find out to be critical for my setup. I guess, once my Host responded to DHCPv6 or SLAAC, then my ISP considered my Host is “connected”, thus my guest cannot get any offers.

I would like to know if there are any systemd-networkd way to completely disable IPv6 of that bridge interface.

disable ipv6 in br2: cat /etc/sysctl.d/2-sysctl.conf

net.ipv6.conf.br2.disable_ipv6=1

At virt-manager:
14ed369a39588abc9d63c2f31256b3955dbe64af.png

At Guest:
tested with ssh incoming and outgo connections OK.

My only outstanding issues is: that guest is not starting with the host, even with option checked:
8cd1ea169a8fab1e4ff5206be6c02f98281137d4.png

5

About disabling IPv6 in the bridge, I’ve not tested it, but I think you should add:

IPv6AcceptRA=no
LinkLocalAddressing=no

I’m using the libvirt automatic startup of VMs, and works for me. Do you have the libvirt socket and service enabled?

# systemctl enable libvirtd.socket libvirtd.service
1 Like
6

I just used dnf system-upgrade finish upgrading to Fedora 32 gold. And suddenly the guest auto-start is working.

But - the br2 bridge interface gained a
scope global dynamic mngtmpaddr noprefixroute ipv6 address and a LLA now.

Not sure what changed from F32b to F32.

Testing your suggestion of IPv6AcceptRA=no and LinkLocalAddressing=no next.

7

Thank you very much!

With your advice on the extra IPv6 lines for the br2 interface, it is now working fine even taken out the sysctl statement
net.ipv6.conf.br2.disable_ipv6=1