Ubuntu
bridge-utils package

KVM guest cannot use br0 created by brctl on Ubuntu16.04

Bug #1626826 reported by bugproxy
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Invalid
High
Canonical Server
bridge-utils (Ubuntu)
Invalid
Undecided
Skipper Bug Screeners

Bug Description

== Comment: #0 - QI YE - 2016-09-22 06:01:59 ==
---Problem Description---
Ubuntu16.04. Created a bridge br0 on enc100 via brctl. enc100 is the only external accessible nic. Defined a ubuntu guest to use br0 and assigned an IP to the guest in the same subnet as br0. After started the guest, couldn't access external servers or internet from the guest.

---uname output---
Linux ntc170 4.4.0-38-generic #57-Ubuntu SMP Tue Sep 6 15:47:15 UTC 2016 s390x s 390x s390x GNU/Linux

Machine Type = 2827 (z Systems EC12)

---Debugger---
A debugger is not configured

---Steps to Reproduce---
 1. define br0 on enc100 via brctl command (IP on br0 is 192.168.1.170 for example)
2. update /etc/network/interfaces
3. create a guest on KVM and use br0 for it's nic
4. Start guest via virsh command and assign an IP, e.g. 192.168.1.171. After installation, cannot access external systems via KVM host.

== Comment: #2 - QI YE - 2016-09-22 09:53:58 ==
attached sosreport file

Revision history for this message
bugproxy (bugproxy) wrote : sosreport

Default Comment by Bridge

tags: added: architecture-s39064 bugnameltc-146632 severity-critical targetmilestone-inin16041
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → core-network (Ubuntu)
Revision history for this message
Steve Langasek (vorlon) wrote :

Package: core-network
Description-en: intuitive network emulator that interacts with real nets (metapackage)
 The Common Open Research Emulator (CORE) is a tool for emulating
 networks in one or more machines. You can connect these emulated
 networks to live networks.

This package is not involved in configuring bridges with brctl.

affects: core-network (Ubuntu) → bridge-utils (Ubuntu)
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
importance: Undecided → High
assignee: nobody → Canonical Server Team (canonical-server)
Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Hi,
I was checking by starting with a common setup I ususlly use adapting towards your case step by step.

uvt-simplestreams-libvirt sync --source http://cloud-images.ubuntu.com/daily release=xenial arch=s390x label=daily
uvt-simplestreams-libvirt query
uvt-kvm create --memory 2048 --cpu 4 --password=ubuntu --template template-s390x.xml kvmguest-xenial release=xenial arch=s390x label=daily
cat template-s390x.xml
<domain type='kvm'>
  <os>
    <type>hvm</type>
    <boot dev='hd'/>
  </os>
  <features>
    <acpi/>
    <apic/>
    <pae/>
  </features>
  <devices>
    <interface type='network'>
      <source network='default'/>
      <model type='virtio'/>
    </interface>
    <console type='pty' tty='/dev/pts/3'>
         <source path='/dev/pts/3'/>
    <target type='sclp' port='0'/>
    <alias name='console0'/>
    </console>
  </devices>
</domain>
virsh dumpxml kvmguest-xenial
[...]
    <interface type='network'>
      <mac address='52:54:00:1b:de:4e'/>
      <source network='default' bridge='virbr0'/>
      <target dev='vnet0'/>
      <model type='virtio'/>
      <alias name='net0'/>
      <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0002'/>
    </interface>
[...]

Ok, so far things are fine - I have a bridge
brctl show virbr0
bridge name bridge id STP enabled interfaces
virbr0 8000.5254006ec370 yes virbr0-nic
                                                        vnet0

The guest is connecte to that.
The bridge is the default libvirt way of handling default network (nat).
The guest gets a dhcp (from host) address on that net 192.168.122.241 in my case.
This gets to the Host just nice and works to get to the outside as well via the host.

Changing the guest to a static IP in guest e/n/i
auto eth0
iface eth0 inet static
    address 192.168.122.241/24
    gateway 192.168.122.1

Still working fine.

Changing that to a guest linked to a bride looks like
    <interface type='bridge'>
      <source bridge='br0'/>
      <mac address='52:54:00:fa:ae:a8'/>
      <model type='virtio'/>
      <address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0002'/>
    </interface>

Unfortunately my net setup here is very demaning with vlan only.
Could one send me 10 extra OSAs so we can autotagging by the switch :-) ?
It is just very complex to get bridge, onto only one Host interface that has vlan required to be set up correctly.
So before doing all that I'd like to ask a few questions:

But to go on I think it is time to ask you how exactly you
1. defined the bridge and host networking in your case (exact commands to set up your bridge + brctl show on the bridge + host ifconfig -a and route)
2. connected the bridge to your guest (see my xml example above, how does yours look like?)
3. is it a hard requirement that there is only one Host network device?

Changed in bridge-utils (Ubuntu):
status: New → Incomplete
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2016-09-30 05:04 EDT-------
Hello,

Thanks for the information. Regarding your questions. First of all, single nic is not mandatory. It happened I only have OSA port available at that time. I got another OSA port afterwards. But I still have the same issue with the 2nd nic.

Below was exactly what I did.

1. I used below commands to create bridge. The nic was not assigned an IP address.

brctl addbr br0
brctl addif br0 enc3030

2. Issued brctl show, I can see the bridge info looks OK.

3. Define a VM on KVM. Dump the network device part. And the VM was using an IP address that can be accessed in a corporate LAN.
<interface type='bridge'>
<mac address='52:54:00:58:98:c1'/>
<source bridge='br0'/>
<model type='virtio'/>
<address type='ccw' cssid='0xfe' ssid='0x0' devno='0x0001'/>
</interface>

4. After started the VM, I could see a port attached the bridge. Something like tap8e806d7c-d9.

5. But I couldn't ping the VM successfully from a server out side of KVM host.

Robie Basak (racb)
Changed in bridge-utils (Ubuntu):
status: Incomplete → New
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2016-10-28 05:08 EDT-------
Non-supported function -> Closed

Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: New → Invalid
Christian Ehrhardt  (paelzer)
Changed in bridge-utils (Ubuntu):
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.