Centos – the correct way to setup a bonded bridge on Centos 6 for KVM guests

bondingbridgecentoskvm-virtualization

What is the correct way to setup a bonded bridge on Centos 6 for KVM guests?

I'd currently playing around with a setup of two KVM-hosts which will each host several guests. I have two HP DL380:s with 4 nics each. I'd like to use two nics (eth0, eth1) in a active-backup (mode=1) bond, for failover reasons, facing internet. Then i'd like to have the two other nics (eth2, eth3) also in a active-backup bond, facing a admin/back net.

On top of the bond I need a bridge that the KVM guests will use to access front or back network.

On the interwebz I have found many different ways to configure this. Some are just mentioning bonding, some just bridging and some are tring to combine it. None that I have found has metioned what will happen if I use a front and back net with many hosts.

Some of my problems/questions are.

I got a fetich on correct config files, the way the developers thought they should be, not just working config files.
I got error "kernel: bond0: received packet with own address as source address". Both for bond0 and bond1.
Will the traffic automtically be forwarded from the back-net to the front-net. Should I use ebtables/iptables or something to disable the forwarding traffic?
Do I need to use Spanning Tree Protocol (STP)?
Do I need any specific routes?

Here is a nice picture how the environment looks (at least a part of it.)

Network schema

Here are my relevant config files.

/etc/sysconfig/network

NETWORKING=yes
HOSTNAME=host1
GATEWAYDEV=br0
NETWORKING_IPV6=no

/etc/sysconfig/network-scripts/ifcfg-eth0 — ifcfg-eth3

DEVICE="ethX"
NM_CONTROLLED="no"
ONBOOT=yes
HWADDR=xx:xx:xx:xx:xx:xx
SLAVE=yes
MASTER=bondX
HOTPLUG=no
BOOTPROTO=none

/etc/sysconfig/network-scripts/ifcfg-bond0 — ifcfg-bond1

DEVICE=bondX
BONDING_OPTS="miimon=100 mode=1"
ONPARENT=yes
BOOTPROTO=none
BRIDGE=brX

/etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
DELAY=0
BOOTPROTO=none

/etc/sysconfig/network-scripts/ifcfg-br1

DEVICE=br1
TYPE=Bridge
ONBOOT=yes
DELAY=0
BOOTPROTO=static
IPADDR=10.0.1.100
NETMASK=255.255.255.0

Update 1

Added /etc/sysctl.conf
Removed ip from ifcfg-br0. The host shouldn't be accessible from internet, only from admin net.

* Update 2*

Removed changes to /etc/sysctl.conf. Don't need to enable iptables.

Best Answer

Not sure about CentOS 6, but on Fedora the bonding module is not added to the Linux kernel by default and therefore you need to create a file /etc/modprobe.d/bonding.conf with content

alias bond0 bonding

Reboot, and you should see bonding module loaded during boot.

Since you have two bonded interfaces you might have to add another alias line for bond1 as well. However I have never tried that.

Suggest you get one working and then worry about setting up the second.

Other issue you raised about the bridge, other points to note, these configurations work with the network daemon but I don't believe they work with NetworkManager. Are you running the network or the NetworkManager daemon?

And finally, there are different ways to configure netfilter to handle bridged interfaces. At least on Fedora 12+, the default is to disable netfilter on bridges. However you can change this by editing /etc/sysctl.conf and setting

net.bridge.bridge-nf-call-iptables=1

Do the same for arp and ipv6 and in this file you also need to set

net.ipv4.ip_forward=1

Flush your FORWARD chain and replace with iptables rule

iptables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT

Related Solutions

Linux – Issue with multiple bridging for KVM hosts

You have multiple interfaces with addresses on the same subnet with similar netmasks. The odds are a different route is being used for different packets, causing confusion. If you look at the output of

ip route show

You've probably got multiple default gateways as a result. For each set of IPs on the same subnet, give one of them the netmask you have, and the rest a netmask of 255.255.255.255. Those other interfaces will then only be used for packets originating or destined for that address and not others on the subnet.

Centos – Assign ipv6 address to KVM guests on bridge mode

So with the notice from Mark, I will answer my own question.

Host setup:

Assign the IPv6 sub block to your virtual bridge, in my example:

Add

<ip family='ipv6' address='2607:beef:be:beef:1::' prefix='96'>

To /etc/libvirt/qemu/networks/default.xml, use virsh destroy and rebuild the virbr0 device, in my case it generated a virbr1 device.

Add ip6tables rule:

ip6tables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT

ip6tables -A FORWARD -i br0 -j ACCEPT

On the VM side:

Add the selected IPv6 Address to your configuration file:

IPV6INIT=yes
IPV6ADDR=2607:beef:be:beef:1::253:8/128

Restart your VM's network interface, it just works.

I guess that because the VM is connecting with outside world via virbr1 interface at host. The gateway on host is br0. With ip6tables rule it will all sort out.

I've compiled step by step guide in my blog, https://luxing.im/adding-ipv6-support-for-kvm-vms/

Best Answer

Related Solutions

Linux – Issue with multiple bridging for KVM hosts

Centos – Assign ipv6 address to KVM guests on bridge mode

Related Topic