Debian – KVM second private network (bridged), how to get working

bridgedebianiptableskvm-virtualizationnetworking

this seems to be a hard problem. I would therefore be very thankfull for your advice. I spend two days trying to get this running, but with
no success. (The Public IP Stuff is working, but not the private network)

Goal:

Setting up a "second private network" with KVM on debian squeeze

Infrastructure:

RootServer 1 = Which has multiple VMs
RootServer 2 = Which has multiple VMs
Both Root Servers have a "public" Interface = eth0 (plugged to the internet) and a "private" interface = eth1 (directly plugged into a switch.)
=>I want to communicate in the 10.1.0.0 network only privately with the other boxes…

HOST (/etc/network/interfaces)

auto  eth0
iface eth0 inet static
  address   11.11.11.91
  broadcast 11.11.11.95
  netmask   255.255.255.224
  gateway   11.11.11.65


# Private IP Adress of the HOST
auto eth1
iface eth1 inet static
  address 10.1.1.20
  broadcast 10.1.255.255
  netmask 255.255.0.0
  network 10.1.0.0


## Bridge vor Private Network
auto vbr2
iface vbr2 inet static
       address 10.1.1.21
       netmask 255.255.0.0
       pre-up brctl addbr vbr2
       post-up route add -host 10.1.1.100 vbr2
       post-down brctl delbr vbr2

GUEST: (/etc/network/interfaces)

auto eth0
iface eth0 inet static
  address 11.11.11.87
  netmask 255.255.255.255
  gateway 11.11.11.91
  pointopoint 11.11.11.91



## Private IP Address of the Guest
auto eth1
 iface eth1 inet static
 address 10.1.1.100
 netmask 255.255.255.255
 gateway 10.1.1.20
 pointopoint 10.1.1.20

Problem (starts already here):

If i do a ping 10.1.1.100 on the Host (10.1.1.20/11.11.11.91) I do not get any response from the (10.1.1.100) guest that even resides on the same server. So any internal routing stuff must be wrong… But I was not able to figer this out?

update: I am just wondering. Maybe I need a "Gateway" for the private net. But on the otherhand if I work with bridges, why do I need a gateway for this private network?

Any Hints why this doesnt work are very very appreciated.

Thanky very very much!

Best Answer

what you need to do are a few things.

  1. do NOT provide the NIC itself with an IP, the bridge should have that IP
  2. make sure your routing tables are set right
  3. if the guests are attached to both networks, make sure they get two virtual NICs that are plugged into the public and private bridges respectively
  4. make sure the routing table in the VMs is correct.

The networking setup scheme should be as follows:
eth0(no IP)->br0(with public IP)<-VM(public IP)
eth1(no IP)->br1(with private IP)<-VM(private IP)

Related Topic