KVM Virtual Machines and bridged networking

    I cannot select Direct Attachment, it's grayed out as the other options except for Virtual Network.

    seems like it should work, however now I cant connect to the OMV web UI... did I brick it? essentially deleted the eth adapter now it doesnt connect to the network, lol I cant see the IP address of my server on my router . Is there a way to fix this new problem I created?

    It seems the direkt Bridge ist the right way for Cockpit. But if you use the Bridge, the Host and the Guest System cannot communicate over their network. This is the way how KVM works.


    As described by Redhat in following link:

    Guest Can Reach Outside Network, but Cannot Reach Host when Using macvtap Interface

    1. All devices kann reach the Host and the Guests.

    2. The host cannot communicate with the Guest an vice versa

    3. A Guest kann communicate with another Guest Maschine


    Its the defined way for direkt (macvtap) ethernet devices in the guest.


    If we want that guest and host will communicate together we have do define a second virtual Network device.

    The Redhat documentation uses the virt tools for KVM to define a second device.


    By the way,


    Howto do this with Cockpit:


    We assume that the Bridge is configured in the OMV Network settings as described in this thread.

    The VM has an direkt Ethernet device to the bridge. You kann ping the Host and the Guest from outside with their own IP.


    Now we create a second virtual ethernet device in Cockpit, (I named it "Isolated")


    The device must be activated.

    If you reboot your OMV their is an additional Network device with IP 192.168.100.1


    In your VM attach a second network device


    Now you have a second Ethernet device in the VM.

    You have to configure the second Ethernet device in the VM with an IP address (DHCP or static like 192.168.100.20)

    You need no gateway for this, because only Host an Guest will use this Network.


    If the IP of your host is 172.15.18.200 and your Guest is 172.15.18.201 its reachable by every device in your Network. The Guest and the Host communikate over the 192.168.100.x network. You kann ping the host from guest with 192.168.100.1 and ping the guest from host with 192.168.100.20


    In my debian VM i tried cifs mount to my OMV smb share and it works.


    I dont know how to setup this in a windows vm, because i dont use windows. Can someone try this. Is there a second ethernet device in windows for the host/guest network?

    I don't use any macvlan interfaces and can't wrap my head around what they are and why I would need one. *hangs head in shame*


    But my system and my VM both use the bridge interface br0 (each having their own IP) and they can talk to each other just fine (the VM reads and writes two of my OMV shared folders via Samba).


    I'm not sure what I am missing here...

    So I Set up the bridge as talked about and still had a problem a couple weeks ago still not getting seperate IPs for my VMs from my router. I think I know what may have happened. before when I could not get the a new IP for my Cockpit VMs on my home network, the IP for the bridge configured through OMV was set to static. So I think it forced the VM traffic coming through that nic to only be set to that static IP, I changed the bridge to back accepting DHCP addresses, and now I get the connectivity I was looking for with my VMs, seperate IPs.


    Not sure if that observation helps anyone.


    Mostly want to use these VMs for security scans and networking type assignments for school, so I am glad its working now.

    I am also in the process of setting up 1-2 VMs, which I would also like to reach from my local network.

    At the moment the basic configuration only works so far that I can reach my network and the internet only from the VM.

    I tried with the network settings in Cockpit, but I couldn't get it to work.


    If I have understood the summarized correctly, then I must first create a bridge in OMV or the system, which is coupled on the one hand with my network adapter and where I then connect to Cockpit?

    But how do I create this?

    In OMV I can not set or create a bridge with the network adapter. Here I only see the VETH of my Docker containers.


    Would be great if someone could write this together again, what all is necessary :)

    Fresh OMV user here, I used this shell script and systemd unit to get the KVM host and guests pingable again in every direction. I only installed the KVM plugin, set up a macvtap bridge to my network interface in the KVM configuaration menu, and used that bridge type of network as the only network int the virtual machines. Now it finally acts the way I want.

    Zitat von Tsuyo

    Fresh OMV user here, I used this shell script and systemd unit to get the KVM host and guests pingable again in every direction. I only installed the KVM plugin, set up a macvtap bridge to my network interface in the KVM configuaration menu, and used that bridge type of network as the only network int the virtual machines. Now it finally acts the way I want.

    Thanks!! You just solved all my problems. Just had to tweak the script a bc im using 2 NICs but now i can access my host from the VM and mount my SMB and NFS shares :)

    I just address that issue by using 2 nics to my switch, one set with an ip and one not. I set my vms to use a direct attachment to the one that isn’t configured with an ip.


    That nic essentially becomes another switch for the vms but they are then connected directly to the lan so everything appears as a separate computer.


    No macvlan issues.

    Zitat von BernH

    I just address that issue by using 2 nics to my switch, one set with an ip and one not. I set my vms to use a direct attachment to the one that isn’t configured with an ip.


    That nic essentially becomes another switch for the vms but they are then connected directly to the lan so everything appears as a separate computer.


    No macvlan issues.

    Could you explain in a little more detail

    In OMV do you create a Ethernet or Bridge with no IP disabled?

    In KVM, do you add a network in settings first, or use bridge to assign the network?

    Zitat von CAH1982

    Could you explain in a little more detail

    In OMV do you create a Ethernet or Bridge with no IP disabled?

    In KVM, do you add a network in settings first, or use bridge to assign the network?

    There isn't much more detail I can give since it isn't really any more complicated than I already stated, aside from saying that I use virt-manager to tweak the VM, but here it goes again:


    I have more than one physical NIC in my system.


    One NIC is configured with an IP in OMV, the other one is enabled (showing in the OMV interfaced list) and plugged into my LAN, but not configured with an IP.


    When creating a VM, I use a virt-manager docker (https://hub.docker.com/r/mber5/virt-manager) to connect to the VM config, and change the NIC to a direct attachment to the un-configured NIC. (you could also do this by editing the VM's xml file, but it's so much easier to use virt-manager). I often also add another NIC to the VM and set that to use the internal KVM default network (192.168.122.x), which then allows that VM to access OMV shares within the system at 10Gbps speeds instead of using the 1Gbps LAN.


    The secondary NIC then acts like a LAN switch for external access for all of my VM's with the VM's getting actual LAN IP's and the KVM default network acts like a switch for internal access on the 192.168.122.x network.

    So, 2 Physical NIC's. One is set STATIC for OMV itself, the 2nd is "enabled" but not configured (but DHCP on). In KVM when creating a VM you create a Bridge macvtap and in the VM, change the IP to what you want. But, you also add a 2nd Virtual NIC, is this the default one in the VM/Network page;


    Code
    default
Inactive
192.168.122.1
192.168.122.0/24
nat
192.168.122.2 - 192.168.122.254


    So you would have NIC 1 which is a Bridge to the Physical 2nd NIC and NIC 2 which is a bridge to the KVM Virtual NIC, which allows LAN access of the OMV Network?

    Zitat von fbeye

    So, 2 Physical NIC's. One is set STATIC for OMV itself, the 2nd is "enabled" but not configured (but DHCP on). In KVM when creating a VM you create a Bridge macvtap and in the VM, change the IP to what you want. But, you also add a 2nd Virtual NIC, is this the default one in the VM/Network page;


    Code
    default
Inactive
192.168.122.1
192.168.122.0/24
nat
192.168.122.2 - 192.168.122.254


    So you would have NIC 1 which is a Bridge to the Physical 2nd NIC and NIC 2 which is a bridge to the KVM Virtual NIC, which allows LAN access of the OMV Network?

    The 2nd physical nic in the server is not configured at all. NO DHCP, NO Static IP, just simply recognized as a NIC by OMV.


    The 1st virtual NIC in the VM is directed to the unconfigured physical NIC. The 2nd virtual NIC in the VM is on the default KVM network that you would normally be having to deal with macvlan configurations.

    cheers i got it working by


    didnt set anything in OMV for KVM, left existing one for OMV there


    in KVM create a macvtap assign it to the spare NIC and all is working


    Copying files from NAS to VM is 100MBps so runs at its max, but for some reason internet speed tests shows 200MBps, where on a actual computer its 800-900MBps :/

    Zitat von BernH

    The 2nd physical nic in the server is not configured at all. NO DHCP, NO Static IP, just simply recognized as a NIC by OMV.


    The 1st virtual NIC in the VM is directed to the unconfigured physical NIC. The 2nd virtual NIC in the VM is on the default KVM network that you would normally be having to deal with macvlan configurations.

    Ahhh that’s cool. I had my 2nd physical NIC set as DHCP then macvlan bridge to it for my VM and in VM set it to static, but being a bridge I guess that makes sense, NIC 2 doesn’t need to have DHCP enabled.

    I guess for me having a 2nd (virtual) NIC in the VM for internal LAN access doesn’t make sense as everything is ON the 192.168.5.0 Network. But I can see how among VM’s creating inside their own unique LAN for transfers etc.

    You may get better performance if you enable virtio drivers for the VM. If the the VM is windows, you will need to download virtio drivers for it, but windows does suffer from slow internet download speeds when running in a VM, and unfortunately I have not discovered a fix for it.

    Zitat von fbeye

    Ahhh that’s cool. I had my 2nd physical NIC set as DHCP then macvlan bridge to it for my VM and in VM set it to static, but being a bridge I guess that makes sense, NIC 2 doesn’t need to have DHCP enabled.

    I guess for me having a 2nd (virtual) NIC in the VM for internal LAN access doesn’t make sense as everything is ON the 192.168.5.0 Network. But I can see how among VM’s creating inside their own unique LAN for transfers etc.

    There is still a benefit of having the second virtual internal NIC, in that NFS, SMB or any other traffic between the host (OMV) and the VM can stay "in the box" and not even touch your LAN.


    I have an ubuntu vm running the web components of nextcloud but the files are hosted on OMV via an NFS share, as id the postgres database it runs on, and a redis docker for transactional locking, all of which communicate over that internal 192.168.122.x network.

    yeah its just the internet thats slow, file transfers are fast. Virtio drivers are installed


    to have transfers not go via the switch from VM to OMV, as easy as on the VM add another network adapter? i dont have the default one so can i recreate it


    In the windows VM does anything need to be set up

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!

Benutzerkonto erstellen Anmelden