KVM/libvirt VM 第 2 层看起来不错,但第 3 层不起作用

tag-icon tag-icon debian kvm bridge libvirt systemd-networkd
KVM/libvirt VM 第 2 层看起来不错,但第 3 层不起作用

这看起来和这个很相似问题但我的设置(kvm/libvirt)看起来比问题更接近答案。

主机运行 Debian 12 (bookworm),并且是最新的升级版本,除了安装了所需的 libvirt-{clients,daemon,daemon-system,etc}/stable 9.0.0-4 amd64 的标准软件包之外,没有任何其他内容。

正如标题所示,我可以看到注册到主机所连接的交换机上的端口(中继)的 MAC 地址(以及主机 MAC 地址)。主机获得 IP 连接正常。来宾在不同的 VLAN 上配置了 dhcp 和静态 IP。我可以为任何接口/协议提供 tcpdump 捕获,但除了没有第 3 层连接之外,一切看起来都应该如此。数据包捕获显示来自这些虚拟机的 mDNS 和广播流量,但仅此而已。

桥示例:

$ brctl show br20

bridge name     bridge id               STP enabled     interfaces
br20            ffff.4ab4a2a374f4       no              bond0
                                                        vnet2
                                                        vnet4
                                                        vnet5

和接口:

$ip a                                                                                     
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue master br20 state UP group default qlen 1000
    link/ether ea:47:55:68:9d:21 brd ff:ff:ff:ff:ff:ff
3: br10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ce:e4:a8:65:82:17 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::cce4:a8ff:fe65:8217/64 scope link 
       valid_lft forever preferred_lft forever
4: br20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4a:b4:a2:a3:74:f4 brd ff:ff:ff:ff:ff:ff
    inet 10.0.20.19/23 metric 50 brd 10.0.21.255 scope global dynamic br20
       valid_lft 62120sec preferred_lft 62120sec
    inet6 fe80::48b4:a2ff:fea3:74f4/64 scope link 
       valid_lft forever preferred_lft forever
5: br30: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 6e:d1:73:de:65:b3 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::6cd1:73ff:fede:65b3/64 scope link 
       valid_lft forever preferred_lft forever
6: br40: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether f6:4a:b6:a4:f5:7a brd ff:ff:ff:ff:ff:ff
    inet6 fdb5:c811:ef42:2fc:f44a:b6ff:fea4:f57a/64 scope global dynamic mngtmpaddr noprefixroute 
       valid_lft 1348sec preferred_lft 1348sec
    inet6 fe80::f44a:b6ff:fea4:f57a/64 scope link 
       valid_lft forever preferred_lft forever
7: br50: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 92:47:00:08:04:d2 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::9047:ff:fe08:4d2/64 scope link 
       valid_lft forever preferred_lft forever
8: local.50@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br50 state UP group default qlen 1000
    link/ether ea:47:55:68:9d:21 brd ff:ff:ff:ff:ff:ff
9: security.40@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br40 state UP group default qlen 1000
    link/ether ea:47:55:68:9d:21 brd ff:ff:ff:ff:ff:ff
10: guest.30@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br30 state UP group default qlen 1000
    link/ether ea:47:55:68:9d:21 brd ff:ff:ff:ff:ff:ff
11: mgmt.10@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br10 state UP group default qlen 1000
    link/ether ea:47:55:68:9d:21 brd ff:ff:ff:ff:ff:ff
12: br-27861bffb42c: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:a7:95:00:81 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.1/16 brd 172.18.255.255 scope global br-27861bffb42c
       valid_lft forever preferred_lft forever
13: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default 
    link/ether 02:42:3d:97:16:1c brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
       valid_lft forever preferred_lft forever
14: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br40 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:9f:cc:34 brd ff:ff:ff:ff:ff:ff
15: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br50 state UKNOWN group default qlen 1000
    link/ether fe:54:00:90:48:8e brd ff:ff:ff:ff:ff:ff
16: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br20 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:9f:66:4d brd ff:ff:ff:ff:ff:ff
17: vnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br40 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:02:9d:9d brd ff:ff:ff:ff:ff:ff
18: vnet4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br20 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:f7:dc:b8 brd ff:ff:ff:ff:ff:ff
19: vnet5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br20 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:7b:16:db brd ff:ff:ff:ff:ff:ff

这看起来与我之前设置的其他主机完全相同,疯狂的是它一开始可以工作,但在运行一天左右后在某个时候停止了。

启用对 IP 转发的内核支持:

$cat /proc/sys/net/ipv4/ip_forward
1

从路由器/dhcp 服务器中,arp 表显示(例如,接口位于 VLAN 20 上的虚拟机):

hostname (10.0.20.xx) at <incomplete> on eth2.20

但是我的(cisco)交换机在地址表中显示了相同接口的 MAC 地址,正如您所期望的那样,就好像它连接了一根电缆一样。我完全不知道为什么这不起作用,有人能指出我正确的方向吗?

相关内容