KVM 客户网络 - 只有一个适配器通过主机桥连接到互联网?

tag-icon tag-icon linux networking kvm-virtualization
KVM 客户网络 - 只有一个适配器通过主机桥连接到互联网?

我正在尝试向 KVM 客户机添加三个接口(我的托管服务提供商要求),但运气不佳!我一次只能让一个接口在客户机上工作。如果我nmtui在 CentOS 7 客户机上启用内部适配器,同时禁用其他适配器,它将工作,但其他适配器甚至不再 ping 通。我认为我对桥接工作原理的理解存在问题,希望得到一些指点。

目标:在主机上设置网桥,在客户机上设置三个接口(服务器提供商分配 MAC 地址供我使用)

信息:

xxx.yyy.107.27 - assume main IP address of the Host machine
xxx.yyy.107.1 - gateway for the above
255.255.255.192 - netmask for the above
xxx.yyy.168.170 - IP address #1 for Guest
xxx.yyy.168.171 - IP address #2 for Guest
xxx.yyy.168.174 - IP address #3 for Guest
xxx.yyy.168.169 - Gateway for IPs 1-3 given by Provider
255.255.255.248 - Netmask for IPs 1-3 given by Provider
00:50:56:00:a4:33 - MAC for IP 1
00:50:56:00:9a:97 - MAC for IP 2
00:50:56:00:ad:04 - MAC for IP 3

Debian 8 主机 /etc/network/interfaces:

# Loopback device:
auto lo
iface lo inet loopback

# eth0
auto eth0
iface eth0 inet manual

iface eth0 inet6 static
  address 2a01:4f8:171:101a::2
  netmask 64
  gateway fe80::1

auto br0
iface br0 inet static
 address xxx.yyy.107.27
 netmask 255.255.255.192
 gateway xxx.yyy.107.1
 broadcast xxx.yyy.107.63
 bridge_ports eth0
 bridge_fd 0
 bridge_stp off
 bridge_waitport 0
 bridge_hello 2
 bridge_maxage 12

Libvirt 网络:

<network>
  <name>Host</name>
  <forward mode='bridge'/>
  <bridge name='br0'/>
</network>

Guest 相关接口的 XML 配置:

    <interface type='network'>
      <mac address='00:50:56:00:a4:33'/>
      <source network='Host'/>
      <model type='rtl8139'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
    <interface type='network'>
      <mac address='00:50:56:00:9a:97'/>
      <source network='Host'/>
      <model type='rtl8139'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
    </interface>
    <interface type='network'>
      <mac address='00:50:56:00:ad:04'/>
      <source network='Host'/>
      <model type='rtl8139'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>
    </interface>

CentOS 7 客户机/etc/sysconfig/network-interfaces/ifcfg-eth0-1:

HWADDR=00:50:56:00:A4:33
TYPE=Ethernet
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=eth0
UUID=18f3808e-335a-4932-93e4-683b987ddc07
DEVICE=eth0
ONBOOT=yes
PREFIX=32
PEERDNS=yes
PEERROUTES=yes

CentOS 7 客户机 /etc/sysconfig/network-interfaces/ifcfg-eth1:

HWADDR=00:50:56:00:9A:97
TYPE=Ethernet
BOOTPROTO=dhcp
DNS1=213.133.98.98
DNS2=213.133.99.99
DNS3=213.133.100.100
DEFROUTE=no
IPV4_FAILURE_FATAL=yes
IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6_DEFROUTE=no
IPV6_FAILURE_FATAL=no
NAME=eth1
UUID=a2c6c1e3-bfb2-4401-99e0-40f723d6d713
DEVICE=eth1
ONBOOT=yes
PEERDNS=yes
PEERROUTES=yes

我没有看到第三个接口的任何文件,这与网络管理器有关吗?

客户的 /etc/sysconfig/network:

GATEWAY=xxx.yyy.107.1

Guest 上的 route -n 输出:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.yyy.168.169 0.0.0.0         UG    100    0        0 ens8
0.0.0.0         xxx.yyy.168.169 0.0.0.0         UG    101    0        0 eth0
xxx.yyy.168.168 0.0.0.0         255.255.255.248 U     100    0        0 ens8
xxx.yyy.168.169 0.0.0.0         255.255.255.255 UH    100    0        0 eth0
xxx.yyy.168.170 0.0.0.0         255.255.255.255 UH    100    0        0 eth0
188.40.24.199   xxx.yyy.168.169 255.255.255.255 UGH   100    0        0 ens8

主机上的 route -n 输出:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.yyy.107.1   0.0.0.0         UG    0      0        0 br0
xxx.yyy.107.0   0.0.0.0         255.255.255.192 U     0      0        0 br0

看起来我的桥接器在任何给定时间只允许其中一个接口连接到外部世界。我想修复这个问题,但我不确定我的设置和理解是否正确。我可能设置得非常错误,并且发生了奇怪的事情,所以非常感谢任何帮助。

编辑 1: 客人的 ifconfig 上的当前状态:

ens8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet xxx.yyy.168.174  netmask 255.255.255.248  broadcast xxx.yyy.168.175
        inet6 fe80::250:56ff:fe00:ad04  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:00:ad:04  txqueuelen 1000  (Ethernet)
        RX packets 6456  bytes 3735538 (3.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4987  bytes 548563 (535.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet xxx.yyy.168.170  netmask 255.255.255.248  broadcast xxx.yyy.168.170
        inet6 fe80::250:56ff:fe00:a433  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:00:a4:33  txqueuelen 1000  (Ethernet)
        RX packets 1012  bytes 75375 (73.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 47  bytes 5110 (4.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet xxx.yyy.168.171  netmask 255.255.255.248  broadcast xxx.yyy.168.175
        inet6 fe80::250:56ff:fe00:9a97  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:00:9a:97  txqueuelen 1000  (Ethernet)
        RX packets 1048  bytes 77065 (75.2 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 22  bytes 2808 (2.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 0  (Local Loopback)
        RX packets 12243  bytes 1881497 (1.7 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 12243  bytes 1881497 (1.7 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

目前,只有 xxx.yyy.168.170 可以从客户机外部访问。其余的甚至不在主机上。

主机的ifconfig:

br0       Link encap:Ethernet  HWaddr f8:32:e4:71:a2:87
          inet addr:xxx.yyy.107.27  Bcast:xxx.yyy.107.63  Mask:255.255.255.192
          inet6 addr: fe80::fa32:e4ff:fe71:a287/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:20661927 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14207667 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3370784779 (3.1 GiB)  TX bytes:2529369626 (2.3 GiB)

eth0      Link encap:Ethernet  HWaddr f8:32:e4:71:a2:87
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:22402779 errors:0 dropped:0 overruns:0 frame:0
          TX packets:15423843 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4010564000 (3.7 GiB)  TX bytes:2731403072 (2.5 GiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:21145 errors:0 dropped:0 overruns:0 frame:0
          TX packets:21145 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2619801 (2.4 MiB)  TX bytes:2619801 (2.4 MiB)

vnet0     Link encap:Ethernet  HWaddr fe:50:56:00:a4:33
          inet6 addr: fe80::fc50:56ff:fe00:a433/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2028 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7634 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:1219855 (1.1 MiB)  TX bytes:692099 (675.8 KiB)

vnet1     Link encap:Ethernet  HWaddr fe:50:56:00:9a:97
          inet6 addr: fe80::fc50:56ff:fe00:9a97/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:49 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6348 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:5154 (5.0 KiB)  TX bytes:520891 (508.6 KiB)

vnet2     Link encap:Ethernet  HWaddr fe:50:56:00:ad:04
          inet6 addr: fe80::fc50:56ff:fe00:ad04/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5080 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12829 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:560230 (547.0 KiB)  TX bytes:4342111 (4.1 MiB)

答案1

Hetzner 不幸地告诉我,由于他们的过滤,虚拟机中一次只能有一个 IP 地址处于活动状态 (?)。如果您从 Hetzner 订购用于 VM 的附加 IP 地址,则每个 VM 在任何给定时间只能有一个 IP 地址可用。为了在 VM 上拥有多个 IP,Hetzner 提供了子网(目前最小为 /29)。我希望这对遇到类似问题的人有所帮助,因为他们的文档中没有概述这一点。

编辑:这已“解决” - 我需要等待几个小时才能接受我的答案。

相关内容