为什么主机和网桥可以获得 IP,但虚拟机却没有?

tag-icon tag-icon networking kvm-virtualization network-bridge
为什么主机和网桥可以获得 IP,但虚拟机却没有?

我正在努力将我的 KVM 虚拟机连接到本地网络。

$ brctl show br0
bridge name    bridge id            STP enabled    interfaces
br0            8000.4c5262097e59    yes            enp0s31f6
                                                   vnet0

enp0s31f6 是主机的以太网卡,vnet0 是 KVM 客户的以太网卡。

在主机上,我有完整的网络连接。没有问题。

在虚拟机上,我根本没有网络连接:

$ping 8.8.8.8
connect: Network is unreachable

所以我想弄清楚哪里出了问题。在这里,我很困惑,因为我认为桥相当于硬件交换机,如果是这样的话,为什么插入交换机的一个设备可以连接到网络,而另一个却不能?

我们来看看他们的IP地址:

$ ip a show enp0s31f6
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000
    link/ether 4c:52:62:09:7e:59 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.4/24 brd 192.168.1.255 scope global enp0s31f6
       valid_lft forever preferred_lft forever
$ ip a show vnet0
26: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:f0:0e:f8 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc54:ff:fef0:ef8/64 scope link 
       valid_lft forever preferred_lft forever

因此,主机具有 IP 192.168.1.4,但虚拟机没有(除了 IPv6,不知道为什么)。

主机从 LAN 上的 DHCP 服务器获取其 IP:

sudo dhclient -v enp0s31f6
Internet Systems Consortium DHCP Client 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/enp0s31f6/4c:52:62:09:7e:59
Sending on   LPF/enp0s31f6/4c:52:62:09:7e:59
Sending on   Socket/fallback
DHCPREQUEST of 192.168.1.4 on enp0s31f6 to 255.255.255.255 port 67 (xid=0x64e68ab1)
DHCPACK of 192.168.1.4 from 192.168.1.1
RTNETLINK answers: File exists
bound to 192.168.1.4 -- renewal in 40526 seconds.

因此让我们尝试为虚拟机获取一个:

$ sudo dhclient -v vnet0
Internet Systems Consortium DHCP Client 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/vnet0/fe:54:00:f0:0e:f8
Sending on   LPF/vnet0/fe:54:00:f0:0e:f8
Sending on   Socket/fallback
DHCPDISCOVER on vnet0 to 255.255.255.255 port 67 interval 3 (xid=0xf64429)
DHCPDISCOVER on vnet0 to 255.255.255.255 port 67 interval 3 (xid=0xf64429)
DHCPDISCOVER on vnet0 to 255.255.255.255 port 67 interval 7 (xid=0xf64429)
DHCPDISCOVER on vnet0 to 255.255.255.255 port 67 interval 13 (xid=0xf64429)
DHCPDISCOVER on vnet0 to 255.255.255.255 port 67 interval 14 (xid=0xf64429)
DHCPDISCOVER on vnet0 to 255.255.255.255 port 67 interval 18 (xid=0xf64429)
DHCPDISCOVER on vnet0 to 255.255.255.255 port 67 interval 10 (xid=0xf64429)
DHCPDISCOVER on vnet0 to 255.255.255.255 port 67 interval 15 (xid=0xf64429)
DHCPDISCOVER on vnet0 to 255.255.255.255 port 67 interval 18 (xid=0xf64429)
^C

它没有得到。:-(

那么,也许网桥坏了,但主机仍然获得 IP,因为它物理连接到 LAN? 不,因为网桥本身似乎也与 DHCP 服务器对话:

$ sudo dhclient -v br0
Internet Systems Consortium DHCP Client 4.3.5
Copyright 2004-2016 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/

Listening on LPF/br0/4c:52:62:09:7e:59
Sending on   LPF/br0/4c:52:62:09:7e:59
Sending on   Socket/fallback
DHCPREQUEST of 192.168.1.4 on br0 to 255.255.255.255 port 67 (xid=0x58c2333c)
DHCPACK of 192.168.1.4 from 192.168.1.1
RTNETLINK answers: File exists
bound to 192.168.1.4 -- renewal in 42819 seconds.

我该如何继续?

(感觉我已经尝试并检查了几乎所有的东西,但我省去了关于此的信息因为我现在正尝试系统地找出上述步骤中出现错误的地方。)

答案1

我不是专家,但我认为您的网桥中应该禁用 STP。我的网桥中已禁用 STP。我的网络接口列表中没有任何 IP 地址,主机 IP 地址显示在 br0 接口上:

doug@s15:~/idle/k56wtteo/idle$ ip a show enp3s0
3: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UP group default qlen 1000
    link/ether f4:6d:04:65:2d:8e brd ff:ff:ff:ff:ff:ff
doug@s15:~/idle/k56wtteo/idle$ ip a show br0
4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether f4:6d:04:65:2d:8e brd ff:ff:ff:ff:ff:ff
    inet 192.168.111.112/24 brd 192.168.111.255 scope global dynamic br0
       valid_lft 84590sec preferred_lft 84590sec

然而,通过桥梁的东西看起来确实像你的:

doug@s15:~/idle/k56wtteo/idle$ brctl show br0
bridge name     bridge id               STP enabled     interfaces
br0             8000.f46d04652d8e       no              enp3s0
                                                        vnet0

您的 VM 定义是否指定使用桥接接口?示例(/etc/libvirt/qemu/serv-ff.xml在此示例中(我想我在某处读到您正在使用 kvm)):

<interface type='bridge'>
  <mac address='52:54:00:27:1b:4e'/>
  <source bridge='br0'/>
  <model type='virtio'/>
  <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>

如果我查看我的 LAN 的 arp 表,我可以看到虚拟机:

doug@DOUG-64:~$ arp | grep serv-ff
serv-ff.smythies.com     ether   52:54:00:27:1b:4e   C                     enp2s0

如果我在监控桥接接口的主机上设置 tcpdump,我可以观察到 VM 任务请求并在任务重新启动时通过 DHCP 从我的 LAN 获取 IP 地址:

doug@s15:~/idle/k56wtteo/idle$ sudo tcpdump -tttt -n -i br0 port 67 and port 68
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br0, link-type EN10MB (Ethernet), capture size 262144 bytes
2020-03-05 18:12:35.522302 IP 192.168.111.217.68 > 192.168.111.1.67: BOOTP/DHCP, Request from 52:54:00:27:1b:4e, length 265
2020-03-05 18:12:48.534782 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:54:00:27:1b:4e, length 291
2020-03-05 18:12:48.535118 IP 192.168.111.1.67 > 192.168.111.217.68: BOOTP/DHCP, Reply, length 300
2020-03-05 18:12:48.535243 IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 52:54:00:27:1b:4e, length 303
2020-03-05 18:12:48.535460 IP 192.168.111.1.67 > 192.168.111.217.68: BOOTP/DHCP, Reply, length 300

在虚拟机上:

doug@serv-ff:~$ ip a show ens3
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:27:1b:4e brd ff:ff:ff:ff:ff:ff
    inet 192.168.111.217/24 brd 192.168.111.255 scope global dynamic ens3
       valid_lft 86044sec preferred_lft 86044sec
    inet6 fe80::5054:ff:fe27:1b4e/64 scope link
       valid_lft forever preferred_lft forever

相关内容