KVM Bridge networking is a real pain

Latest response

Hello everyone,

I am experiencing lots of troubles with KVM and bridge networking. I know bridges in KVM are painful, but I am ready to get them work at any price.

My setup is the classic one:

LAN --> Firewall --> DMZ --> Gateway --> Internet

The issue here is that Firewall is a KVM-virtualized VM on RHEL host. The host has this configuration:

1) RHEL 6.5 as bare metal KVM Host with TWO network interfaces (eth0 is the motherboard-embedded one, and eth1 is the PCI one).
2) RHEL 6.5 is hosting two VM:
2.1) VM1 is basically a firewall router, so it needs bridge access to both network interfaces (eth0 for LAN, eth1 for DMZ)
2.2) VM2 is a MySQL server that needs bridged LAN connectivity (eth0), so LAN computers can reach VM2 with its LAN IP address or domain name.
3) RHEL 6.5 Host LAN/DMZ connectivity are both required for maintenance (LAN) and updates (DMZ). Host can connect to DMZ vía VM1 or directly vía eth1, choosing either way is up to you.

At network level, LAN and DMZ are two different VLAN that works fine. RHEL Host does not recieve VLAN-tagged traffic because is connected to different access ports on the switch. Say eth0 is connected to port 1 and eth1 is connected to port 2. STP in enabled on all switches.

I have created two network bridges on the RHEL Host, br0 and br1, mapped one each with their appropiate pysical devices eth0 and eth1. VM1 uses both bridges (both set in virt-manager --> VM1 --> networking --> bridge br0/1). VM1 guest have static IP on guest eth0 (br0) and dhcp IP on guest eth1 (br1). The same thing on the Host, which has static IP on eth0 and currently no IP at all on eth1 (to get Internet access vía VM1). Host has only one specified gateway on eth0.

The result is that VM1 randomly loses connectivity on both LAN and WAN ports for short periods of time.

I am currently thinking that it could be a MAC address table mismatch between the host and the VMs or an IP misconfiguration on the RHEL Host.

So please, anyone have tried to virtualize with KVM one server with two bridged network adapters that works?

Thanks a lot :)

ko

Responses