[clug] Bridging for KVM HOST servers - my solution
George at Clug
Clug at goproject.info
Sun Apr 12 12:06:06 UTC 2020
Hi,
Apologies for filling up your inboxes.
Below is the configuration that I current understand is best for setting up bridges as per to my previous email with the networking diagram.
The style of configuring br1 below can be repeated for the bridges in the network diagram, and be repeated in each of the KVM Host servers as required.
If anyone sees a flaw or an improvement in the below configuration of a bridge, please let me know. So my question is "Is there a better way to do create an (isolated from host and other bridges) Linux bridge to a physical network ?" and "Is it clear as to what I am trying to achieve ?" Once again I apologies if it is not, so please ask me politely what it is that I have failed to communicate.
I have tried a few simple tests which indicate the below configuration works, in reality, I don't currently have access to a SAN nor multiple host servers with which to test VM migration, or heavy workloads.
Step 1: Modify sysctlf.conf as below (br1 lines would be repeated for each bridge)
Note: See reasoning for these changes from https://hsmr.cc/Freifunk/GatewayKonfiguration
/etc/sysctl.conf
Uncomment
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
net.ipv4.conf.default.rp_filter=1
net.ipv4.conf.all.rp_filter=1
Append
# Disable IPv6 autoconf
net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.br1.autoconf = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.br1.accept_ra = 0
# Disable IPv6 autoconfiguration/assignment of an IPv6 address
net.ipv6.conf.br1.disable_ipv6 = 1
# Do not process traffic on bridges with iptables
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
Step 2: Configure Bridging similar to below.
Same bridging can be achieved via brctl or other methods.
In /etc/network/interfaces the below shows configuration for br1 only, and would be repeated for each bridge.
auto br1
iface br1 inet manual
bridge_ports eth1
bridge_stp off
bridge_fd 0
bridge_waitport 0
iface br1 inet6 manual
bridge_ports eth1
autoconf 0
accept_ra 0
bridge_stp off
bridge_fd 0
bridge_waitport 0
George.
More information about the linux
mailing list