[clug] Bridging for KVM HOST servers - my solution

George at Clug Clug at goproject.info
Sun Apr 12 12:06:06 UTC 2020 

Hi,

Apologies for filling up your inboxes.

Below is the configuration that I current understand is best for setting up bridges as per to my previous email with the networking diagram.  

The style of configuring br1 below can be repeated for the bridges in the network diagram, and be repeated in each of the KVM Host servers as required.

If anyone sees a flaw or an improvement in the below configuration of a bridge, please let me know. So my question is "Is there a better way to do create an (isolated from host and other bridges) Linux bridge to a physical network ?" and  "Is it clear as to what I am trying to achieve ?" Once again I apologies if it is not, so please ask me politely what it is that I have failed to communicate.

I have tried a few simple tests which indicate the below configuration works, in reality, I don't currently have access to a SAN nor multiple host servers with which to test VM migration, or heavy workloads. 

Step 1: Modify sysctlf.conf as below (br1 lines would be repeated for each bridge)
Note: See reasoning for these changes from https://hsmr.cc/Freifunk/GatewayKonfiguration

/etc/sysctl.conf
    Uncomment
        net.ipv4.ip_forward=1
        net.ipv6.conf.all.forwarding=1
        net.ipv4.conf.default.rp_filter=1
        net.ipv4.conf.all.rp_filter=1
    Append
        # Disable IPv6 autoconf
        net.ipv6.conf.all.autoconf = 0
        net.ipv6.conf.default.autoconf = 0
        net.ipv6.conf.br1.autoconf = 0

        net.ipv6.conf.all.accept_ra = 0
        net.ipv6.conf.default.accept_ra = 0
        net.ipv6.conf.br1.accept_ra = 0

        # Disable IPv6 autoconfiguration/assignment of an IPv6 address 
        net.ipv6.conf.br1.disable_ipv6 = 1

        # Do not process traffic on bridges with iptables
        net.bridge.bridge-nf-call-arptables = 0
        net.bridge.bridge-nf-call-ip6tables = 0
        net.bridge.bridge-nf-call-iptables = 0

Step 2: Configure Bridging similar to below. 
Same bridging can be achieved via brctl or other methods.

In /etc/network/interfaces the below shows configuration for br1 only, and would be repeated for each bridge.

auto br1
iface br1 inet manual
    bridge_ports eth1
    bridge_stp off
    bridge_fd 0
    bridge_waitport 0

iface br1 inet6 manual
    bridge_ports eth1
    autoconf 0
    accept_ra 0
    bridge_stp off
    bridge_fd 0
    bridge_waitport 0

George.

More information about the linux mailing list