RHCE研究实验室: KVM联网和ping问题
RHCE研究实验室: KVM联网和ping问题
提问于 2019-05-05 17:17:39
我试图建立一个RHCE学习实验室根据迈克尔张成泽的RHCSA/RHCE设置指南。我遵循了书中的指南,尽管在我看来,很多信息都缺失了(一步一步地写这样一本书会更好)。
TL;DR -在我的KVM设置中,我不能让KVM在同一个子网中互相交谈。我的学习指南说,使用前NAT与virbr# devices...but,它是不起作用的。
我面临的主要问题是,我的am无法在网络上切换任何内容:“无法到达的目标主机”。server1不能平它的默认网关,主机,甚至是位于同一子网上的tester1。试图到达outsider1也是如此,这是同一个KVM主机PC上的一个不同的子网。同样的行为也出现在VM、tester1和outsider1上。
在设置过程中,我在专用网络上有一台主机(192.168.5.0/24),根据这本书,我创建了两个KVM虚拟网络和三个VM。下面是每个VM的配置摘要。
server1.example.com
- 附加到虚拟网络'example.com':NAT
- 设备模型: virtio
- vNIC MAC 52:54:00:86:51:d2
- 静态IP: 192.168.122.50/24,gw=192.168.122.1
tester1.example.com
- 附加到虚拟网络'example.com':NAT
- 设备模型: virtio
- vNIC MAC 52:54:00:89:20:c7
- 静态IP: 192.168.122.150/24,gw=192.168.122.1
outsider1.example.org
- 附加到虚拟网络'example.org':NAT
- 设备模型: virtio
- vNIC MAC 52:54:00:03:c3:0a
- 静态IP: 192.168.100.100/24,gw=192.168.100.1
我按照说明创建了两个虚拟网络,从虚拟化主机PC中可以看到的设置如下:
# virsh list
Id Name State
----------------------------------------------------
1 outsider1 running
2 tester1 running
4 server1 running
# virsh net-list
Name State Autostart Persistent
----------------------------------------------------------
example.com active yes yes
example.org active yes yes
# virsh net-info example.com
Name: example.com
UUID: 6d2a6e12-2d72-4720-9427-630a608bae6f
Active: yes
Persistent: yes
Autostart: yes
Bridge: virbr0
# virsh net-info example.org
Name: example.org
UUID: 3d564af8-4d3e-484b-846e-7ad76bd4be4a
Active: yes
Persistent: yes
Autostart: yes
Bridge: virbr1
# virsh net-dumpxml example.com
<network>
<name>example.com</name>
<uuid>6d2a6e12-2d72-4720-9427-630a608bae6f</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr0' stp='on' delay='0'/>
<mac address='52:54:00:7f:b9:50'/>
<domain name='example.com'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.151' end='192.168.122.254'/>
</dhcp>
</ip>
<ip family='ipv6' address='fd00:a81d:a6d7:55::1' prefix='64'>
<dhcp>
<range start='fd00:a81d:a6d7:55::100' end='fd00:a81d:a6d7:55::1ff'/>
</dhcp>
</ip>
</network>
# virsh net-dumpxml example.org
<network>
<name>example.org</name>
<uuid>3d564af8-4d3e-484b-846e-7ad76bd4be4a</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr1' stp='on' delay='0'/>
<mac address='52:54:00:49:c7:35'/>
<domain name='example.org'/>
<ip address='192.168.100.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.100.128' end='192.168.100.254'/>
</dhcp>
</ip>
<ip family='ipv6' address='fd00:e81d:a6d7:56::1' prefix='64'>
<dhcp>
<range start='fd00:e81d:a6d7:56::100' end='fd00:e81d:a6d7:56::1ff'/>
</dhcp>
</ip>
</network>
# brctl show
bridge name bridge id STP enabled interfaces
docker0 8000.02428a3f4914 no
virbr0 8000.5254007fb950 yes virbr0-nic
virbr1 8000.52540049c735 yes virbr1-nic
# ip route show
default via 192.168.5.1 dev enp0s31f6 proto dhcp metric 100
192.168.5.0/24 dev enp0s31f6 proto kernel scope link src 192.168.5.45 metric 100
192.168.100.0/24 dev virbr1 proto kernel scope link src 192.168.100.1
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 2c:4d:54:d2:c5:89 brd ff:ff:ff:ff:ff:ff
inet 192.168.5.45/24 brd 192.168.5.255 scope global noprefixroute dynamic enp0s31f6
valid_lft 71762sec preferred_lft 71762sec
inet6 fe80::7abc:be60:6633:d94/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:8a:3f:49:14 brd ff:ff:ff:ff:ff:ff
10: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether fe:54:00:03:c3:0a brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe03:c30a/64 scope link
valid_lft forever preferred_lft forever
11: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether fe:54:00:89:20:c7 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe89:20c7/64 scope link
valid_lft forever preferred_lft forever
13: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether fe:54:00:86:51:d2 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe86:51d2/64 scope link
valid_lft forever preferred_lft forever
14: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:49:c7:35 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global virbr1
valid_lft forever preferred_lft forever
inet6 fd00:e81d:a6d7:56::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe49:c735/64 scope link
valid_lft forever preferred_lft forever
15: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN group default qlen 1000
link/ether 52:54:00:49:c7:35 brd ff:ff:ff:ff:ff:ff
16: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:7f:b9:50 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
inet6 fd00:a81d:a6d7:55::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe7f:b950/64 scope link
valid_lft forever preferred_lft forever
17: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:7f:b9:50 brd ff:ff:ff:ff:ff:ff我尝试过在所有VM上重新启动NetworkManager,也尝试重新启动VM,但是没有一个VM可以与任何其他设备对话。显然我错过了一步让这些设备互相交谈..。
Server1配置如下:
[root@server1 ~]# ip route show
default via 192.168.122.1 dev eth0 proto static metric 100
192.168.122.0/24 dev eth0 proto kernel scope link src 192.168.122.50 metric 100
[root@server1 ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:00:86:51:d2 brd ff:ff:ff:ff:ff:ff
[root@server1 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:86:51:d2 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.50/24 brd 192.168.122.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe86:51d2/64 scope link
valid_lft forever preferred_lft foreverTester1配置如下:
[root@tester1 ~]# ip route show
default via 192.168.122.1 dev eth0 proto static metric 100
192.168.122.0/24 dev eth0 proto kernel scope link src 192.168.122.150 metric 100
[root@tester1 ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:00:89:20:c7 brd ff:ff:ff:ff:ff:ff
[root@tester1 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:89:20:c7 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.150/24 brd 192.168.122.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe89:20c7/64 scope link
valid_lft forever preferred_lft foreveroutsider1配置如下:
[root@outsider1 ~]# ip route show
default via 192.168.100.1 dev eth0 proto static metric 100
192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.100 metric 100
[root@outsider1 ~]# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT qlen 1000
link/ether 52:54:00:03:c3:0a brd ff:ff:ff:ff:ff:ff
[root@outsider1 ~]# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:03:c3:0a brd ff:ff:ff:ff:ff:ff
inet 192.168.100.100/24 brd 192.168.100.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe03:c30a/64 scope link
valid_lft forever preferred_lft forever我非常肯定,我需要在主机上创建静态路由,以便将流量从outsider1传输到tester1/server1 1,反之亦然。但真正困扰我的是,我甚至不能让tester1和server1互相交谈,甚至无法与默认的网关virbr0对话。
有什么想法吗?
回答 1
Unix & Linux用户
发布于 2019-05-11 01:52:48
这个设置意味着许多重要的参数没有显示在问题上(iptables/used步骤/内核网络配置/br安装/等等),这里有一些解决通信问题的可能性(在主主机端):
可能的解决方案:
网桥接口(如其名称所示)是设置中的多个网络接口之间的网关,您似乎拥有:
[KVM1-ETH0] <---> [Bridge][virbr0] <---> [Master][Bridge][virbr0-nic]
[KVM2-ETH0] <---> [Bridge][virbr1] <---> [Master][Bridge][virbr1-nic]首先,我不明白为什么需要2个网桥接口,然后,正如@LL3所提到的那样,第二个问题没有打开接口virbr0-nic。
第二,一个更清晰的设置应该是这样的(取决于您的需求)。
[KVM1-ETH0] <---> [Bridge][virbr0] <---> [Master][Bridge][virbr0-nic]
[KVM2-ETH0] <---> [Bridge][virbr1] <---> [Master][Bridge][virbr0-nic]或
[KVM1-ETH0] <---> [Bridge][virbr0] <---> [Master][enp0s31f6]
[KVM2-ETH0] <---> [Bridge][virbr0] <---> [Master][enp0s31f6]或
[KVM1-ETH0] <---> [Bridge][virbr0]
[KVM2-ETH0] <---> [Bridge][virbr0]可能的解决方案:
启动virbr0-nic和virbr1-nic (根据您的需要调整ip )
ifconfig virbr0-nic 192.168.122.254/24 up
ifconfig virbr1-nic 192.168.122.254/24 up但virbr0-nic和virbr1-nic仍然没有联系在一起。
可能的解决方案:
如果您想使用您的主接口,可以将它作为主程序添加到桥接器中(取决于您的需要)。
ip link set enp0s31f6 master virbr0
ip link set enp0s31f6 master virbr1可能的解决方案:
检查您的iptables /防火墙设置(例如防火墙,如果您使用它),出于测试目的,您可以在启动安装之前清空iptables。
#Netfilter cleanup
iptables --flush
iptables -t nat -F
iptables -X
iptables -Z
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT可能的解决方案:
主机路由/转发功能。通常,桥接器接口不需要ip_forward内核特性,但如果桥接器一开始配置不好,这可能会有所帮助。(请注意,启用ip_forward使主主机充当路由器,在生产环境中,这需要使用iptables或其他额外的预防措施)
#Enabling ipv4 forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward可能的解决方案:
遵循ip_forward可能的解决方案,您可以使用伪装来强制桥接通信使用特定的接口。
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE 在本例中,ip 192.168.0.0/24桥的通信量将被转发给eth0 (这需要ip_forward)。
可能的解决方案:
您可以考虑其他设置解决方案(桥接口除外),如macvlan、ipvlan或veth接口(一些例子)。
页面原文内容由Unix & Linux提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://unix.stackexchange.com/questions/517250
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号