KVM bridged network cannot connect to the server

debianek asked:

I installed KVM on my Ubuntu Server 14.04 LTS on OVH dedicated server.

I cannot connect to my virtual host over ssh.

My server IP: AAA.AAA.AAA.AAA
My Failover IP: BBB.BBB.BBB.BBB

My config on the server

ifconfig

br0       Link encap:Ethernet  HWaddr 00:25:90:dd:35:6e  
          inet addr:AAA.AAA.AAA.AAA  Bcast:AAA.AAA.AAA.255  Mask:255.255.255.0
          inet6 addr: fe80::225:90ff:fedd:356e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3856 errors:0 dropped:0 overruns:0 frame:0
          TX packets:303 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:248725 (248.7 KB)  TX bytes:38262 (38.2 KB)

eth0      Link encap:Ethernet  HWaddr 00:25:90:dd:35:6e  
          inet6 addr: fe80::225:90ff:fedd:356e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3922 errors:0 dropped:5 overruns:0 frame:0
          TX packets:323 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:308221 (308.2 KB)  TX bytes:39990 (39.9 KB)
          Memory:fb720000-fb740000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:76 errors:0 dropped:0 overruns:0 frame:0
          TX packets:76 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:9066 (9.0 KB)  TX bytes:9066 (9.0 KB)

cat /etc/network/interfaces

auto lo
iface lo inet loopback

auto eth0
iface eth0 inet manual

auto br0
iface br0 inet static
    address AAA.AAA.AAA.AAA
    netmask 255.255.255.0
    network AAA.AAA.AAA.0
    broadcast AAA.AAA.AAA.255
    gateway AAA.AAA.AAA.254
    bridge_ports eth0
    bridge_fd 9
    bridge_hello 2
    bridge_maxage 12
    bridge_stp off

vm is created using

sudo ubuntu-vm-builder kvm trusty 
                  --domain test 
                  --dest test 
                  --arch amd64 
                  --hostname test 
                  --mem 256 
                  --user john 
                  --pass doe 
                  --bridge=br0 
                  --ip BBB.BBB.BBB.BBB 
                  --mask 255.255.255.0 
                  --bcast BBB.BBB.BBB.BBB 
                  --gw AAA.AAA.AAA.254 
                  --dns 213.186.33.99 
                  --components main,universe 
                  --addpkg acpid 
                  --addpkg openssh-server 
                  --addpkg avahi-daemon 
                  --addpkg linux-image-generic 
                  --addpkg bridge-utils 
                  --libvirt qemu:///system

brctl showmacs br0

port no mac addr        is local?   ageing timer
  1 00:00:0c:07:ac:02   no         2.50
  1 00:05:73:a0:00:01   no         1.84
  1 00:25:90:22:ad:82   no        17.36
  1 00:25:90:7d:18:b8   no        25.91
  1 00:25:90:dd:30:87   no         2.98
  1 00:25:90:dd:35:6e   yes        0.00
  1 00:ff:ff:ff:ff:fd   no         0.07
  1 00:ff:ff:ff:ff:fe   no         0.00
  1 00:ff:ff:ff:ff:ff   no         2.24
  1 a8:0c:0d:01:69:45   no         0.60

virsh edit test

<domain type='kvm'>
  <name>test</name>
  <uuid>27dcd092-9770-47f7-b613-2e0f94adcced</uuid>
  <memory unit='KiB'>262144</memory>
  <currentMemory unit='KiB'>262144</currentMemory>
  <vcpu placement='static'>1</vcpu>
  <os>
    <type arch='x86_64' machine='pc-i440fx-trusty'>hvm</type>
    <boot dev='hd'/>
  </os>
  <features>
    <acpi/>
  </features>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <devices>
    <emulator>/usr/bin/kvm</emulator>
    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2'/>
      <source file='/root/test/tmp342OQf.qcow2'/>
      <target dev='hda' bus='ide'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>
    <controller type='usb' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
    </controller>
    <controller type='pci' index='0' model='pci-root'/>
    <controller type='ide' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
    </controller>
    <interface type='bridge'>
      <mac address='52:54:00:18:ea:57'/>
      <source bridge='br0'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
    <input type='mouse' bus='ps2'/>
    <input type='keyboard' bus='ps2'/>
    <graphics type='vnc' port='-1' autoport='yes' listen='127.0.0.1'>
      <listen type='address' address='127.0.0.1'/>
    </graphics>
    <video>
      <model type='cirrus' vram='9216' heads='1'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
    </video>
    <memballoon model='virtio'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
    </memballoon>
  </devices>
</domain>

virsh edit default

<network>
  <name>default</name>
  <uuid>a962a950-17f3-48eb-b91b-9e71ef8a1247</uuid>
  <forward mode='nat'>
    <nat>
      <port start='1024' end='65535'/>
    </nat>
  </forward>
  <bridge name='br0' stp='on' delay='0'/>
  <mac address='52:54:00:4d:b5:0d'/>
  <ip address='AAA.AAA.AAA.AAA' netmask='255.255.255.0'>
    <dhcp>
      <range start='BBB.BBB.BBB.1' end='BBB.BBB.BBB.23'/>
    </dhcp>
  </ip>
</network>

ip route

default via AAA.AAA.AAA.254 dev br0 
AAA.AAA.AAA.0/24 dev br0  proto kernel  scope link  src AAA.AAA.AAA.AAA 

cat /etc/sysctl.conf

net.ipv4.ip_forward=1

net.ipv6.conf.all.autoconf = 0
net.ipv6.conf.default.autoconf = 0
net.ipv6.conf.eth0.autoconf = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.default.accept_ra = 0
net.ipv6.conf.eth0.accept_ra = 0

net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

arp -n

Address                  HWtype  HWaddress           Flags Mask            Iface
AAA.AAA.AAA.250           ether   00:25:90:22:ad:82   C                     br0
AAA.AAA.AAA.254           ether   00:ff:ff:ff:ff:ff   C                     br0

My answer:


You need to generate a Virtual MAC address for the failover IP in your OVH manager, and then assign that MAC address to the virtual machine’s NIC. OVH does not allow devices with arbitrary MAC addresses to communicate on its network.

OVH Manager Virtual MAC

The virtual machine should use a bridged network, not the “default” NATted network (such VMs can talk to the Internet but cannot be reached from outside).

    <interface type='bridge'>
      <mac address='00:50:56:04:bc:ce'/>
      <source bridge='br0'/>

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.