How to forward all VLANs to a KVM virtual machine using Open vSwitch (OVS)

By default, documentation suggests sending all traffic via OVS. This is risky, because OVS is an independent service that can stop, restart, or fail. My approach separates management and production networks for reliability.

Physical interfaces and VLAN configuration

# cat /etc/sysconfig/network-scripts/ifcfg-eno49 
DEVICE="eno49"
ONBOOT=yes
NETBOOT=yes
UUID="bf732870-bc03-4a62-a1e5-686fd958928d"
IPV6INIT=yes
BOOTPROTO=none
HWADDR="8c:dc:d4:ac:dd:cc"
TYPE=Ethernet
NAME="eno49"
MASTER=bond0
SLAVE=yes

# cat /etc/sysconfig/network-scripts/ifcfg-eno50
DEVICE="eno50"
ONBOOT=yes
NETBOOT=yes
UUID="8bd8d8fb-9392-4028-a8be-b7b808fe6cdd"
IPV6INIT=yes
BOOTPROTO=none
HWADDR="8c:dc:d4:ac:dd:cd"
TYPE=Ethernet
NAME="eno50"
MASTER=bond0
SLAVE=yes

# cat /etc/sysconfig/network-scripts/ifcfg-bond0
DEVICE=bond0
BONDING_OPTS="miimon=100 updelay=0 downdelay=0 mode=802.3ad"
TYPE=Bond
BONDING_MASTER=yes
ONBOOT=yes

# cat /etc/sysconfig/network-scripts/ifcfg-bond0.222 
DEVICE=bond0.222
ONBOOT=yes
BOOTPROTO=none
VLAN=yes
NM_CONTROLLED=no
IPADDR=111.111.111.2
PREFIX=24
GATEWAY=111.111.111.1
DNS1=1.1.1.1
DNS2=1.1.2.2

Stop NetworkManager and Firewalld (if needed)

systemctl stop NetworkManager
systemctl disable NetworkManager
systemctl stop firewalld
systemctl disable firewalld

Start Open vSwitch service

systemctl enable openvswitch.service
systemctl start openvswitch.service

Create bridge and attach bond

ovs-vsctl add-br br0
ovs-vsctl add-port br0 bond0

# ovs-vsctl show
7a0c9d14-3166-4173-8813-bb43a01e39f0
    Bridge "br0"
        Port "br0"
            Interface "br0"
                type: internal
        Port "bond0"
            Interface "bond0"

At this stage, br0 may show as DOWN:

9: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN 
    link/ether 8c:dc:d4:ac:dd:cc brd ff:ff:ff:ff:ff:ff

Create virtual network for KVM

<network>
  <name>ovs-br0</name>
  <forward mode='bridge'></forward>
  <bridge name='br0'></bridge>
  <virtualport type='openvswitch'></virtualport>
</network>

This is a one-time setup; no need to repeat.

virsh net-define /etc/libvirt/my-ovsnet.xml
virsh net-list
virsh net-start ovs-br0
virsh net-autostart ovs-br0

# virsh net-list --all
 Name                 State      Autostart     Persistent
----------------------------------------------------------
 ovs-br0              active     yes           yes

Use in virsh install or VM XML

--network network=ovs-br0

    <interface type='network'>
      <mac address='52:54:00:b7:ae:99'></mac>
      <source network='ovs-br0'></source>
      <model type='virtio'></model>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'></address>
    </interface>

Inside the virtual machine, configure the network as usual.

Human Logic, AI Syntax... Note on Content: I'm a Systems Engineer, not a native English writer. To ensure my technical ideas are clear and accessible, I use AI tools to polish the grammar and style. The workflow is simple: I provide the logic, the code, and the real-world experience. The AI handles the "English-to-Human" translation layer. If you find a bug, that's on me. If you find a perfectly placed comma, that's probably the AI.

Comments

Post a Comment

Popular posts from this blog

FreeRadius with Google Workspace LDAP

This was the first time I used FreeRadius. This program reminds me of Postfix — a similarly complicated and powerful tool. Only one big difference: very poor documentation and not enough examples. In the mailing lists there are many questions without answers from FreeRadius gurus. Here I provide examples of how I solved some problems or where I spent too much time…
Read more

Fixing pssh (parallel-ssh) Problems on Debian 10 with Python 3.7

Python reminds me of PHP many years ago, when multiple incompatible versions could exist on one server. Do you need another version? The best solution back then was a new server, because any update or installation could break the entire global environment. Half a year after the “Sunsetting Python 2”, major distributions still continue to install Python 2 by default, and it becomes a challenge not to replace the default version after some update or after installing a new package.
Read more