kvm-【bridge】桥接网络实战

1、环境准备

1.1、桥接命令查看

1.1.1、安装桥操作工具

安装桥操作工具：bridge-utils
apt install bridge-utils -y
apt-file list bridge-utils

1.1.2、命令查看

# brctl --help
Usage: brctl [commands]
commands:
        addbr           <bridge>                add bridge
        delbr           <bridge>                delete bridge
        addif           <bridge> <device>       add interface to bridge
        delif           <bridge> <device>       delete interface from bridge
        hairpin         <bridge> <port> {on|off}        turn hairpin on/off
        setageing       <bridge> <time>         set ageing time
        setbridgeprio   <bridge> <prio>         set bridge priority
        setfd           <bridge> <time>         set bridge forward delay
        sethello        <bridge> <time>         set hello time
        setmaxage       <bridge> <time>         set max message age
        setpathcost     <bridge> <port> <cost>  set path cost
        setportprio     <bridge> <port> <prio>  set port priority
        show            [ <bridge> ]            show a list of bridges
        showmacs        <bridge>                show a list of mac addrs
        showstp         <bridge>                show bridge stp info
        stp             <bridge> {on|off}       turn stp on/off

1.2、查看宿主IP地址

# ip addr
...
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:95:33:c8 brd ff:ff:ff:ff:ff:ff
    altname enp2s1
    inet 192.168.10.21/24 brd 192.168.10.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe95:33c8/64 scope link 
       valid_lft forever preferred_lft forever
3: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 52:54:00:eb:07:52 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
4: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master virbr0 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:f4:2d:fc brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc54:ff:fef4:2dfc/64 scope link 
       valid_lft forever preferred_lft forever

1.3、查看路由

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.10.2    0.0.0.0         UG    0      0        0 ens33
192.168.10.0    0.0.0.0         255.255.255.0   U     0      0        0 ens33
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

1.4、配置DNS解析地址

# vi /etc/resolv.conf 
nameserver 192.168.10.2
options edns0 trust-ad
search .

2、桥接设备

2.1、手动创建

2.1.1、创建桥接网卡设备

brctl addbr br0
brctl stp br0 on

2.1.2、删除物理网卡的ip地址

ifconfig ens33 0 up

# 注意:此时ssh无法链接了,建议使用脚本操作

2.1.3、关联桥接设备和物理网卡设备

brctl addif br0 ens33

2.1.4、给桥接网卡配置ip地址并启动

 ifconfig br0 192.168.10.200/24 up

2.1.5、给桥接网卡配置路由

route add default gw 192.168.10.2
# 注意： 操作br0的另一种方法是 ip set dev br0 up/down

2.1.6、检查效果

root@localhost:~# ifconfig 
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.200  netmask 255.255.255.0  broadcast 192.168.10.255  # 此时，物理机的IP地址，已经换成192.168.10.200了
        inet6 fe80::7048:e6ff:feff:a96a  prefixlen 64  scopeid 0x20<link>
        ether 72:48:e6:ff:a9:6a  txqueuelen 1000  (Ethernet)
        RX packets 43  bytes 5210 (5.2 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 38  bytes 6907 (6.9 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500  # 无IP地址了
        inet6 fe80::20c:29ff:fe95:33c8  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:95:33:c8  txqueuelen 1000  (Ethernet)
        RX packets 12859  bytes 1147776 (1.1 MB)
        RX errors 0  dropped 2  overruns 0  frame 0
        TX packets 37144  bytes 48296917 (48.2 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
...

2.2、脚本创建

#如果将命令分开执行的话，则会在关联桥接网卡和物理网卡的时候造成断网现象，所以建议将这几条命令同时 执行或者使用脚本执行命令
cat << 'CAT_NED' > add_br0.sh
#!/bin/bash
brctl addbr br0
brctl stp br0 on
ifconfig ens33 0 up
brctl addif br0 ens33
ifconfig br0 192.168.10.21/24 up
route add default gw 192.168.10.2
CAT_NED

3、虚拟机网络配置

3.1、修改虚拟机的网卡配置

# virsh edit CentOS-8-x86_64
...
    <interface type='bridge'>
      <mac address='52:54:00:f4:2d:fc'/>
      <source bridge='br0'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
    </interface>
...

修改了三处地方：
 type后面的network修改为了bridge
 source后面的network修改为了bridge,network后面的default修改为了br0

3.2、重启虚拟机

virsh shutdown CentOS-8-x86_64
virsh start CentOS-8-x86_64

3.3、查看获取的IP地址

# ip addr2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:f4:2d:fc brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.22/24 brd 192.168.10.255 scope global noprefixroute dynamic eth0 # 是跟宿主机一样的网段
...

3.4、宿主机测试

root@localhost:~# ssh root@192.168.10.22 ip addr
root@192.168.10.22's password: 
...
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:f4:2d:fc brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.22/24 brd 192.168.10.255 scope global noprefixroute dynamic eth0
...

3.5、将虚拟机IP地址修改为固定

3.5.1、修改配置

]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth0
UUID=fe3b0f99-eef3-49b3-b54f-3b06c0b78f65
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.10.22
PREFIX=24
GATEWAY=192.168.10.2
DNS1=8.8.8.8

3.5.2、重启网络 或者 重启虚拟机

注意：centos8环境下重启网络的命令有些繁琐，不能使用 systemctl restart network
nmcli c reload
nmcli c up eth0
nmcli d reapply eth0
nmcli d connect eth0