What is the correct way to setup a bonded bridge on Centos 6 for KVM guests?
I'd currently playing around with a setup of two KVM-hosts which will each host several guests. I have two HP DL380:s with 4 nics each. I'd like to use two nics (eth0, eth1) in a active-backup (mode=1) bond, for failover reasons, facing internet. Then i'd like to have the two other nics (eth2, eth3) also in a active-backup bond, facing a admin/back net.
On top of the bond I need a bridge that the KVM guests will use to access front or back network.
On the interwebz I have found many different ways to configure this. Some are just mentioning bonding, some just bridging and some are tring to combine it. None that I have found has metioned what will happen if I use a front and back net with many hosts.
Some of my problems/questions are.
- I got a fetich on correct config files, the way the developers thought they should be, not just working config files.
- I got error "kernel: bond0: received packet with own address as source address". Both for bond0 and bond1.
- Will the traffic automtically be forwarded from the back-net to the front-net. Should I use ebtables/iptables or something to disable the forwarding traffic?
- Do I need to use Spanning Tree Protocol (STP)?
- Do I need any specific routes?
Here is a nice picture how the environment looks (at least a part of it.)
Here are my relevant config files.
/etc/sysconfig/network
NETWORKING=yes
HOSTNAME=host1
GATEWAYDEV=br0
NETWORKING_IPV6=no
/etc/sysconfig/network-scripts/ifcfg-eth0 -- ifcfg-eth3
DEVICE="ethX"
NM_CONTROLLED="no"
ONBOOT=yes
HWADDR=xx:xx:xx:xx:xx:xx
SLAVE=yes
MASTER=bondX
HOTPLUG=no
BOOTPROTO=none
/etc/sysconfig/network-scripts/ifcfg-bond0 -- ifcfg-bond1
DEVICE=bondX
BONDING_OPTS="miimon=100 mode=1"
ONPARENT=yes
BOOTPROTO=none
BRIDGE=brX
/etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
TYPE=Bridge
ONBOOT=yes
DELAY=0
BOOTPROTO=none
/etc/sysconfig/network-scripts/ifcfg-br1
DEVICE=br1
TYPE=Bridge
ONBOOT=yes
DELAY=0
BOOTPROTO=static
IPADDR=10.0.1.100
NETMASK=255.255.255.0
Update 1
- Added /etc/sysctl.conf
- Removed ip from ifcfg-br0. The host shouldn't be accessible from internet, only from admin net.
* Update 2*
- Removed changes to /etc/sysctl.conf. Don't need to enable iptables.
Not sure about CentOS 6, but on Fedora the bonding module is not added to the Linux kernel by default and therefore you need to create a file /etc/modprobe.d/bonding.conf with content
Reboot, and you should see bonding module loaded during boot.
Since you have two bonded interfaces you might have to add another alias line for bond1 as well. However I have never tried that.
Suggest you get one working and then worry about setting up the second.
Other issue you raised about the bridge, other points to note, these configurations work with the network daemon but I don't believe they work with NetworkManager. Are you running the network or the NetworkManager daemon?
And finally, there are different ways to configure netfilter to handle bridged interfaces. At least on Fedora 12+, the default is to disable netfilter on bridges. However you can change this by editing /etc/sysctl.conf and setting
Do the same for arp and ipv6 and in this file you also need to set
Flush your FORWARD chain and replace with iptables rule