Why doesn't VM's networking work when I attach its NIC to one of the bridge devices?

Rocky Linux General
1

I have a fresh installation of Rocky 8 on a server.

I am trying to move a VM from an old CentOS host to this new Rocky 8 server, but having problems when I try to attach its NIC to one of the bridges. I should explain that I am trying to attach the VM’s NIC to a bridge because of the limitations of MacVTap to one of the physical interfaces.

If I attach the guest’s NIC to br0 (eno1), it works. If I create another bridge: br1 (eno2) and attach the guest’s NIC to that it doesn’t work. Removing the bridge and attaching the guest directly to eno2 also works. I should add that br0 and br1 are on different networks: br0 is on a trusted network behind the firewall, while br1 is on a direct connection to the Internet. My testing on the guest is done by pinging the default gateway’s IP address (so DNS isn’t an issue here).

So, some information, with the bridge (two octets of the IP addresses have been replaced by “aa.bb”).

Attaching the guest to br1 doesn’t work (but attaching it to br0 does):
nmcli con show
NAME UUID TYPE DEVICE
bridge-br1 b0f5c7e5-ef71-4712-994f-7ff0c1886867 bridge br1
bridge-br0 1b0b7c3d-8876-42e2-88e0-71a8c9c3494e bridge br0
virbr0 97558384-3df0-485b-b46d-c322ff22331b bridge virbr0
bridge-slave-eno1 8013624d-d61f-4d4d-afc7-6a2bd10de140 ethernet eno1
bridge-slave-eno2 266c6039-5a09-4f58-9ddf-1b49bcc08a94 ethernet eno2
eno1 d9fa351d-c3bd-413f-9a60-046532fbb603 ethernet –
eno2 24b5c06e-ba5a-49f0-8d57-c12815da7d86 ethernet –
[root@i4 ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.3ceceffbfb90 yes eno1
br1 8000.3ceceffbfb91 yes eno2
virbr0 8000.525400083e36 yes

!?add

ip addr add aa.bb.156.121/28 dev br1

!ping

ping aa.bb.156.113
PING aa.bb.156.113 (aa.bb.156.113) 56(84) bytes of data.
64 bytes from aa.bb.156.113: icmp_seq=1 ttl=64 time=5.63 ms
64 bytes from aa.bb.156.113: icmp_seq=2 ttl=64 time=0.564 ms

Now, without the bridge:

nmcli con show

NAME UUID TYPE DEVICE
bridge-br0 1b0b7c3d-8876-42e2-88e0-71a8c9c3494e bridge br0
virbr0 a24eac91-06a9-4497-b73a-e58a3e3d6fa7 bridge virbr0
bridge-slave-eno1 8013624d-d61f-4d4d-afc7-6a2bd10de140 ethernet eno1
eno1 d9fa351d-c3bd-413f-9a60-046532fbb603 ethernet –
eno2 24b5c06e-ba5a-49f0-8d57-c12815da7d86 ethernet –

ip addr add aa.bb.156.121/28 dev eno2

ping aa.bb.156.113

PING aa.bb.156.113 (aa.bb.156.113) 56(84) bytes of data.
64 bytes from aa.bb.156.113: icmp_seq=1 ttl=63 time=1.57 ms
64 bytes from aa.bb.156.113: icmp_seq=2 ttl=63 time=8.58 ms

If I attach the guest to eno2, it works.

So: why does one bridge work, but not the other?

2

These were mere tests to demostrate that the host can connect to aa.bb.156.113?

You have STP enabled on the bridges. That causes initial delay before packets start to get through the bridge.
STP is protection against loops in network topology. You don’t create a loop, do you? Disable the STP.

3

These were mere tests to demostrate that the host can connect to aa.bb.156.113?

Since virt-manager would not even start the VM if it was connected to eno2 when br1 was active, I performed the tests:

  1. with br1 existing and the VM connected to br1,
  2. then I removed the bridge, rebooted and performed the test with the VM connected to eno2.
    So I never assigned an IP address simultaneously to both br1 and eno2. My intent is that this interface (br1 or eno2) will NOT have an IP address: only the guests using this interface will have IP addresses. Those were tests to show that the host can connect to aa.bb.156.113.

Update: I turned off stp on the bridge and there was no change.

Update 2: I changed the virtual NIC type to rtl8139 from virtio and now it is working.

Update 3: It just stopped working. I changed nothing.