Are you trying to resolve Guest unable to reach host using macvtap interface?
This guide is for you.
Generally, guest virtual machines can communicate with other guests. But at times a guest will not be able to connect to the host machine after being configured to use a macvtap network interface.
Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to resolve issues of guest virtual machines.
Nature of the error, Guest unable to reach host using macvtap interface ?
When we configure a guest virtual machine to use a type='direct' network interface such as macvtap, despite having the ability to communicate with other guests and other external hosts on the network, the guest cannot communicate with its own host.
However, this is actually not an error as it is the defined behavior of macvtap. Because of the way in which the host's physical Ethernet is attached to the macvtap bridge, traffic into that bridge from the guests that is forwarded to the physical interface cannot be bounced back up to the host's IP stack.
Additionally, traffic from the host's IP stack that is sent to the physical interface cannot be bounced back up to the macvtap bridge for forwarding to the guests.
What to do when the Guest unable to reach host using macvtap interface ?
You can apply the tips given below to fix this error.
1. Creating a separate macvtap interface for the host
We can create a separate macvtap interface for host use and give it the IP configuration previously on the physical ethernet. In this way, the host would be an equal peer attached to the macvlap bridge and thus guest and host could communicate directly.
2. Using libvirt for creating an isolated network
Use libvirt to create an isolated network and create a second interface for each guest virtual machine that is connected to this network. The host and guests can then directly communicate over this isolated network, while also maintaining compatibility with NetworkManager.
Following are the steps for creating an isolated network with libvirt:
i. First, we need to add and save the following XML in the /tmp/isolated.xml file.
If the 192.168.254.0/24 network is already in use elsewhere on our network, we can choose a different network:
...
<network>
<name>isolated</name>
<ip address='192.168.254.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.254.2' end='192.168.254.254'/>
</dhcp>
</ip>
</network>
...ii. Then create the network with the following command:
$ virsh net-define /tmp/isolated.xmliii. . After that, we need to set the network to autostart with the following command:
$ virsh net-autostart isolatediv. And start the network with the following command:
$ virsh net-start isolatedv. Now, edit the configuration of each guest that uses macvtap for its network connection using the following command:
$ virsh edit name_of_guestAdd a new <interface> in the <devices> section similar to the following (note the <model type=’virtio’/> line is optional to include):
...
<interface type='network' trustGuestRxFilters='yes'>
<source network='isolated'/>
<model type='virtio'/>
</interface>vi. Finally, shut down, then restart each of these guests.
Since this new network is isolated to only the host and guests, all other communication from the guests will use the macvtap interface.
[Need urgent Assistance in fixing missing packages on Linux Servers? We are happy to help you! ]
Conclusion
This article covers how to fix the issue with guests unable to reach the host using macvtap interface.
This issue happens when A guest virtual machine can communicate with other guests, but cannot connect to the host machine after being configured to use a macvtap (also known as type='direct') network interface.
To resolve this error (guests unable to reach the host using macvtap interface), simply create an isolated network with libvirt:
1. Add and save the following XML in the /tmp/isolated.xml file. If the 192.168.254.0/24 network is already in use elsewhere on your network, you can choose a different network.
<network>
<name>isolated</name>
<ip address='192.168.254.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.254.2' end='192.168.254.254' />
</dhcp>
</ip>
</network>
2. Create the network with this command: virsh net-define /tmp/isolated.xml
3. Set the network to autostart with the virsh net-autostart isolated command.
4. Start the network with the virsh net-start isolated command.
5. Using virsh edit name_of_guest, edit the configuration of each guest that uses macvtap for its network connection and add a new <interface> in the <devices> section similar to the following (note the <model type='virtio'/> line is optional to include):
<interface type='network'>
<source network='isolated'/>
<model type='virtio'/>
</interface>
6. Shut down, then restart each of these guests.
Since this new network is isolated to only the host and guests, all other communication from the guests will use the macvtap interface.
This article covers how to fix the issue with guests unable to reach the host using macvtap interface.
This issue happens when A guest virtual machine can communicate with other guests, but cannot connect to the host machine after being configured to use a macvtap (also known as type='direct') network interface.
To resolve this error (guests unable to reach the host using macvtap interface), simply create an isolated network with libvirt:
1. Add and save the following XML in the /tmp/isolated.xml file. If the 192.168.254.0/24 network is already in use elsewhere on your network, you can choose a different network.
<network>
<name>isolated</name>
<ip address='192.168.254.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.254.2' end='192.168.254.254' />
</dhcp>
</ip>
</network>
2. Create the network with this command: virsh net-define /tmp/isolated.xml
3. Set the network to autostart with the virsh net-autostart isolated command.
4. Start the network with the virsh net-start isolated command.
5. Using virsh edit name_of_guest, edit the configuration of each guest that uses macvtap for its network connection and add a new <interface> in the <devices> section similar to the following (note the <model type='virtio'/> line is optional to include):
<interface type='network'>
<source network='isolated'/>
<model type='virtio'/>
</interface>
6. Shut down, then restart each of these guests.
Since this new network is isolated to only the host and guests, all other communication from the guests will use the macvtap interface.
