Two things could be the cause of this:
One possible cause is the way you've built the private network (using the bridge on the host). It would be much safer and easier to configure this using virt-manager. If your host is CLI only, install it on a remote desktop/laptop and connect over SSH to the host.
Once installed, connect to the hypervisor, right click on it's name in the list and choose 'Details'. On the 'Virtual Networks' tab you can add a new network by clicking on the '+' button (lower,left). The wizard will guide you through the process, but make sure you un-check the options for IPv4 and IPv6 addresses (you don't need them as it's a point-to-point link) and choose the radio button for 'Private network'. Continue with the wizard and exit.
If you're a die-hard command line only person, then the above can be carried out using the virsh net-define command line interface. Create an XML file such as the example below (virbr2 is an unused bridge name - use brctl show to list yours):
<network>
<name>private</name>
<bridge name="virbr2" />
</network>
Then import it with:
# virsh net-define <XML filename>
Once the above is done, you can edit each VM to use this new private network (you'll have to reboot the VMs for this to take effect). Once you've edited the VM configuration, you'll be ready to log in to each one and configure the OS with the relevant IP details (from your OP). But, read on first...
Secondly, you have no routes between the two VMs pointing to the new interfaces.
Another
This is because you've configured the IP address with a /32 prefix.
When editing the connection use the format a.b.c.d/p to set the prefix; otherwise, without a prefix, it will default to /32:
# nmcli con edit "Wired connection 1"
nmcli> set ipv4.addresses 10.1.1.1/30
nmcli> save
nmcli> quit
# systemctl restart network
Configuring the network manually also works:
NM_CONTROLLED=no
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
IPADDR=10.1.1.1
PREFIX=30
Carry out a similar procedure on the other VM (10.1.1.2/30) and it should work.
Note: You could use /31 but only if you changed the IP addresses to 10.1.1.0 and 10.1.1.1. This may cause problems as the first address in the range is usually reserved for the network address and the last for broadcast. As you only have two addresses with /31, you'd have none left for the hosts. Best stick with /30, which gives you 4 addresses - two reserved and two for your hosts.
My second question is - is there an easier way to configure all of this to allow simple internet access to guest os?
You don't (or, at least, shouldn't) need to manually configure anything for simple internet access; QEMU automatically handles it. It has some limitations, such as not supporting the ICMP protocol (used by ping), not being visible to the external network, nor being able to talk to other virtual machines run the same way, but it works well for simple usage. See the Arch Wiki for more information.
Best Answer
With KVM (but not Xen) you can now use Macvtap instead of bridging. So you don't actually have to tear down the host's network stack and bring it back up with a bridge.
Macvtap works by piggybacking on an existing ethernet interface. It will make your ethernet interface listen on an additional MAC address and it will "steal" the incoming packets addresses to that MAC address so they don't appear to enter through that ethernet interface anymore and instead go to the guest.
If you still want to use a bridging config, you can do it, and of course you realize, it's risky. One way would be to put all of the commands you need to execute to convert the configuration (
brtcl,ip, etc...) into a shell script. Schedule anatjob to reboot the machine 10 minutes later, then execute the shell script. If it succeeds, cancel theatjob, and edit config files to make your changes permanent. If you make a mistake, at least you will get your server back 10 minutes later. I don't recommend it!