Good evening,
I have a sticky problem, in that I need to create a virtual interface for use with a VM, but it has to be layer-2 only: The VM will communicate with a pre-set MAC address (either one can be set for the adapter, which will be used by the VM – or the VM will masquerade another pre-set MAC address.)
Most of the solutions I've already found relate to using layer 3 (i.e. IP addresses), and unfortunately those solutions won't work for me: The layer 3 configuration must be done inside the VM, and the virtual NIC and virtual switch must be configured for L2 traffic only.
For security and operational reasons, I require no IP address configuration at all (i.e. link-local only for IPv4 and IPv6, or layer 3 completely disabled.)
Put simply, I need a topology like this:
My VM <-> vnic0 <-> vbr0 <-> eth0 <-> external network
I need to create a virtual adapter, called vnic0, connected (along with real adapter eth0) to a virtual bridge, called vbr0. Preferably, I'm after configuration files for RHEL 7.4 / CentOS 7.4 that will allow the configuration to work automatically, without interaction from a system administrator, after a reboot. I may also need to create vnic1, vnic2, vnic3, et cetera, all connected to vbr0, in the future.
Use of VLANs isn't strictly necessary (it can be assumed that everything is on a non-VLAN / native VLAN), but if some genius out there can show me how to configure, say, tagged dot1q traffic, with native VLAN 50 on vnic0, native VLAN 51 on vnic1, et cetera, with eth0 functioning as a trunk (with all or a subset of VLANs allowed to travel along it), serious brownie points would be due to you. 🙂
I have already tried the following:
modprobe dummy
ip link set name vnic0 dev dummy0
ip link add vbr0 type bridge
ip link eth0 down
ip link set dev eth0 master vbr0
ip link set dev vnic0 master vbr0
ip link set vbr0 up
ip link set vnic0 up
ip link set eth0 up
The biggest problem is that my vnic0 network broadcasts packets, but never receives them. My network isn't super-chatty, but I would expect to see at least some broadcast packets received by vnic0 via vbr0. However, that isn't happening. Attempts to run DHCP within the VM connected to vnic0 results in a timeout, though there is a perfectly functioning DHCP server connected to eth0.
Best Answer
Don't use dummy devices
This comes up regularly, I don't know why people insist to use them. Dummy devices are only useful to allow long-living applications to bind to a specific IP address, so the dummy devices can be moved around and bridged to other, more short-lived devices if necessary.
What you want is a macvlan or several which replace your
vnic*. In spite of the name, macvlan's have nothing to do with VLAN tagging. The macvlan will operate on layer 2, will already be sort-of bridged to the master interface (eth0), and you can select one of several modes that possibly restrict the interaction of the bridged devices, if you need that.