Automated Playground (Part 1) — Networking I

Posted on Sep 04, 2020 by Vincent TruchseƟ

First thing first. Before we install a PVE-VM on our system, we need to have a little thought about networking.
Since we want to run several VMs inside this VM and all these VMs want to have network access I have decided to run an OpnSense-VM as router/firewall plus OpenVSwitch on the PVE-host. Therefore I’d like to simply bridge the PVE-VM’s NIC onto my workstation’s ethernet-port, and handle all routing on the OnpSense-Machine.
I am doing this in a regular consumer-grade home-network which means, a CPE running a NAT as well as DHCP, SLAAC and DHCP6. I am having private address-space on the legacy-IP side plus a dynamic /56 IP-prefix.

Bridging and NetworkManager

I am running a vanilla Fedora on my Workstation which means it’s using NetworkManager. And because I don’t want to mannually setup a DHCP and SLAAC client, I do the bridge configuration with nmcli.
First, turn off the regular network-connection

nmcli connection down <Connection Name>

and add the bridge-Interface

nmcli connection add type bridge ifname br0

Now, we need to asign the physical Interface to the bridge

nmcli connection add type bridge-slave ifname <device-name> master br0

and finally turn on the bridge-connection

nmcli connection up bridge-br0

Now, NetworkManager should take care of assigning a SLAAC-based address to the bridge-interface as well as a DHCP-based legacy-IP.
I intend to keep this network-configuration so the bridge is always ready to have a VM attached.

Tags: linuxopsnetworkautomation