[Qemu-devel] How to use macvtap/macvlan correctly

From: Chris Webb
Date: Fri, 30 Sep 2011 09:49:35 +0100
I'm trying to get bridge-mode communication between a macvtap and a host
macvlan working correctly, but I think I must be doing something wrong as
the host macvlan and guest macvtap apparently can't communicate. I'm aware
that the underlying eth0 interface can't communicate with the macvtap, but I
thought that creating a host macvlan device and configuring that was the
standard work-around?

On a clean host running linux 3.0.4 and iptables 2.6.39, with no networking
except lo up with, I did

  ip link add link eth0 name host address 02:a3:a6:ed:4b:94 type macvlan mode 
  ip addr add dev host
  ip link set eth0 up
  ip link set host up

I can ping a second host attached to the eth0 interface of the test
host without problem.

I then created a macvtap device and launched a qemu guest against it:

  ip link add link eth0 name macvtap0 type macvtap mode bridge
  qemu-kvm -nographic -kernel /boot/vmlinuz-guest \
    -append "console=ttyS0 root=/dev/vda" \
    -drive file=/tmp/testroot.img,if=virtio,cache=none \
    -net nic,model=virtio,macaddr=$(< /sys/class/net/macvtap0/address) \
    -net tap,fd=3 3<>/dev/tap$(< /sys/class/net/macvtap0/ifindex)

Configuring the eth0 inside the guest with, I discovered I can
ping the external machine, but not the host, despite the macvtap and macvlan
being in bridge mode.

  # ping
  PING ( 48 data bytes
  56 bytes from icmp_seq=0 ttl=64 time=0.351 ms
  56 bytes from icmp_seq=1 ttl=64 time=0.360 ms
  56 bytes from icmp_seq=2 ttl=64 time=0.281 ms
  ^C--- ping statistics ---
  3 packets transmitted, 3 packets received, 0% packet loss
  round-trip min/avg/max/stddev = 0.281/0.331/0.360/0.035 ms

  # ping
  PING ( 48 data bytes
  ^C--- ping statistics ---
  3 packets transmitted, 0 packets received, 100% packet loss

However something is working, because inside the guest:

# ip neigh dev eth0 lladdr c8:0a:a9:37:29:6a REACHABLE dev eth0 lladdr 02:a3:a6:ed:4b:94 REACHABLE

...and the MAC address it has for is correct, so somehow an arp
request and response has got out to the host and back.

The kernel has


(I didn't know off the top of my head if the bridge options are needed for
macvlan/vtap bridge mode, but they're compiled in anyway just in case.)

Any guesses what I've missed here?



