Guest unable to reach host by using macvtap interface

Usually, guest virtual machines can communicate with the other guests. But the guest can’t connect to the host machine after being configured to use a macvtap (also known as type=’direct’) network interface.

Need assistance to fix the guest virtual machine and similar issues which are done under our server management services plan.

Reason for the guest unable reach to the host

When you use the type=’direct’ network interface such as macvtap to configure a guest virtual machine. Where it has the ability to communicate with other guest and the other external hosts on a network, whereas the guest unable to communicate with its own host.

It usually defines as a behaviour of macvtap but not an error. it’s because of the way the host’s Ethernet is attached to the macvtap bridge and the traffic that drives in to bridge is from the guests that will be forwarded to the physical interface which cannot be bounced back up to the host’s IP stack.

Additionally, traffic from the host’s IP stack that is sent to the physical interface cannot be bounced back up to the Macvtap Bridge for forwarding to the guests.

Methods to fix the issue:

Following are the two methods that will fix the error.

  1. Creating a separate macvtap interface for the host

On the physical ethernet where you can create a separate macvtap interface for the host and give IP configuration. Through this way, the host would be peer attached to macvlap bridge and thus guest and host could communicate directly.

Using libvirt for creating an isolated network 

By using the libvirt where you can create an isolated network as well as the second interface for each guest virtual machine that is connected to this network. Later, the guest and the host will communicate directly with this isolated network, while also maintaining compatibility with NetworkManager.

Following are the steps for creating an isolated network with libvirt

1. First, we need to add and save the following XML in the /tmp/isolated.xml file. If the 192.168.254.0/24 network is already in use elsewhere on our network, you can choose a different network.

...
<network>
<name>isolated</name>
<ip address='192.168.254.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.254.2' end='192.168.254.254'/>
</dhcp>
</ip>
</network>
...

2. Follow the commands to create the network

virsh net-define /tmp/isolated.xml

3. Run the following command to set the network to autostart.

virsh net-autostart isolated

4. Run command and start the network.

virsh net-start isolated

5. Edit the configuration of each guest that uses macvtap for its network connection using the following command:

virsh edit name_of_guest

Add a new <interface> in the <devices> section similar to the following (note the <model type=’virtio’/> line is optional to include):

...
<interface type='network' trustGuestRxFilters='yes'>
<source network='isolated'/>
<model type='virtio'/>
</interface>

Then finally you need to restart each of the guests.

Since all the new network is isolated to host and the guests, all other communication from the guests will use the macvtap interface.

Conclusion

In brief, follow the steps to fix the issue with guests unable to reach the host using macvtap interface. If you need any assistance you can take our technical team support to fix any sort of issues. 

More Posts

Amazon IVS

The Amazon Interactive Video Service (Amazon IVS) is a brand-new tool for creating live interactive video experiences. By simply pointing your live stream to Amazon

How to fix Cloudflare 502 error

Usually, the error used to occur when Cloudflare doesn’t have contact with an origin web server. As a part of our server management services, we use

Send Us A Message

Having issues with your website/server

Get our experts to audit your server for FREE!!