Figuring out network connectivity issues with bridge network interface

When there are connectivity issues from and/or to a virtual machine in libvirt check the following:

Promiscious mode on all network adapters. If libvirt is inside a virtual machine also check the mode defined on the host adapter in VirtualBox.
Enable nat to the bridge interface in iptables

iptables -t nat -A POSTROUTING -o kube_network_br -j MASQUERADE

Check ebtables -L for strange entries, as ebtables controls bridge routing as well
Check iptables -L for strange entries
Forward rules in iptables

iptables -A FORWARD -o kube_network_br -m comment --comment "allow packets to pass from lxd lan bridge" -j ACCEPT
iptables -A FORWARD -i kube_network_br -m comment --comment "allow input packets to pass to lxd lan bridge" -j ACCEPT

Set sysctl conf settings like ip forwarding in (/etc/sysctl.conf):

Load appropriate kernel modules

modprobe bridge
modprobe br_netfilter

Write the following settings into /etc/sysctl.conf

  net.bridge.bridge-nf-call-arptables = 0
  net.bridge.bridge-nf-call-ip6tables = 0
  net.bridge.bridge-nf-call-iptables = 0
  net.ipv4.ip_forward=1
  net.ipv4.conf.br0.bc_forwarding=1

Settings can be applied using sysctl -p.

Debugging

Monitor network traffic on port 67 and 68 for the kube_network_br interface

tcpdump -n -tttt -i kube_network_br portrange 67-68

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Figuring out network connectivity issues with bridge network interface

Debugging

Clone this wiki locally