Re: domain not getting IP address

Pavel Mores via Users Wed, 17 Sep 2025 07:04:55 -0700

On Wed, Sep 17, 2025 at 3:05 PM Martin Kletzander <mklet...@redhat.com>
wrote:


> On Wed, Sep 17, 2025 at 02:14:51PM +0200, Pavel Mores via Users wrote:
> >Hi,
> >
> >I'm examining a domain that's connected to the 'default' network
> >
> ># virsh net-dumpxml default
> ><network connections='1'>
> >  <name>default</name>
> >  <uuid>c757baa7-2b31-4794-9dfb-0df384575602</uuid>
> >  <forward mode='nat'>
> >    <nat>
> >      <port start='1024' end='65535'/>
> >    </nat>
> >  </forward>
> >  <bridge name='virbr0' stp='on' delay='0'/>
> >  <mac address='52:54:00:37:b7:92'/>
> >  <ip address='192.168.122.1' netmask='255.255.255.0'>
> >    <dhcp>
> >      <range start='192.168.122.2' end='192.168.122.254'/>
> >    </dhcp>
> >  </ip>
> ></network>
> >
>
> This is standard.
>
> >using a device as follows:
> >
> ><interface type='network'>
> >  <mac address='52:54:00:ed:06:2e'/>
> >  <source network='default' portid='83db8ca9-baed-47f3-ba0d-1a967ee86aa5'
> >bridge='virbr0'/>
> >  <target dev='vnet19'/>
> >  <model type='virtio'/>
> >  <alias name='net0'/>
> >  <address type='pci' domain='0x0000' bus='0x00' slot='0x02'
> >function='0x0'/>
> ></interface>
> >
>
> This looks fine.
>
> >The domain is running but apparently without an IP address:
> >
> ># virsh domifaddr podvm-podsandbox-totok-8f10756a
> > Name       MAC address          Protocol     Address
>
> >-------------------------------------------------------------------------------
> >
>
> This shows that libvirt does not know about any IP address.  Does adding
> "--source agent", "--source arp" or "--source lease" change anything?
>

'arp' and 'lease' don't but

# virsh domifaddr --source agent podvm-podsandbox-totok-8f10756a
error: Failed to query for interfaces addresses
error: argument unsupported: QEMU guest agent is not configured

This is surprising to me since this is a peer pods setup where the domain
in question is a podvm running an image which I was told does have
the qemu agent running.

However the agent shouldn't be necessary for IP address acquisition I guess,
right?

>The requisite host-side interfaces look good (to me anyway :-)):
> >
> >10: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc htb state UP
> >group default qlen 1000
> >    link/ether 52:54:00:37:b7:92 brd ff:ff:ff:ff:ff:ff
> >    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
> >       valid_lft forever preferred_lft forever
> >[...]
> >35: vnet19: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
> master
> >virbr0 state UNKNOWN group default qlen 1000
> >    link/ether fe:54:00:ed:06:2e brd ff:ff:ff:ff:ff:ff
> >    inet6 fe80::fc54:ff:feed:62e/64 scope link proto kernel_ll
> >       valid_lft forever preferred_lft forever
> >
> >I can share more information about the setup if necessary but I'll stop
> >here for now since I feel this must be just a simple stupid oversight on
> my
> >part.  Please let me know if you'd like to have additional info.
> >
>
> When this happens to me sometimes, it's most often a firewall issue and
> the VM does not get any IP address or cannot communicate outside its
> network.
>

I've seen a firewall suggested as a possible culprit, yes, however I don't
quite
know what it should look like.  iptables appear unconfigured:

# iptables -L -v -n
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source
destination

`nft list ruleset` lists only rules that look managed by libvirt
itself(*).  At any
rate the host machine has no specific hand-configured firewall that I know
of.


> What it can be here is that there are some access issues to the dnsmasq
> lease file.
>
> What's in your /var/lib/libvirt/dnsmasq/virbr0.status file on the host?
>

It's empty.

Thanks Martin!
pvl

(*) # nft list ruleset
table ip libvirt_network {
chain forward {
type filter hook forward priority filter; policy accept;
counter packets 85854914 bytes 398726525237 jump guest_cross
counter packets 85854914 bytes 398726525237 jump guest_input
counter packets 34777368 bytes 3386943972 jump guest_output
}

chain guest_output {
ip saddr 192.168.12.0/24 iif "openshift-412" counter packets 0 bytes 0
accept
iif "openshift-412" counter packets 0 bytes 0 reject
ip saddr 192.168.19.0/24 iif "openshift-419" counter packets 0 bytes 0
accept
iif "openshift-419" counter packets 0 bytes 0 reject
ip saddr 192.168.16.0/24 iif "openshift-416" counter packets 0 bytes 0
accept
iif "openshift-416" counter packets 0 bytes 0 reject
ip saddr 192.168.15.0/24 iif "openshift-415" counter packets 0 bytes 0
accept
iif "openshift-415" counter packets 0 bytes 0 reject
ip saddr 192.168.13.0/24 iif "openshift-413" counter packets 0 bytes 0
accept
iif "openshift-413" counter packets 0 bytes 0 reject
ip saddr 192.168.122.0/24 iif "virbr0" counter packets 0 bytes 0 accept
iif "virbr0" counter packets 0 bytes 0 reject
ip saddr 192.168.17.0/24 iif "openshift-417" counter packets 0 bytes 0
accept
iif "openshift-417" counter packets 0 bytes 0 reject
ip saddr 192.168.14.0/24 iif "openshift-414" counter packets 0 bytes 0
accept
iif "openshift-414" counter packets 0 bytes 0 reject
ip saddr 192.168.11.0/24 iif "openshift-411" counter packets 0 bytes 0
accept
iif "openshift-411" counter packets 0 bytes 0 reject
ip saddr 192.168.18.0/24 iif "openshift-418" counter packets 34777368 bytes
3386943972 accept
iif "openshift-418" counter packets 0 bytes 0 reject
}

chain guest_input {
oif "openshift-412" ip daddr 192.168.12.0/24 ct state established,related
counter packets 0 bytes 0 accept
oif "openshift-412" counter packets 0 bytes 0 reject
oif "openshift-419" ip daddr 192.168.19.0/24 ct state established,related
counter packets 0 bytes 0 accept
oif "openshift-419" counter packets 0 bytes 0 reject
oif "openshift-416" ip daddr 192.168.16.0/24 ct state established,related
counter packets 0 bytes 0 accept
oif "openshift-416" counter packets 0 bytes 0 reject
oif "openshift-415" ip daddr 192.168.15.0/24 ct state established,related
counter packets 0 bytes 0 accept
oif "openshift-415" counter packets 0 bytes 0 reject
oif "openshift-413" ip daddr 192.168.13.0/24 ct state established,related
counter packets 0 bytes 0 accept
oif "openshift-413" counter packets 0 bytes 0 reject
oif "virbr0" ip daddr 192.168.122.0/24 ct state established,related counter
packets 0 bytes 0 accept
oif "virbr0" counter packets 0 bytes 0 reject
oif "openshift-417" ip daddr 192.168.17.0/24 ct state established,related
counter packets 0 bytes 0 accept
oif "openshift-417" counter packets 0 bytes 0 reject
oif "openshift-414" ip daddr 192.168.14.0/24 ct state established,related
counter packets 0 bytes 0 accept
oif "openshift-414" counter packets 0 bytes 0 reject
oif "openshift-411" ip daddr 192.168.11.0/24 ct state established,related
counter packets 0 bytes 0 accept
oif "openshift-411" counter packets 0 bytes 0 reject
oif "openshift-418" ip daddr 192.168.18.0/24 ct state established,related
counter packets 51077546 bytes 395339581265 accept
oif "openshift-418" counter packets 0 bytes 0 reject
}

chain guest_cross {
iif "openshift-412" oif "openshift-412" counter packets 0 bytes 0 accept
iif "openshift-419" oif "openshift-419" counter packets 0 bytes 0 accept
iif "openshift-416" oif "openshift-416" counter packets 0 bytes 0 accept
iif "openshift-415" oif "openshift-415" counter packets 0 bytes 0 accept
iif "openshift-413" oif "openshift-413" counter packets 0 bytes 0 accept
iif "virbr0" oif "virbr0" counter packets 0 bytes 0 accept
iif "openshift-417" oif "openshift-417" counter packets 0 bytes 0 accept
iif "openshift-414" oif "openshift-414" counter packets 0 bytes 0 accept
iif "openshift-411" oif "openshift-411" counter packets 0 bytes 0 accept
iif "openshift-418" oif "openshift-418" counter packets 0 bytes 0 accept
}

chain guest_nat {
type nat hook postrouting priority srcnat; policy accept;
ip saddr 192.168.12.0/24 ip daddr 224.0.0.0/24 counter packets 50 bytes
3675 return
ip saddr 192.168.12.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0
return
meta l4proto tcp ip saddr 192.168.12.0/24 ip daddr != 192.168.12.0/24
counter packets 0 bytes 0 masquerade to :1024-65535
meta l4proto udp ip saddr 192.168.12.0/24 ip daddr != 192.168.12.0/24
counter packets 0 bytes 0 masquerade to :1024-65535
ip saddr 192.168.12.0/24 ip daddr != 192.168.12.0/24 counter packets 0
bytes 0 masquerade
ip saddr 192.168.19.0/24 ip daddr 224.0.0.0/24 counter packets 50 bytes
3675 return
ip saddr 192.168.19.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0
return
meta l4proto tcp ip saddr 192.168.19.0/24 ip daddr != 192.168.19.0/24
counter packets 0 bytes 0 masquerade to :1024-65535
meta l4proto udp ip saddr 192.168.19.0/24 ip daddr != 192.168.19.0/24
counter packets 0 bytes 0 masquerade to :1024-65535
ip saddr 192.168.19.0/24 ip daddr != 192.168.19.0/24 counter packets 0
bytes 0 masquerade
ip saddr 192.168.16.0/24 ip daddr 224.0.0.0/24 counter packets 50 bytes
3675 return
ip saddr 192.168.16.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0
return
meta l4proto tcp ip saddr 192.168.16.0/24 ip daddr != 192.168.16.0/24
counter packets 0 bytes 0 masquerade to :1024-65535
meta l4proto udp ip saddr 192.168.16.0/24 ip daddr != 192.168.16.0/24
counter packets 0 bytes 0 masquerade to :1024-65535
ip saddr 192.168.16.0/24 ip daddr != 192.168.16.0/24 counter packets 0
bytes 0 masquerade
ip saddr 192.168.15.0/24 ip daddr 224.0.0.0/24 counter packets 50 bytes
3675 return
ip saddr 192.168.15.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0
return
meta l4proto tcp ip saddr 192.168.15.0/24 ip daddr != 192.168.15.0/24
counter packets 0 bytes 0 masquerade to :1024-65535
meta l4proto udp ip saddr 192.168.15.0/24 ip daddr != 192.168.15.0/24
counter packets 0 bytes 0 masquerade to :1024-65535
ip saddr 192.168.15.0/24 ip daddr != 192.168.15.0/24 counter packets 0
bytes 0 masquerade
ip saddr 192.168.13.0/24 ip daddr 224.0.0.0/24 counter packets 50 bytes
3675 return
ip saddr 192.168.13.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0
return
meta l4proto tcp ip saddr 192.168.13.0/24 ip daddr != 192.168.13.0/24
counter packets 0 bytes 0 masquerade to :1024-65535
meta l4proto udp ip saddr 192.168.13.0/24 ip daddr != 192.168.13.0/24
counter packets 0 bytes 0 masquerade to :1024-65535
ip saddr 192.168.13.0/24 ip daddr != 192.168.13.0/24 counter packets 0
bytes 0 masquerade
ip saddr 192.168.122.0/24 ip daddr 224.0.0.0/24 counter packets 50 bytes
3676 return
ip saddr 192.168.122.0/24 ip daddr 255.255.255.255 counter packets 0 bytes
0 return
meta l4proto tcp ip saddr 192.168.122.0/24 ip daddr != 192.168.122.0/24
counter packets 0 bytes 0 masquerade to :1024-65535
meta l4proto udp ip saddr 192.168.122.0/24 ip daddr != 192.168.122.0/24
counter packets 0 bytes 0 masquerade to :1024-65535
ip saddr 192.168.122.0/24 ip daddr != 192.168.122.0/24 counter packets 0
bytes 0 masquerade
ip saddr 192.168.17.0/24 ip daddr 224.0.0.0/24 counter packets 50 bytes
3675 return
ip saddr 192.168.17.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0
return
meta l4proto tcp ip saddr 192.168.17.0/24 ip daddr != 192.168.17.0/24
counter packets 0 bytes 0 masquerade to :1024-65535
meta l4proto udp ip saddr 192.168.17.0/24 ip daddr != 192.168.17.0/24
counter packets 0 bytes 0 masquerade to :1024-65535
ip saddr 192.168.17.0/24 ip daddr != 192.168.17.0/24 counter packets 0
bytes 0 masquerade
ip saddr 192.168.14.0/24 ip daddr 224.0.0.0/24 counter packets 50 bytes
3675 return
ip saddr 192.168.14.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0
return
meta l4proto tcp ip saddr 192.168.14.0/24 ip daddr != 192.168.14.0/24
counter packets 0 bytes 0 masquerade to :1024-65535
meta l4proto udp ip saddr 192.168.14.0/24 ip daddr != 192.168.14.0/24
counter packets 0 bytes 0 masquerade to :1024-65535
ip saddr 192.168.14.0/24 ip daddr != 192.168.14.0/24 counter packets 0
bytes 0 masquerade
ip saddr 192.168.11.0/24 ip daddr 224.0.0.0/24 counter packets 50 bytes
3675 return
ip saddr 192.168.11.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0
return
meta l4proto tcp ip saddr 192.168.11.0/24 ip daddr != 192.168.11.0/24
counter packets 0 bytes 0 masquerade to :1024-65535
meta l4proto udp ip saddr 192.168.11.0/24 ip daddr != 192.168.11.0/24
counter packets 0 bytes 0 masquerade to :1024-65535
ip saddr 192.168.11.0/24 ip daddr != 192.168.11.0/24 counter packets 0
bytes 0 masquerade
ip saddr 192.168.18.0/24 ip daddr 224.0.0.0/24 counter packets 50 bytes
3675 return
ip saddr 192.168.18.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0
return
meta l4proto tcp ip saddr 192.168.18.0/24 ip daddr != 192.168.18.0/24
counter packets 826568 bytes 49594080 masquerade to :1024-65535
meta l4proto udp ip saddr 192.168.18.0/24 ip daddr != 192.168.18.0/24
counter packets 160312 bytes 12186128 masquerade to :1024-65535
ip saddr 192.168.18.0/24 ip daddr != 192.168.18.0/24 counter packets 0
bytes 0 masquerade
}
}
table ip6 libvirt_network {
chain forward {
type filter hook forward priority filter; policy accept;
counter packets 0 bytes 0 jump guest_cross
counter packets 0 bytes 0 jump guest_input
counter packets 0 bytes 0 jump guest_output
}

chain guest_output {
}

chain guest_input {
}

chain guest_cross {
}

chain guest_nat {
type nat hook postrouting priority srcnat; policy accept;
}
}

Re: domain not getting IP address

Reply via email to