KVM Network Discovery

Discover the network configuration on KVM hypervisors to understand how VLANs are passed to VMs.

kvm-01 Summary

Hardware

Resource Value

CPU

Intel Xeon D-2146NT @ 2.30GHz

Cores

8 cores / 16 threads (1 socket)

Memory

128 GB (68 GB used, 56 GB available)

Storage

962 GB SSD (276 GB used, 638 GB free)

Uptime

20+ days

Load Average

3.49, 2.99, 2.80

Network

Category Count Notes

Physical NICs

8

eno1-4, eno5np0, eno6np1, eno8np3

Active NICs

2

eno1 (WAN), eno2 (direct MGMT)

Bridges

2

virbr0 (active), virbr1 (down)

libvirt Networks

3

default, ovs-main, virbr0

VMs

10

All on virbr0

802.1Q VLANs

0

No VLAN subinterfaces on host

Physical Interfaces

Interface Status

Interface State IP Address Purpose

lo

UNKNOWN

127.0.0.1/8

Loopback

virbr0

UP

10.50.1.99/24

libvirt bridge (all VMs)

eno1

UP

192.168.1.225/24

WAN (ISP connection)

eno2

UP

10.50.1.202/24

Direct MGMT access

eno3

DOWN

-

Unused

eno4

DOWN

-

Unused

eno5np0

DOWN

-

Unused (SFP+)

eno6np1

DOWN

-

Unused (SFP+)

eno8np3

UP

-

Bridge member (virbr0 uplink)

virbr1

DOWN

192.168.100.1/24

Lab bridge (unused)

ovs-system

DOWN

-

Open vSwitch system interface

br-main

UNKNOWN

-

OVS bridge (ovs-main network)

br-lab

UNKNOWN

-

OVS bridge (unused)

vnet Interfaces (VM TAPs)

Interface Bridge VM

vnet0

virbr0

pfSense-FW01 (NIC 1)

vnet1

virbr0

pfSense-FW01 (NIC 2)

vnet2

virbr0

vault-01

vnet4

virbr0

9800-CL-WLC (NIC 1)

vnet5

virbr0

9800-CL-WLC (NIC 2)

vnet6

virbr0

ipsk-manager

vnet9

virbr0

keycloak-01

vnet19

virbr0

home-dc01

vnet26

virbr0

ise-01

vnet39

virbr0

bind-01

vnet46

virbr0

ipa-01

vnet60

virbr0

k3s-master-01

Bridges

Bridge Summary

Bridge State MAC IP/Subnet

virbr0

UP

3a:1e:7c:ca:b9:ed

10.50.1.99/24

virbr1

DOWN

52:54:00:0c:00:93

192.168.100.1/24

Bridge Members

bridge link show
Interface Master State Notes

eno8np3

virbr0

forwarding

Physical uplink to switch

vnet0

virbr0

forwarding

pfSense-FW01

vnet1

virbr0

forwarding

pfSense-FW01 (2nd)

vnet2

virbr0

forwarding

vault-01

vnet4

virbr0

forwarding

9800-CL-WLC

vnet5

virbr0

forwarding

9800-CL-WLC (2nd)

vnet6

virbr0

forwarding

ipsk-manager

vnet9

virbr0

forwarding

keycloak-01

vnet19

virbr0

forwarding

home-dc01

vnet26

virbr0

forwarding

ise-01

vnet39

virbr0

forwarding

bind-01

vnet46

virbr0

forwarding

ipa-01

vnet60

virbr0

forwarding

k3s-master-01

VLAN Configuration

Host-Level VLANs

cat /proc/net/vlan/config 2>/dev/null || echo "No 802.1Q VLANs configured on host"

Result: No 802.1Q VLANs configured on host

VLANs are NOT tagged on the KVM host. pfSense handles all VLAN tagging/untagging. VMs receive untagged traffic on virbr0.

libvirt Networks

Network Summary

Name Mode Bridge Subnet/Notes

default

nat

virbr1

192.168.100.0/24 (DHCP 100-200)

ovs-main

bridge

br-main

OVS passthrough

virbr0

bridge

virbr0

10.50.1.0/24 (primary)

Network Details

for net in $(sudo virsh net-list --all --name); do
  echo "=== $net ==="
  sudo virsh net-dumpxml $net | awk '/<bridge|<forward|<ip address/'
done

default network (NAT - isolated lab):

<forward mode='nat'>
<bridge name='virbr1' stp='on' delay='0'/>
<ip address='192.168.100.1' netmask='255.255.255.0'>
  <dhcp>
    <range start='192.168.100.100' end='192.168.100.200'/>
  </dhcp>
</ip>

ovs-main network (OVS bridge):

<forward mode='bridge'/>
<bridge name='br-main'/>

virbr0 network (Primary infrastructure):

<forward mode='bridge'/>
<bridge name='virbr0'/>

VM Network Attachments

VM Inventory

ID Name State

1

pfSense-FW01

running

2

vault-01

running

4

9800-CL-WLC

running

5

ipsk-manager

running

8

keycloak-01

running

18

home-dc01

running

25

ise-01

running

39

bind-01

running

47

ipa-01

running

64

k3s-master-01

running

VM Interface Details

VM Interface Type Source MAC

pfSense-FW01

vnet0

bridge

virbr0

52:54:00:a2:7f:78

pfSense-FW01

vnet1

bridge

virbr0

52:54:00:3f:c1:5c

vault-01

vnet2

bridge

virbr0

52:54:00:6b:e3:01

9800-CL-WLC

vnet4

bridge

virbr0

52:54:00:35:15:33

9800-CL-WLC

vnet5

bridge

virbr0

52:54:00:a1:77:27

ipsk-manager

vnet6

bridge

virbr0

52:54:00:76:5b:f5

keycloak-01

vnet9

bridge

virbr0

52:54:00:f0:24:d7

home-dc01

vnet19

bridge

virbr0

52:54:00:69:ab:43

ise-01

vnet26

bridge

virbr0

52:54:00:6b:57:8b

bind-01

vnet39

bridge

virbr0

52:54:00:58:de:02

ipa-01

vnet46

bridge

virbr0

52:54:00:72:3d:3c

k3s-master-01

vnet60

bridge

virbr0

52:54:00:8a:c2:f6

Routing

Routing Table

Destination Gateway Interface

default

10.50.1.1

eno2

default

192.168.1.1

eno1

10.50.1.0/24

-

virbr0

10.50.1.0/24

-

eno2

192.168.1.0/24

-

eno1

192.168.100.0/24

-

virbr1

Default Gateways

Gateway Interface

10.50.1.1 (pfSense)

eno2 (primary)

192.168.1.1 (ISP)

eno1 (WAN)

System Resources

VM Resource Allocation

VM vCPUs Memory Disk Location

pfSense-FW01

4

8 GB

/mnt/onboard-ssd/vms/

vault-01

1

1 GB

/mnt/onboard-ssd/vms/

9800-CL-WLC

4

16 GB

/mnt/onboard-ssd/vms/

ipsk-manager

2

4 GB

/mnt/onboard-ssd/libvirt/images/

keycloak-01

2

4 GB

/mnt/onboard-ssd/vms/

home-dc01

2

4 GB

/mnt/onboard-ssd/vms/

ise-01

4

16 GB

/mnt/onboard-ssd/vms/

bind-01

2

2 GB

/mnt/onboard-ssd/vms/

ipa-01

2

4 GB

/mnt/onboard-ssd/vms/

k3s-master-01

4

8 GB

/mnt/onboard-ssd/libvirt/images/

TOTAL

27

67 GB

-

Storage Pools

Pool State Capacity Used Available

onboard-ssd

active

962 GB

360 GB

602 GB

images

active

14 GB

10 GB

4 GB

nas-vms

active

-

-

NFS mount

iso/isos

active

-

-

ISO storage
All production VMs on onboard-ssd pool. The images pool (14 GB) is on root - avoid using it.

Resource Commands

Purpose Command

CPU info

lscpu | awk '/CPU\(s\)|Model name|Thread|Core|^Socket/'

Memory

free -h | awk 'NR==1 || /^Mem/'

Disk usage

df -h | awk 'NR==1 || /ssd|images/'

Load average

uptime

VM resources

for vm in $(sudo virsh list --name); do sudo virsh dominfo $vm; done

Storage pools

sudo virsh pool-list --all

Pool details

sudo virsh pool-info <pool>

VM disks

sudo virsh domblklist <vm>

Live stats

sudo virsh domstats --cpu-total --balloon

Architecture Diagram

kvm-01 Network Topology

Key Findings

  1. All VMs on single bridge - virbr0 handles all infrastructure VM traffic

  2. No host-level VLANs - pfSense does VLAN tagging, VMs get untagged

  3. Physical uplink - eno8np3 bridges to virbr0 (to switch)

  4. Dual-homed VMs - pfSense and 9800-CL-WLC have 2 NICs each

  5. Dual default routes - Both ISP (eno1) and pfSense (eno2)

  6. OVS present but unused - br-main/br-lab exist but no VMs attached

  7. vault-01 - Running PKI and SSH CA

Discovery Commands Reference

Purpose Command

List interfaces

ip -o link show | awk '{print $2}' | tr -d ':'

IP addresses

ip -4 -o addr show | awk '{print $2, $4}'

Interface + state

ip -o link show | awk '{print $2, $9}' | tr -d ':'

Bridges

ip link show type bridge

Bridge members

bridge link show

VLAN subinterfaces

ip -d link show | awk '/vlan protocol 802.1Q/ {print prev} {prev=$0}'

libvirt networks

sudo virsh net-list --all

Network details

sudo virsh net-dumpxml <network>

VMs

sudo virsh list --all

VM interfaces

sudo virsh domiflist <vm-name>

All VM interfaces

for vm in $(sudo virsh list --all --name); do echo "=== $vm ==="; sudo virsh domiflist $vm; done

Routing table

ip route show

Full Discovery One-Liner

echo "=== INTERFACES ===" && ip -o link show | awk '{print $2}' | tr -d ':' && \
echo -e "\n=== IP ADDRESSES ===" && ip -4 -o addr show | awk '{print $2, $4}' && \
echo -e "\n=== BRIDGES ===" && ip link show type bridge 2>/dev/null | awk '/^[0-9]/ {print $2}' | tr -d ':' && \
echo -e "\n=== LIBVIRT NETWORKS ===" && sudo virsh net-list --all && \
echo -e "\n=== VMS ===" && sudo virsh list --all

Next Steps

  1. [ ] Plan VLAN 50/60 addition for k3s pod isolation

  2. [ ] Create KVM VLAN Configuration runbook

  3. [ ] Document pfSense VLAN trunking to kvm-01

  4. [x] VM renamed to vault-01 (completed 2026-03)