From KVM
Revision as of 13:18, 4 February 2009 by WikiSysop (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
  1. pragma section-numbers 2

Setting guest network

Guest (VM) networking in kvm is the same as in qemu, so it is possible to refer to other documentations about networking for qemu. This page will try to explain how to configure the most frequent types of network needed.

User Networking

Use case:

  • You want a simple way for your virtual machine to access to the host, to the internet or to resources available on your local network.
  • You don't need to access your guest from the network or from another guest.
  • You are ready to take a huge performance hit.
  • Warning: User networking does not support a number of networking features like ICMP. Certain applications (like ping) may not function properly.

Prerequisites:

  • You need kvm up and running
  • If you don't want to run as root, the user you want to use needs to have rw access to /dev/kvm
  • If you want to be able to access the internet or a local network, your host system must be able to access the internet or the local network

Solution:

  • simply run your guest with "-net nic -net user", e-g:
qemu-system-x86_64 -hda /path/to/hda.img -net nic -net user


Notes:

  • The IP address can be automatically assigned to the guest thanks to the DHCP service integrated in QEMU
  • If you run multiple guests on the host, you don't need to specify a different MAC address for each guest
  • You can still access one specific port on the guest using the "-redir" option

private virtual bridge

Use case:

  • You want to set up a private network between 2 or more virtual machines. This network won't be seen from the other virtual machines nor from the real network.

Prerequisites:

  • You need kvm up and running
  • If you don't want to run as root, the user you want to use needs to have rw access to /dev/kvm
  • You need the following commands installed on your system, and if you don't want to run as root, the user you want to use needs to be able to sudo the following command:
/sbin/ip
/usr/sbin/brctl
/usr/sbin/tunctl


Solution:

  • You need to create a bridge, e-g:
sudo /usr/sbin/brctl addbr br0
  • You need a qemu-ifup script containing the following:
#!/bin/sh
set -x

switch=br0

if [ -n "$1" ];then
        /usr/bin/sudo /usr/sbin/tunctl -u `whoami` -t $1
        /usr/bin/sudo /sbin/ip link set $1 up
        sleep 0.5s
        /usr/bin/sudo /usr/sbin/brctl addif $switch $1
        exit 0
else
        echo "Error: no interface specified"
        exit 1
fi
  • Generate a MAC address, either manually or using:
#!/bin/sh
# generate a random mac address for the qemu nic
# shell script borrowed from user pheldens @ qemu forum
echo $(echo -n DE:AD:BE:EF ; for i in `seq 1 2` ;
do echo -n `echo ":$RANDOM$RANDOM" | cut -n -c -3` ;done)
  • Run each guest with the following, replacing $macaddress with the value from the previous step
qemu-system-x86_64 -hda /path/to/hda.img -net nic,macaddr=$macaddress -net tap


Notes:

  • If you don't want to run as root, the qemu-ifup must be executable by the user you want to use
  • You can either create a system-wide qemu-ifup in /etc/qemu-ifup or use another one. In the latter case, run
qemu-system-x86_64 -hda /path/to/hda.img -net nic,macaddr=$macaddress -net tap,script=/path/to/qemu-ifup
  • Each guest on the private virtual network must have a different MAC address

public bridge

WARNING: The here shown method, will not work with most(all?) wireless drivers, as these do not support bridging.

Use case:

  • You want to assign an IP address to your virtual machines and make them accessible from your local network
  • You also want performance out of your virtual machine.

Prerequisites:

  • You need kvm up and running
  • If you don't want to run as root, the user you want to use needs to have rw access to /dev/kvm
  • You need the following commands installed on your system, and if you don't want to run as root, the user you want to use needs to be able to sudo the following command:
/sbin/ip
/usr/sbin/brctl
/usr/sbin/tunctl
* Your host system must be able to access the internet or the local network

Solution 1: using distro sysconfig script

  • Edit /etc/sysconfig/network-scripts/ifcfg-eth0
    • comment out BOOTPROTO
    • Add BRIDGE=switch
  • Create /etc/sysconfig/network-scripts/ifcfg-br0
    • The content should be:
DEVICE=switch
BOOTPROTO=dhcp
ONBOOT=yes
TYPE=Bridge
  • /etc/init.d/network restart
  • The bridge br0 should get the ip address (either static/dhcp) while the physical eth0 is left without ip address.

Solution 2: manual

  • You need to create a bridge, e-g:
sudo /usr/sbin/brctl addbr br0
  • Add one of your physical interface to the bridge, e-g for eth0:
sudo /usr/sbin/brctl  addif br0 eth0
  • You need a qemu-ifup script containing the following:
#!/bin/sh
set -x

switch=br0

if [ -n "$1" ];then
        /usr/bin/sudo /usr/sbin/tunctl -u `whoami` -t $1
        /usr/bin/sudo /sbin/ip link set $1 up
        sleep 0.5s
        /usr/bin/sudo /usr/sbin/brctl addif $switch $1
        exit 0
else
        echo "Error: no interface specified"
        exit 1
fi
  • Generate a MAC address, either manually or using:
#!/bin/sh
# generate a random mac address for the qemu nic
# shell script borrowed from user pheldens @ qemu forum
echo $(echo -n DE:AD:BE:EF ; for i in `seq 1 2` ;
do echo -n `echo ":$RANDOM$RANDOM" | cut -n -c -3` ;done)
  • Run each guest with the following, replacing $macaddress with the value from the previous step
qemu-system-x86_64 -hda /path/to/hda.img -net nic,macaddr=$macaddress -net tap

Notes:

  • If you don't want to run as root, the qemu-ifup must be executable by the user you want to use
  • You can either create a system-wide qemu-ifup in /etc/qemu-ifup or use another one. In the latter case, run
qemu-system-x86_64 -hda /path/to/hda.img -net nic,macaddr=$macaddress -net tap,script=/path/to/qemu-ifup
  • Each guest on the network must have a different MAC address


iptables

you can also connect your guest vm to a tap in your host. then setting iptables rules in your host to become a router + firewall for your vm.

vde

another option is using vde (virtual distributed ethernet).