wiki:experiences:igraltist:kvm-network
=>  Releases

Current version
Git/Latestdiff: 1.5.6

Latest Snapshots
Produced after each commit or rebase to new upstream version

GIT
RSBAC source code, can be unstable sometimes

=>  Events

No events planned

This is an old revision of the document!


Back to igraltist's experiences / KVM

Network

What you need

Here are listed some points, which maybe helpfull to use the kvm-qemu network.

In most cases the user running a host machine thats already connected to internet or he wish to do that.

From this stage this points are appears:

  1. create a bridge for guest network
  2. connect guest to the bridge when is booting
  3. route bridge on host machine to the internet network interface

1. Create Bridge

Why you need a bridge to get a simple network working?
Read this short description about bridge.

Now is time to create a bridge on you host machine. To keep it simple i use name which you will found on others descriptions too.

Bridge name is 'br0'.

As root user type on your terminal.

brctl addbr br0

Thats all.

2. Connet guest to bridge

Start parameters on cmdline which have to use.

Your network setup for your guest can similar look like:

-net nic,vlan=0,macaddr=00:CC:AA:AA:00:00,model=virtio -net tap,vlan=0,ifname=rsbac,script=/etc/kvm/scripts/kvm-ifup

Info: The order of the '-net' section are free and can choose like you want.

The first '-net' switch with 'nic' in front the 'macaddr' and then network adapter with 'model'.
The 'macaddr' and 'model' are optiontal. If nothing set your guest get a mac address on boottime and it would use the default realtek network adapter 'rtl8130'. This driver need your guest or 'virtio' in the example above.

The second '-net' switch with 'tap' in front does now connect your guest on the bevor created bridge. The argument 'ifname' is optional and set a name which show on:

brctl show

If is not set then is use name like 'tap0'.
In the example above the argument 'script' contain the filename, which connet the 'tap' device to the befor created 'br0'.

The content of the script '/etc/kvm/scripts/kvm-ifup'

#!/bin/sh
ifconfig="/sbin/ifconfig"
brctl="/sbin/brctl"
bridge="br0"
 
echo "Executing /etc/kvm/scripts/kvm-ifup"
echo "Bringing up ${1} for bridged mode..."
sudo ${ifconfig} ${1} 0.0.0.0 promisc up
echo "Adding ${1} to bridge ${bridge} ..."
sudo ${brctl} addif ${bridge} ${1}
 
# wait a moment
sleep 1

You can see this is a shell script.
The '${1}' is the argument in the 'ifname'.
In the example above it would replace with 'rsbac' otherwise if is was not set 'tap0'.
Then its use sudo because my guest starts with unprivileged user 'kvm' which have in normal case no rights to do adminstrative tasks.
This line 'sudo ${brctl} addif ${bridge} ${1}' add the new create 'tap' device to the bridge.

3. Route Bride

Now the network part on host machine have to do. If guest are up and running, than you can control if the guest network 'tap' device is connected to bridge.

brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.4ecd48a798ca	no		rsbac

If the command show something, then also the 'ifconfig' show the new create network adapter

ifconfig rsbac
rsbac    Link encap:Ethernet  HWaddr 4e:cd:48:a7:98:ca  
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:1725192 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2238846 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:429992873 (410.0 MiB)  TX bytes:2193857946 (2.0 GiB)

A few line more and than the guest is conneted.
As root user the following commands have to insert in your terminal.

  1. echo 1 > /proc/sys/net/ipv4/ip_forward
  2. ifconfig br0 192.168.100.1 netmask 255.255.255.0 up
  3. iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

The first point enabled the paket forwarding for ipv4 protocol.
The second point set an ip address. This ip address have to using in the guest as default gateway.
Assuming this ip address is different from your host machine. Your host machine maybe have ip address '192.168.1.2' and his default gateway ip address is '192.168.1.1' and connected to interface 'eth0.
And the last point do a network address translation assuming your default network adapter is 'eth0'.

Guest Network

On your guest set the ip address to the bridge network.
For example:

ifconfig eth0 192.168.100.2 netmask 255.255.255.0 up

and add a default gateway.

route add default gw 192.168.100.1

The last is to set a nameserver.
Open your editor on your terminal and add if your host machine nameserver as the same in your host machine.
When the host machine has nameserver '192.168.1.1' add this to '/etc/resolv.conf' in your guest too.

nameserver 192.168.1.1

Now you can try to ping for expamle:

ping rsbac.org

If your get a response than all basic setup is done.
Now your have to put all in some script for automatic configuration.
And see how your distribution setup bridges and network interface in general way.

Advance Setup

My setup include two bridges. One for the local guests and one for a dmz. The dmz-bridge i have add in the system-configuration to build on startup. For local-bridge i use a script, and this do rename the local networkdevice eth1 → reth1 and create a bridge with name eth1 and add the interface reth1 to bridge eth1.

  • add to the file '/etc/conf.d/net' this lines (for dmz(bridge))
config_dmz=( "10.0.0.1 netmask 255.255.255.0 broadcast 10.0.0.255" )
brctl_dmz=( "setfd 0" "sethello 0" "stp off" )

Change the IP to your ip-address. Than the kvm-guests in the dmz have in this example a ip in this range: 10.0.0.(1-254)
Then i have a small script, this idea i find on a website but i dont rember from where, so thanks to unkown :).
All kvm stuff i have placed in the directory /etc/kvm.
So the next script for create the local-connectet bridge i have in '/etc/kvm/scirpts/bridge_starter'.
For do this on bootup:

  • add this line in '/etc/conf.d/local.start'
/etc/kvm/scripts/bridge_starter

This is the script bridge_starter.

#!/bin/bash
### bridge_starter
ip=$(which ip)
ifconfig=$(which ifconfig)
brctl=$(which brctl)
 
dev=eth1
dev_old=reth1
ip_dev='ip_address_from_the_local_net_device'  # eg.192.168.0.1
 
$ip addr flush $dev
$ip link set $dev down
$ip link set $dev name $dev_old 
$ip link set $dev_old up
$brctl addbr $dev
$brctl addif $dev $dev_old
$ip link set $dev up
$ifconfig $dev $ip_dev up


For firewall i use the shorewall and i have do a nat for both bridges.

//
wiki/experiences/igraltist/kvm-network.1289400171.txt.gz · Last modified: 2010/11/10 15:42 by 127.0.0.1

wiki/experiences/igraltist/kvm-network.1289400171.txt.gz · Last modified: 2010/11/10 15:42 by 127.0.0.1
This website is kindly hosted by m-privacy