Article Table of Contents
KVM Networking
A virtual machine typically needs to be connected to a network to be useful. Because a virtual machine runs as an application inside the host computer, connecting it to the outside world needs support from the host operating system. There are a number of options for networking a virtual machine, both on the Link Layer and the Network layer. This page provides an introduction to the common networking configurations used by KVM.
Two common setups are "virtual network" or "shared physical device".
NAT forwarding (aka "virtual networks")
Standard deployment of on ODA provides NAT based connectivity to virtual machines out of the box. This is the 'default virtual network'. You verify that NAT is available by issuing the following command:
# virsh net-list --all
Name State Autostart Persistent
--------------------------------------------------
default active yes yes |
With the libvirt default network active, this will provide an isolated bridge device (virbr0):
# brctl show
bridge name bridge id STP enabled interfaces
virbr0 8000.525400cd635d yes virbr0-nic |
The default virtual network configuration can be displayed issuing the following command:
# virsh net-info default
Name default
UUID ed67f5c0-65f8-45b8-9bd3-f613b1789e48
Active: yes
Persistent: yes
Autostart: yes
Bridge: virbr0 |
and
# virsh net-dumpxml default
<network>
<name>default</name>
<uuid>ed67f5c0-65f8-45b8-9bd3-f613b1789e48</uuid>
<forward mode='nat'/>
<bridge name='virbr0' stp='on' delay='0' />
<mac address='52:54:00:CD:63:5D'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254' />
</dhcp>
</ip>
</network> |
Create a new NAT network (using the command line)
To define a new NAT bridge, complete the following steps.
1. Create a new libvirt network configuration like the following:
# cat ~/new-kvm-net.xml
<network>
<name>nat_01</name>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr%d' stp='on' delay='0'/>
<ip address='192.168.150.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.150.2' end='192.168.150.254'/>
</dhcp>
</ip>
</network> |
Note: bridge name='virbr%d' will use the first bridge name available (vribr1, virbbr2, ...)
2. Add the new network definition XML file to libvirt:
| # virsh net-define ~/new-kvm-net.xml |
3. To set the new network to automatically startup each time ODA
host is rebooted, do this:
| # virsh net-autostart <net name from xml> |
4. Start the new network
| # virsh net-start <net name from xml> |
Create a new NAT network (using the virt-manager GUI)
It's possible create a new libvirt network configuration using "virt-manager"
1. Click on QEMU/KVM "Details", Virtual Network
2. Add a new entry '+'
set your preferences:
Note: You can not edit the above configuration using thr GUI, you need to recreate the virtual network.
Applying modifications to the network
The most common scenario for this is adding new static MAC+IP mappings for the network's DHCP server. If you edit the network with "virsh net-edit", any changes you make won't take effect until the network is re-started, which unfortunately will cause a all guests to lose network connectivity with the host until their network interfaces are explicitly re-attached. It's possible to edit the network definition above and apply the changes on the fly using "virsh net-update" instead.
virsh net-update
Several changes to the network configuration can be done with "virsh net-update" command, which can be used to enact the changes immediately. In the following example, we want to add a new DHCP static rule to the "default" network mapping MAC address "52:54:00:b2:19:fb" to IP address 192.168.122.50 and hostname "ol68":
# virsh net-update default add ip-dhcp-host \
"<host mac='52:54:00:b2:19:fb' \
name='ol68' ip='192.168.122.50' />" \
--live --config |
After the above command the new "default" network configuration will be as following:
# virsh net-dumpxml default
<network>
<name>default</name>
<uuid>ed67f5c0-65f8-45b8-9bd3-f613b1789e48</uuid>
<forward mode='nat'/>
<bridge name='virbr0' stp='on' delay='0' />
<mac address='52:54:00:CD:63:5D'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254' />
<host mac='52:54:00:b2:19:fb' name='ol68' ip='192.168.122.50' />
</dhcp>
</ip>
</network> |
The config entries in a network that can be changed with virsh net-update are:
ip-dhcp-host
ip-dhcp-range (add/delete only, no modify)
forward-interface (add/delete only)
portgroup
dns-host
dns-txt
dns-sr
|
Guest Configuration
A guest can be connected to the virtual network based on the network name. Example to connect a guest to the "default" virtual network, you need to edit the configuration file for such guest:
| # virsh edit <guest VM name> |
Add the following XML to the configuration file:
<interface type='network'>
<source network='default'/>
<mac address='52:54:00:b2:19:fb'/>
</interface>
|
Note: the MAC address is optional and will be automatically generated if omitted.
Host Configuration
Libvirt will add iptables rules to allow traffic to/from guests attached to the virbr0 device, but by default, on Oracle Database Appliance "net.ipv4.ip_forward" is set to "0". With such setting the guests that are connected via a virtual network with <forward mode='nat'/> can make outgoing network connection only to the ODA host (in this example "192.168.122.1") and from/to other guests connected to the same libvirt network. If you need your guest able to go outside you need to change "net.ipv4.ip_forward" to "1" in the "/etc/sysctl.conf" file. To enable the changes you will need to run the command:
# sysctl -p /etc/sysctl.conf
|
Bridged networking (aka "shared physical device")
The NAT based connectivity is useful for quick & easy deployments, or on machines with dynamic/sporadic networking connectivity. More advanced users will want to use full bridging (also known as physical device sharing), where the guest is connected directly to the LAN.
Command line steps
1. Create a Bridge
Execute the following command:
2. Edit "/etc/sysconfig/network-scripts/ifcfg-pubbr0" adding the ODA host public IP (based on the public ODA interface you want to use btbond1, btbond2, sfpbond1), in example:
# cat ifcfg-pubbr0
DEVICE=pubbr0
TYPE=Bridge
BOOTPROTO=static
ONBOOT=yes
IPADDR=10.214.105.34
NETMASK=255.255.248.0
GATEWAY=10.214.104.1
DELAY=0
|
3. Edit /etc/sysconfig/network-scripts/ifcfg-btbond1 removing the public IP (added to the pubbr0 conf file) and setting the bridge to "pubbr0", in example:
# cat ifcfg-btbond1
DEVICE=btbond1
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
BONDING_OPTS="mode=active-backup miimon=100 primary=em1"
TYPE=BOND
BRIDGE=pubbr0
IPV6INIT=no
|
4. Edit /etc/sysconfig/network, changing the "GATEWAYDEV" to your bridge
# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=rwsodal001
NOZEROCONF=yes
GATEWAYDEV=pubbr0
GATEWAY=10.214.104.1 |
5. Restart the network
6. Attach the new NIC device to the guest
|
virsh attach-interface --domain <guest name> --type bridge --source pubbr0 --model virtio --config --live
|
GUI steps
The same setup can be done using the virt-manager GUI
1. Click on QEMU/KVM "Details", Virtual Network
2. Add a new bridge '+'
Manually edit /etc/sysconfig/network, changing the "GATEWAYDEV" to your bridge
Virtualized bridged networking with MacVTap
Another alternative to using a bridge to enable a KVM guest to communicate externally is to use the Linux MacVTap driver. Macvtap is essentially a combination of the MacVLAN driver and a Tap device. Each virtual NIC has its own MAC address different from the physical interface's MAC address. Frames from or to the virtual interface are mapped to the physical interface called lower interface. MacVLAN allows you to have multiple Ethernet MAC addresses on one NIC. If you enable bridge mode, all virtual NICs attached to the same host can see each other.
Note: The guests can talk to each other. But the host cannot talk with the guests.
A MacVTap interface to be used within KVM can be created as following making a resource xml file (macvtap0-def.xml):
<network>
<name>macvtap0</name>
<forward mode="bridge">
<interface dev="btbond1"/>
</forward>
</network>
|
Then you can set it up issuing:
virsh net-define macvtap0-def.xml
virsh net-autostart macvtap0
virsh net-start macvtap0
|
Attach the new NIC device to the guest
|
virsh attach-interface --domain <guest name> --type network --source macvtap0 --model virtio --config --live
|
The same cna be achievable using the virt-manager GUI on defining the network for the Guest VM:
