From: "David S. Ahern" <daahern@cisco.com>
To: SuNeEl <seacore14@yahoo.com>
Cc: kvm@vger.kernel.org
Subject: Re: kvm networking part last
Date: Mon, 28 Jun 2010 17:06:38 -0600 [thread overview]
Message-ID: <4C292AFE.1040005@cisco.com> (raw)
In-Reply-To: <796407.69741.qm@web95604.mail.in.yahoo.com>
On 06/28/10 16:26, SuNeEl wrote:
> I have been trying desperately to achieve virtual networking with kvm, but =
> some how I failed each time.. rather lot of unclear tutorial using differen=
> t methods achieving common goals made me confuse like bridging, vmnet, tun,=
> etc etc routing ,iptable forward everything in a one pipe ... but before I=
> give up i just thrown this question before you guys
>
>
> Host-----------------guest1------------------guest2------------guest3
> 192.168.1.1 192.168.1.3 192.168.1.4 192.168.1.5
> eth0
>
> I wanted to use host eth0 to ssh on all guest + dont want to lose connectiv=
> ity to host as well.
>
> tell me if this is a dream in one shoot so I give up looking more positi=
> veness in virtual networking
I use both direct connect and host-only networking setups. In both cases
qemu is configured to use tap devices (-net tap).
VM's directly connected to LAN:
.------. .------. .------.
| VM 1 | | VM 2 | ... | VM N |
'------' '------' '------'
| | |
.------. .------. .------.
| tap | | tap | ... | tap |
'------' '------' '------'
| | |
'--------------------------
|
.-------.
| br0 |
'-------'
|
.-------.
| eth0 |
'-------'
| LAN
<-------------------------------------->
Host-side configuration:
/etc/sysconfig/network-scripts/ifcfg-eth0:
DEVICE=eth0
ONBOOT=yes
BRIDGE=mainbr0
/etc/sysconfig/network-scripts/ifcfg-mainbr0
DEVICE=mainbr0
ONBOOT=yes
BOOTPROTO=dhcp
In this case the VMs show up on the LAN just like any other node.
I also have the option to connect VM's to a host-only network:
.------. .------. .------.
| VM 1 | | VM 2 | ... | VM N |
'------' '------' '------'
| | |
.------. .------. .------.
| tap | | tap | ... | tap |
'------' '------' '------'
| | |
'--------------------------
|
.-------. .----------.
| br1 |<---| iptables |
'-------' '----------'
|
|
v
.-------.
| eth0 |
'-------'
LAN |
<-------------------------------------->
For br1, I chose to manually create it at boot time using an rc-script:
brctl addbr hostbr1
ifconfig hostbr1 <ip> netmask <mask> up
VM access to off-box resources is handled through iptables:
iptables -t nat -A PREROUTING -i hostbr1 -j ACCEPT
Direct access to a VM is handled by port redirection:
iptables -t nat -A PREROUTING -p tcp --dport <host-port> \
-j DNAT --to-destination <VM>:22
iptables -t nat -A PREROUTING -p tcp --dport 2022 \
-j DNAT --to-destination 169.254.1.2:22
e., ssh -p 2022 user@host is redirected to port 22 for the VM with the
IP 169.254.1.2.
Which networking setup (or both in some cases) I use for specific VM
depends on the purpose of the VM.
David
prev parent reply other threads:[~2010-06-28 23:05 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-28 22:26 kvm networking part last SuNeEl
2010-06-28 23:06 ` David S. Ahern [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C292AFE.1040005@cisco.com \
--to=daahern@cisco.com \
--cc=kvm@vger.kernel.org \
--cc=seacore14@yahoo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.