networking setup problem

networking setup problem

[paolo pedaletti]

Hi,
I hope this is the right ml to submit my problem.

Abstract: I can't setup 2 different network inside my VMs, one public 
and one private.

Scheme:

       eth0 ---------
  ---------| proxy |---eth1
  |        ---------  |
H|                   |
O|   eth0 ---------  |
S|--------| web   |--|eth1
T|        ---------  |
  |                   |
  |   eth0 ---------  |
  |--------| db    |---eth1
           ---------


this is a "classic" LAMP, sparse on 3 VM

1) front end, proxy (apache2 in reverse with mod-security)
2) application server, web (apache2 + php5)
3) database (mysql5)

(it's a test/backup environment)

each VM must have 2 network card:
eth0 on the local network, in bridge with the host physical eth0
eth1 on the virtual private network, for internal communications between 
them

saying that, ... it doesn't work :-(
(linux ubuntu 8.04 2.6.24-19-generic, kvm-62)

these are the command lines:

kvm -name PROXY
-net nic,vlan=0,macaddr=00:18:BE:EF:17:2A,model=rtl8139
	-net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
-net nic,vlan=1,macaddr=00:18:BE:EF:17:2B,model=rtl8139
	-net user,vlan=1,ifname=dmz0,script=./qemu-ifup.sh
-drive index=0,media=disk,if=scsi,file=./ubuntu-server.PROXY.root,boot=on
-drive index=1,media=disk,if=scsi,file=./ubuntu-server.PROXY.home
-drive index=2,media=disk,if=scsi,file=./ubuntu-server.PROXY.swap

kvm -name WEBAPP
-net nic,vlan=0,macaddr=00:18:BE:EF:17:1A,model=rtl8139
	-net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
-net nic,vlan=1,macaddr=00:18:BE:EF:17:1B,model=rtl8139
	-net user,vlan=1,ifname=dmz0,script=./qemu-ifup.sh
-drive index=0,media=disk,if=scsi,file=./ubuntu-server.WEB.root,boot=on
-drive index=1,media=disk,if=scsi,file=./ubuntu-server.WEB.home
-drive index=2,media=disk,if=scsi,file=./ubuntu-server.WEB.swap

kvm -name DB
-net nic,vlan=0,macaddr=00:18:BE:EF:17:0A,model=rtl8139
	-net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
-net nic,vlan=1,macaddr=00:18:BE:EF:17:0B,model=rtl8139
	-net user,vlan=1,ifname=dmz0,script=./qemu-ifup.sh
-drive index=0,media=disk,if=scsi,file=./ubuntu-server.DB.root,boot=on
-drive index=1,media=disk,if=scsi,file=./ubuntu-server.DB.home
-drive index=2,media=disk,if=scsi,file=./ubuntu-server.DB.swap


$ cat /etc/qemu-ifup
-----------------8<-----------------8<----------------8<--------------
#!/bin/sh
set -x

echo "Executing $0"

case $1 in
	tap*)	echo "tun network"
  	BRIDGE=br0
	if [ -z "$(ifconfig $BRIDGE)" ] ; then
		/usr/sbin/brctl addbr $BRIDGE
		dhclient $BRIDGE
	fi
	/usr/sbin/tunctl -u `whoami` -t $1
	echo "Bringing up $1 for bridged mode..."
	/sbin/ifconfig $1 0.0.0.0 promisc up
	/sbin/ip link set $1 up
	sleep 0.5s
	echo "Adding $1 to br0..."
	/usr/sbin/brctl addif $BRIDGE $1
	;;

	dmz*)	echo "dmz network"
  	BRIDGE=br1
	if [ -z "$(ifconfig $BRIDGE)" ] ; then
		/usr/sbin/brctl addbr $BRIDGE
		dhclient $BRIDGE
	fi
	/usr/sbin/tunctl -u `whoami` -t $1
	echo "Bringing up $1 for bridged mode..."
	/sbin/ifconfig $1 0.0.0.0 promisc up
	/sbin/ip link set $1 up
	sleep 0.5s
	echo "Adding $1 to $BRIDGE..."
	/usr/sbin/brctl addif $BRIDGE $1
	;;

	*)   echo "Error: no interface specified or interface '$1' invalid"
         exit 1
esac
-----------------8<-----------------8<----------------8<--------------



eth0 works for all the VM, eth1 doesn't.

constrain: no dhcp, all static ip

any suggestion?

thank you in advance.

-- 
Paolo Pedaletti

Re: networking setup problem

[Uri Lublin]

paolo pedaletti wrote:
> Hi,
> I hope this is the right ml to submit my problem.
> 
> Abstract: I can't setup 2 different network inside my VMs, one public 
> and one private.
> 
> Scheme:
> 
>       eth0 ---------
>  ---------| proxy |---eth1
>  |        ---------  |
> H|                   |
> O|   eth0 ---------  |
> S|--------| web   |--|eth1
> T|        ---------  |
>  |                   |
>  |   eth0 ---------  |
>  |--------| db    |---eth1
>           ---------
> 
> 
> this is a "classic" LAMP, sparse on 3 VM
> 
> 1) front end, proxy (apache2 in reverse with mod-security)
> 2) application server, web (apache2 + php5)
> 3) database (mysql5)
> 
> (it's a test/backup environment)
> 
> each VM must have 2 network card:
> eth0 on the local network, in bridge with the host physical eth0
> eth1 on the virtual private network, for internal communications between 
> them
> 
> saying that, ... it doesn't work :-(
> (linux ubuntu 8.04 2.6.24-19-generic, kvm-62)
> 
> these are the command lines:
> 
> kvm -name PROXY
> -net nic,vlan=0,macaddr=00:18:BE:EF:17:2A,model=rtl8139
>     -net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
> -net nic,vlan=1,macaddr=00:18:BE:EF:17:2B,model=rtl8139
>     -net user,vlan=1,ifname=dmz0,script=./qemu-ifup.sh
> -drive index=0,media=disk,if=scsi,file=./ubuntu-server.PROXY.root,boot=on
> -drive index=1,media=disk,if=scsi,file=./ubuntu-server.PROXY.home
> -drive index=2,media=disk,if=scsi,file=./ubuntu-server.PROXY.swap
> 
> kvm -name WEBAPP
> -net nic,vlan=0,macaddr=00:18:BE:EF:17:1A,model=rtl8139
>     -net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
> -net nic,vlan=1,macaddr=00:18:BE:EF:17:1B,model=rtl8139
>     -net user,vlan=1,ifname=dmz0,script=./qemu-ifup.sh
> -drive index=0,media=disk,if=scsi,file=./ubuntu-server.WEB.root,boot=on
> -drive index=1,media=disk,if=scsi,file=./ubuntu-server.WEB.home
> -drive index=2,media=disk,if=scsi,file=./ubuntu-server.WEB.swap
> 
> kvm -name DB
> -net nic,vlan=0,macaddr=00:18:BE:EF:17:0A,model=rtl8139
>     -net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
> -net nic,vlan=1,macaddr=00:18:BE:EF:17:0B,model=rtl8139
>     -net user,vlan=1,ifname=dmz0,script=./qemu-ifup.sh
> -drive index=0,media=disk,if=scsi,file=./ubuntu-server.DB.root,boot=on
> -drive index=1,media=disk,if=scsi,file=./ubuntu-server.DB.home
> -drive index=2,media=disk,if=scsi,file=./ubuntu-server.DB.swap
> 

Does using a different ifname help ?
PROXY:  ifname=tap2 and dmz2
WEBAPP: ifname=tap1 and dmz1
DB:     ifname=tap0 and dmz0

Also check route on guests.

Re: networking setup problem

[David Mair]

paolo pedaletti wrote:
> Hi,
> I hope this is the right ml to submit my problem.
> 
> Abstract: I can't setup 2 different network inside my VMs, one public 
> and one private.
> 
> Scheme:
> 
>       eth0 ---------
>  ---------| proxy |---eth1
>  |        ---------  |
> H|                   |
> O|   eth0 ---------  |
> S|--------| web   |--|eth1
> T|        ---------  |
>  |                   |
>  |   eth0 ---------  |
>  |--------| db    |---eth1
>           ---------
> 
> 
> this is a "classic" LAMP, sparse on 3 VM
> 
> 1) front end, proxy (apache2 in reverse with mod-security)
> 2) application server, web (apache2 + php5)
> 3) database (mysql5)
> 
> (it's a test/backup environment)
> 
> each VM must have 2 network card:
> eth0 on the local network, in bridge with the host physical eth0
> eth1 on the virtual private network, for internal communications between 
> them
> 
> saying that, ... it doesn't work :-(
> (linux ubuntu 8.04 2.6.24-19-generic, kvm-62)
> 
> these are the command lines:
> 
> kvm -name PROXY
> -net nic,vlan=0,macaddr=00:18:BE:EF:17:2A,model=rtl8139
>     -net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
> -net nic,vlan=1,macaddr=00:18:BE:EF:17:2B,model=rtl8139
>     -net user,vlan=1,ifname=dmz0,script=./qemu-ifup.sh
> -drive index=0,media=disk,if=scsi,file=./ubuntu-server.PROXY.root,boot=on
> -drive index=1,media=disk,if=scsi,file=./ubuntu-server.PROXY.home
> -drive index=2,media=disk,if=scsi,file=./ubuntu-server.PROXY.swap
> 
> kvm -name WEBAPP
> -net nic,vlan=0,macaddr=00:18:BE:EF:17:1A,model=rtl8139
>     -net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
> -net nic,vlan=1,macaddr=00:18:BE:EF:17:1B,model=rtl8139
>     -net user,vlan=1,ifname=dmz0,script=./qemu-ifup.sh
> -drive index=0,media=disk,if=scsi,file=./ubuntu-server.WEB.root,boot=on
> -drive index=1,media=disk,if=scsi,file=./ubuntu-server.WEB.home
> -drive index=2,media=disk,if=scsi,file=./ubuntu-server.WEB.swap
> 
> kvm -name DB
> -net nic,vlan=0,macaddr=00:18:BE:EF:17:0A,model=rtl8139
>     -net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
> -net nic,vlan=1,macaddr=00:18:BE:EF:17:0B,model=rtl8139
>     -net user,vlan=1,ifname=dmz0,script=./qemu-ifup.sh
> -drive index=0,media=disk,if=scsi,file=./ubuntu-server.DB.root,boot=on
> -drive index=1,media=disk,if=scsi,file=./ubuntu-server.DB.home
> -drive index=2,media=disk,if=scsi,file=./ubuntu-server.DB.swap
> 
> 
> $ cat /etc/qemu-ifup
> -----------------8<-----------------8<----------------8<--------------
> #!/bin/sh
> set -x
> 
> echo "Executing $0"
> 
> case $1 in
>     tap*)    echo "tun network"
>      BRIDGE=br0
>     if [ -z "$(ifconfig $BRIDGE)" ] ; then
>         /usr/sbin/brctl addbr $BRIDGE
>         dhclient $BRIDGE
>     fi
>     /usr/sbin/tunctl -u `whoami` -t $1
>     echo "Bringing up $1 for bridged mode..."
>     /sbin/ifconfig $1 0.0.0.0 promisc up
>     /sbin/ip link set $1 up
>     sleep 0.5s
>     echo "Adding $1 to br0..."
>     /usr/sbin/brctl addif $BRIDGE $1
>     ;;
> 
>     dmz*)    echo "dmz network"
>      BRIDGE=br1
>     if [ -z "$(ifconfig $BRIDGE)" ] ; then
>         /usr/sbin/brctl addbr $BRIDGE
>         dhclient $BRIDGE
>     fi
>     /usr/sbin/tunctl -u `whoami` -t $1
>     echo "Bringing up $1 for bridged mode..."
>     /sbin/ifconfig $1 0.0.0.0 promisc up
>     /sbin/ip link set $1 up
>     sleep 0.5s
>     echo "Adding $1 to $BRIDGE..."
>     /usr/sbin/brctl addif $BRIDGE $1
>     ;;
> 
>     *)   echo "Error: no interface specified or interface '$1' invalid"
>         exit 1
> esac
> -----------------8<-----------------8<----------------8<--------------
> 
> 
> 
> eth0 works for all the VM, eth1 doesn't.
> 
> constrain: no dhcp, all static ip
> 
> any suggestion?


AFAIK, -net user does not need an ifname or script argument - there's no host 
interface for the user mode stack. Try these:

kvm -name PROXY
-net nic,vlan=0,macaddr=00:18:BE:EF:17:2A,model=rtl8139
     -net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
-net nic,vlan=1,macaddr=00:18:BE:EF:17:2B,model=rtl8139
     -net user,vlan=1
-drive index=0,media=disk,if=scsi,file=./ubuntu-server.PROXY.root,boot=on
-drive index=1,media=disk,if=scsi,file=./ubuntu-server.PROXY.home
-drive index=2,media=disk,if=scsi,file=./ubuntu-server.PROXY.swap

kvm -name WEBAPP
-net nic,vlan=0,macaddr=00:18:BE:EF:17:1A,model=rtl8139
     -net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
-net nic,vlan=1,macaddr=00:18:BE:EF:17:1B,model=rtl8139
     -net user,vlan=1
-drive index=0,media=disk,if=scsi,file=./ubuntu-server.WEB.root,boot=on
-drive index=1,media=disk,if=scsi,file=./ubuntu-server.WEB.home
-drive index=2,media=disk,if=scsi,file=./ubuntu-server.WEB.swap

kvm -name DB
-net nic,vlan=0,macaddr=00:18:BE:EF:17:0A,model=rtl8139
     -net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
-net nic,vlan=1,macaddr=00:18:BE:EF:17:0B,model=rtl8139
     -net user,vlan=1
-drive index=0,media=disk,if=scsi,file=./ubuntu-server.DB.root,boot=on
-drive index=1,media=disk,if=scsi,file=./ubuntu-server.DB.home
-drive index=2,media=disk,if=scsi,file=./ubuntu-server.DB.swap

-- 
David.

Re: networking setup problem

[Paolo Pedaletti]

Ciao David,
thank you for the answer, but...

> AFAIK, -net user does not need an ifname or script argument -
> there's no host interface for the user mode stack. Try these:
>
> kvm -name PROXY
> -net nic,vlan=0,macaddr=00:18:BE:EF:17:2A,model=rtl8139
>     -net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
> -net nic,vlan=1,macaddr=00:18:BE:EF:17:2B,model=rtl8139
>     -net user,vlan=1
> -drive
> index=0,media=disk,if=scsi,file=./ubuntu-server.PROXY.root,boot=on
> -drive index=1,media=disk,if=scsi,file=./ubuntu-server.PROXY.home
> -drive index=2,media=disk,if=scsi,file=./ubuntu-server.PROXY.swap
>
> kvm -name WEBAPP
> -net nic,vlan=0,macaddr=00:18:BE:EF:17:1A,model=rtl8139
>     -net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
> -net nic,vlan=1,macaddr=00:18:BE:EF:17:1B,model=rtl8139
>     -net user,vlan=1
> -drive
> index=0,media=disk,if=scsi,file=./ubuntu-server.WEB.root,boot=on
> -drive index=1,media=disk,if=scsi,file=./ubuntu-server.WEB.home
> -drive index=2,media=disk,if=scsi,file=./ubuntu-server.WEB.swap
>
> kvm -name DB
> -net nic,vlan=0,macaddr=00:18:BE:EF:17:0A,model=rtl8139
>     -net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
> -net nic,vlan=1,macaddr=00:18:BE:EF:17:0B,model=rtl8139
>     -net user,vlan=1
> -drive index=0,media=disk,if=scsi,file=./ubuntu-server.DB.root,boot=on
> -drive index=1,media=disk,if=scsi,file=./ubuntu-server.DB.home
> -drive index=2,media=disk,if=scsi,file=./ubuntu-server.DB.swap

nothing.
if I ping one ip from the other, I get:
Destination host unreachable
and tcpdump show nothing

(I can ping each other via "external" ip, the "public" ip on eth0)

by the way... if I get the IP via dhcp from eth1 interface (of the 2 VM)
I obtain always the same IP even if the macaddress are different (always
10.0.2.15)

Other ideas?

thank you.

-- 
/* Paolo Pedaletti,
 * paolo@pedaletti.it www.pedaletti.it */

Re: networking setup problem

[Paolo Pedaletti]

Ciao Uri:

> Does using a different ifname help ?
> PROXY:  ifname=tap2 and dmz2
> WEBAPP: ifname=tap1 and dmz1
> DB:     ifname=tap0 and dmz0

no, it doesn't.

always
destination host unreachable

> Also check route on guests.

yes, they are correct, the default to external network eth0 while all
eth1 10.0.2.0/24 internal

nothing. :-(

someone has tried a working setup for 2 network connections, one
"public" and one "private" ?

thank you.

-- 
/* Paolo Pedaletti,
 * paolo@pedaletti.it www.pedaletti.it */

Re: networking setup problem

[David Mair]

Paolo Pedaletti wrote:
> Ciao Uri:
> 
>> Does using a different ifname help ?
>> PROXY:  ifname=tap2 and dmz2
>> WEBAPP: ifname=tap1 and dmz1
>> DB:     ifname=tap0 and dmz0
> 
> no, it doesn't.
> 
> always
> destination host unreachable
> 
>> Also check route on guests.
> 
> yes, they are correct, the default to external network eth0 while all
> eth1 10.0.2.0/24 internal
> 
> nothing. :-(
> 
> someone has tried a working setup for 2 network connections, one
> "public" and one "private" ?

Yes. On this host I have equivalents for all the VMware default networks 
(vmnet0, vmnet1 and vmnet8). Each of them is built with host tools 
(brctl, tunctl, host IP stack, ISC dhcpd).

It looks like the -net user and socket listen/connect options do not 
create shared virtual cabling between more than one and two guests 
respectively. The documentation implies that because it says that the 
-net socket mcast option does create a virtual cabling bus you can 
connect more than two guests to. This might work for you:

kvm -name PROXY
-net nic,vlan=0,macaddr=00:18:BE:EF:17:2A,model=rtl8139
     -net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
-net nic,vlan=1,macaddr=00:18:BE:EF:17:2B,model=rtl8139
     -net socket,vlan=1,mcast=230.0.0.1:1234
-drive index=0,media=disk,if=scsi,file=./ubuntu-server.PROXY.root,boot=on
-drive index=1,media=disk,if=scsi,file=./ubuntu-server.PROXY.home
-drive index=2,media=disk,if=scsi,file=./ubuntu-server.PROXY.swap

kvm -name WEBAPP
-net nic,vlan=0,macaddr=00:18:BE:EF:17:1A,model=rtl8139
     -net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
-net nic,vlan=1,macaddr=00:18:BE:EF:17:1B,model=rtl8139
     -net socket,vlan=1,mcast=230.0.0.1:1234
-drive index=0,media=disk,if=scsi,file=./ubuntu-server.WEB.root,boot=on
-drive index=1,media=disk,if=scsi,file=./ubuntu-server.WEB.home
-drive index=2,media=disk,if=scsi,file=./ubuntu-server.WEB.swap

kvm -name DB
-net nic,vlan=0,macaddr=00:18:BE:EF:17:0A,model=rtl8139
     -net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
-net nic,vlan=1,macaddr=00:18:BE:EF:17:0B,model=rtl8139
     -net socket,vlan=1,mcast=230.0.0.1:1234
-drive index=0,media=disk,if=scsi,file=./ubuntu-server.DB.root,boot=on
-drive index=1,media=disk,if=scsi,file=./ubuntu-server.DB.home
-drive index=2,media=disk,if=scsi,file=./ubuntu-server.DB.swap

That's suitable for testing but not for production use IMO. The guest to 
guest traffic on the vlan=1 NICs may be visible on host public 
interfaces (tunneled in UDP multicast traffic of course). There will be 
no DHCP server on the vlan=1 guest NICs unless you install one. For a 
production environment you'll have to do more work.

-- 
David.

Re: networking setup problem

[Lynn Kerby]

On Jul 20, 2008, at 4:56 PM, Paolo Pedaletti wrote:

> Ciao Uri:
>
>> Does using a different ifname help ?
>> PROXY:  ifname=tap2 and dmz2
>> WEBAPP: ifname=tap1 and dmz1
>> DB:     ifname=tap0 and dmz0
>
> no, it doesn't.
>
> always
> destination host unreachable
>
>> Also check route on guests.
>
> yes, they are correct, the default to external network eth0 while all
> eth1 10.0.2.0/24 internal
>
> nothing. :-(
>
> someone has tried a working setup for 2 network connections, one
> "public" and one "private" ?

Paolo,

Not quite sure what you mean by your public/private labels.  I have a  
working setup with 2 network connections for several of my KVM guests.

I've got one interface that uses tun/tap devices attached to bridge  
br0 which also contains the eth0 connection on the host and these  
guests typically get their IP addresses via DHCP.  These guests use  
interface names starting with tap.  For a few of the guests, they  
have an additional interface that is attached to bridge br1 which  
connects to my public IP switch.  These guests have static address  
assignments as I only have a handful of external static IPs and these  
interfaces are named with dmz at the front.  The KVM host doesn't  
have an IP address assigned on the interface that connects to the  
outside world as I don't really want it to be reachable directly.

It works beautifully, but doesn't use user networking like the  
startup commands you posted.  However, when I went back and looked at  
your ifup script and the first config you posted, you probably aren't  
really trying to use user networking for the eth1 interface.  You  
should try replacing the '-net user,' with  '-net tap,'  on your dmz  
interfaces and see if that doesn't solve your problem.  I use the  
e1000 nic emulation instead of the rtl8139 (which gave me all kinds  
of problems about 25 KVM releases ago).

I can post or email you my working config info if you really need it,  
but I think you are really close to getting this working.

Lynn Kerby

Re: networking setup problem

[Lynn Kerby]

On Jul 20, 2008, at 10:07 PM, David Mair wrote:

> Paolo Pedaletti wrote:
>> Ciao Uri:
>>> Does using a different ifname help ?
>>> PROXY:  ifname=tap2 and dmz2
>>> WEBAPP: ifname=tap1 and dmz1
>>> DB:     ifname=tap0 and dmz0
>> no, it doesn't.
>> always
>> destination host unreachable
>>> Also check route on guests.
>> yes, they are correct, the default to external network eth0 while all
>> eth1 10.0.2.0/24 internal
>> nothing. :-(
>> someone has tried a working setup for 2 network connections, one
>> "public" and one "private" ?
>
> Yes. On this host I have equivalents for all the VMware default  
> networks (vmnet0, vmnet1 and vmnet8). Each of them is built with  
> host tools (brctl, tunctl, host IP stack, ISC dhcpd).
>
> It looks like the -net user and socket listen/connect options do  
> not create shared virtual cabling between more than one and two  
> guests respectively. The documentation implies that because it says  
> that the -net socket mcast option does create a virtual cabling bus  
> you can connect more than two guests to. This might work for you:
>
> kvm -name PROXY
> -net nic,vlan=0,macaddr=00:18:BE:EF:17:2A,model=rtl8139
>     -net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
> -net nic,vlan=1,macaddr=00:18:BE:EF:17:2B,model=rtl8139
>     -net socket,vlan=1,mcast=230.0.0.1:1234
> -drive index=0,media=disk,if=scsi,file=./ubuntu- 
> server.PROXY.root,boot=on
> -drive index=1,media=disk,if=scsi,file=./ubuntu-server.PROXY.home
> -drive index=2,media=disk,if=scsi,file=./ubuntu-server.PROXY.swap
>
> kvm -name WEBAPP
> -net nic,vlan=0,macaddr=00:18:BE:EF:17:1A,model=rtl8139
>     -net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
> -net nic,vlan=1,macaddr=00:18:BE:EF:17:1B,model=rtl8139
>     -net socket,vlan=1,mcast=230.0.0.1:1234
> -drive index=0,media=disk,if=scsi,file=./ubuntu- 
> server.WEB.root,boot=on
> -drive index=1,media=disk,if=scsi,file=./ubuntu-server.WEB.home
> -drive index=2,media=disk,if=scsi,file=./ubuntu-server.WEB.swap
>
> kvm -name DB
> -net nic,vlan=0,macaddr=00:18:BE:EF:17:0A,model=rtl8139
>     -net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
> -net nic,vlan=1,macaddr=00:18:BE:EF:17:0B,model=rtl8139
>     -net socket,vlan=1,mcast=230.0.0.1:1234
> -drive index=0,media=disk,if=scsi,file=./ubuntu-server.DB.root,boot=on
> -drive index=1,media=disk,if=scsi,file=./ubuntu-server.DB.home
> -drive index=2,media=disk,if=scsi,file=./ubuntu-server.DB.swap
>
> That's suitable for testing but not for production use IMO. The  
> guest to guest traffic on the vlan=1 NICs may be visible on host  
> public interfaces (tunneled in UDP multicast traffic of course).  
> There will be no DHCP server on the vlan=1 guest NICs unless you  
> install one. For a production environment you'll have to do more work.

I just noticed in David's post (and went back to yours also) that you  
are specifying ifname=tap0 for each of the guests.  You will need to  
assign each guest it's *own* tap interface and attach that to the  
appropriate bridge(s) for this to work.

I'm not familiar with the '-net socket' stuff here, so I don't know  
what that does for you.

Lynn Kerby

Re: networking setup problem

[paolo pedaletti]

Ciao Lynn:

> I can post or email you my working config info if you really need it, 
> but I think you are really close to getting this working.

ok, let me trying few more times ... :-)

thank you for the answer (David Mair too)


-- 
Paolo Pedaletti

Re: networking setup problem

[David Mair]

Lynn Kerby wrote:
> 
> On Jul 20, 2008, at 10:07 PM, David Mair wrote:
> 
>> Paolo Pedaletti wrote:
>>> Ciao Uri:
>>>> Does using a different ifname help ?
>>>> PROXY:  ifname=tap2 and dmz2
>>>> WEBAPP: ifname=tap1 and dmz1
>>>> DB:     ifname=tap0 and dmz0
>>> no, it doesn't.
>>> always
>>> destination host unreachable
>>>> Also check route on guests.
>>> yes, they are correct, the default to external network eth0 while all
>>> eth1 10.0.2.0/24 internal
>>> nothing. :-(
>>> someone has tried a working setup for 2 network connections, one
>>> "public" and one "private" ?
>>
>> Yes. On this host I have equivalents for all the VMware default 
>> networks (vmnet0, vmnet1 and vmnet8). Each of them is built with host 
>> tools (brctl, tunctl, host IP stack, ISC dhcpd).
>>
>> It looks like the -net user and socket listen/connect options do not 
>> create shared virtual cabling between more than one and two guests 
>> respectively. The documentation implies that because it says that the 
>> -net socket mcast option does create a virtual cabling bus you can 
>> connect more than two guests to. This might work for you:
>>
>> kvm -name PROXY
>> -net nic,vlan=0,macaddr=00:18:BE:EF:17:2A,model=rtl8139
>>     -net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
>> -net nic,vlan=1,macaddr=00:18:BE:EF:17:2B,model=rtl8139
>>     -net socket,vlan=1,mcast=230.0.0.1:1234
>> -drive index=0,media=disk,if=scsi,file=./ubuntu-server.PROXY.root,boot=on
>> -drive index=1,media=disk,if=scsi,file=./ubuntu-server.PROXY.home
>> -drive index=2,media=disk,if=scsi,file=./ubuntu-server.PROXY.swap
>>
>> kvm -name WEBAPP
>> -net nic,vlan=0,macaddr=00:18:BE:EF:17:1A,model=rtl8139
>>     -net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
>> -net nic,vlan=1,macaddr=00:18:BE:EF:17:1B,model=rtl8139
>>     -net socket,vlan=1,mcast=230.0.0.1:1234
>> -drive index=0,media=disk,if=scsi,file=./ubuntu-server.WEB.root,boot=on
>> -drive index=1,media=disk,if=scsi,file=./ubuntu-server.WEB.home
>> -drive index=2,media=disk,if=scsi,file=./ubuntu-server.WEB.swap
>>
>> kvm -name DB
>> -net nic,vlan=0,macaddr=00:18:BE:EF:17:0A,model=rtl8139
>>     -net tap,vlan=0,ifname=tap0,script=./qemu-ifup.sh
>> -net nic,vlan=1,macaddr=00:18:BE:EF:17:0B,model=rtl8139
>>     -net socket,vlan=1,mcast=230.0.0.1:1234
>> -drive index=0,media=disk,if=scsi,file=./ubuntu-server.DB.root,boot=on
>> -drive index=1,media=disk,if=scsi,file=./ubuntu-server.DB.home
>> -drive index=2,media=disk,if=scsi,file=./ubuntu-server.DB.swap
>>
>> That's suitable for testing but not for production use IMO. The guest 
>> to guest traffic on the vlan=1 NICs may be visible on host public 
>> interfaces (tunneled in UDP multicast traffic of course). There will 
>> be no DHCP server on the vlan=1 guest NICs unless you install one. For 
>> a production environment you'll have to do more work.
> 
> I just noticed in David's post (and went back to yours also) that you 
> are specifying ifname=tap0 for each of the guests.  You will need to 
> assign each guest it's *own* tap interface and attach that to the 
> appropriate bridge(s) for this to work.
> 
> I'm not familiar with the '-net socket' stuff here, so I don't know what 
> that does for you.

It should allow for private guest to guest [virtual] cabling without needing any 
host configuration. FWIW, I do it the way you do...with a host bridge and a tap for 
each guest.

-- 
David.