using KVM w/o dnsmasq on CentOS 5.2 X64

using KVM w/o dnsmasq on CentOS 5.2 X64

[Stefan Krümmel]

Hi,

I'm trying to convert some of our virtual machines from VMWare Server 2 to
KVM on CentOS 5.2 X64.

KVM constantly gives me headaches when it comes to networking  
configuration.

Being used to VMWare, there are some things that don't work as expected.

1. kvm/libvirt manipulate iptables, effectivly breaking the hosts  
networking
iptables is usually turned off on the dev machine( iptables -F, no rules  
set during boot)

2. kvm/libvirt comes with dnsmasq, which gets started automagically,  
colliding
with out existing DDNS setup(ISC's bind/dhcpd3 )

I'm hope some of you might shed some light on howto
1) bridge a KVM-VM to an exisiting Ethernet interface, behaving exactly  
like
a real/physical NIC, being able to handle any  
ARP/BOOTP/PXE/DHCP/IP/whatever requests.

and 2) setup a virtual ethernet-network, which is completely isolated
 from the host's networking WITHOUT using NAT/dnsmasq.

e.g. we have a JEOS VM which acts as a tightly restricted dual-homed GW for
VMs that are required to run in a completely isolated network.

I've browsed thru several docus/wikis related to xen/kvm
but none them gave any clues about this custom networking setup.

regards
Stefan Kruemmel

Re: using KVM w/o dnsmasq on CentOS 5.2 X64

[Daniel P. Berrange]

On Mon, Feb 02, 2009 at 11:06:34AM +0100, Stefan Kr?mmel wrote:
> Hi,
> 
> I'm trying to convert some of our virtual machines from VMWare Server 2 to
> KVM on CentOS 5.2 X64.
> 
> KVM constantly gives me headaches when it comes to networking  
> configuration.
> 
> Being used to VMWare, there are some things that don't work as expected.
> 
> 1. kvm/libvirt manipulate iptables, effectivly breaking the hosts  
> networking
> iptables is usually turned off on the dev machine( iptables -F, no rules  
> set during boot)
>
> 2. kvm/libvirt comes with dnsmasq, which gets started automagically,  
> colliding
> with out existing DDNS setup(ISC's bind/dhcpd3 )

libvirt's dnsmasq instance is told to only listen on the network
interface with 192.168.122.1, but unfortunately most other DHCP
daemons will default to listening on every interface. So if you
already run a DHCP interface you'll want to disable libvirt's
default virtual network

  virsh net-destroy default
  virsh net-autostart --disable default

> I'm hope some of you might shed some light on howto
> 1) bridge a KVM-VM to an exisiting Ethernet interface, behaving exactly  
> like
> a real/physical NIC, being able to handle any  
> ARP/BOOTP/PXE/DHCP/IP/whatever requests.

See the 'Shared physical device' docs here for Debian/Ubuntu and
Fedora/RHEL configs:

  http://wiki.libvirt.org/page/Networking

> and 2) setup a virtual ethernet-network, which is completely isolated
> from the host's networking WITHOUT using NAT/dnsmasq.

You can modify libvirt's default virtual network to turn off both
DHCP and NAT forwarding options, which will just leave the bridge
interface in an isolated config

  virsh net-edit default

And remove the DHCP XML elements, and remove the '<forward>'
element


Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

Re: using KVM w/o dnsmasq on CentOS 5.2 X64

[Paolo Pedaletti]

Ciao Stefan,

> KVM constantly gives me headaches when it comes to networking
> configuration.

I have found very interesting this document:

http://tjworld.net/wiki/Linux/Ubuntu/VirtualMachinesWithVDENetworking

it's only one possibility, but/and it works :-)

-- 
Paolo Pedaletti