From: "David S. Ahern" <daahern@cisco.com>
To: SuNeEl <seacore14@yahoo.com>
Cc: kvm@vger.kernel.org
Subject: Re: kvm networking part last
Date: Mon, 28 Jun 2010 17:06:38 -0600 [thread overview]
Message-ID: <4C292AFE.1040005@cisco.com> (raw)
In-Reply-To: <796407.69741.qm@web95604.mail.in.yahoo.com>
On 06/28/10 16:26, SuNeEl wrote:
> I have been trying desperately to achieve virtual networking with kvm, but =
> some how I failed each time.. rather lot of unclear tutorial using differen=
> t methods achieving common goals made me confuse like bridging, vmnet, tun,=
> etc etc routing ,iptable forward everything in a one pipe ... but before I=
> give up i just thrown this question before you guys
>
>
> Host-----------------guest1------------------guest2------------guest3
> 192.168.1.1 192.168.1.3 192.168.1.4 192.168.1.5
> eth0
>
> I wanted to use host eth0 to ssh on all guest + dont want to lose connectiv=
> ity to host as well.
>
> tell me if this is a dream in one shoot so I give up looking more positi=
> veness in virtual networking
I use both direct connect and host-only networking setups. In both cases
qemu is configured to use tap devices (-net tap).
VM's directly connected to LAN:
.------. .------. .------.
| VM 1 | | VM 2 | ... | VM N |
'------' '------' '------'
| | |
.------. .------. .------.
| tap | | tap | ... | tap |
'------' '------' '------'
| | |
'--------------------------
|
.-------.
| br0 |
'-------'
|
.-------.
| eth0 |
'-------'
| LAN
<-------------------------------------->
Host-side configuration:
/etc/sysconfig/network-scripts/ifcfg-eth0:
DEVICE=eth0
ONBOOT=yes
BRIDGE=mainbr0
/etc/sysconfig/network-scripts/ifcfg-mainbr0
DEVICE=mainbr0
ONBOOT=yes
BOOTPROTO=dhcp
In this case the VMs show up on the LAN just like any other node.
I also have the option to connect VM's to a host-only network:
.------. .------. .------.
| VM 1 | | VM 2 | ... | VM N |
'------' '------' '------'
| | |
.------. .------. .------.
| tap | | tap | ... | tap |
'------' '------' '------'
| | |
'--------------------------
|
.-------. .----------.
| br1 |<---| iptables |
'-------' '----------'
|
|
v
.-------.
| eth0 |
'-------'
LAN |
<-------------------------------------->
For br1, I chose to manually create it at boot time using an rc-script:
brctl addbr hostbr1
ifconfig hostbr1 <ip> netmask <mask> up
VM access to off-box resources is handled through iptables:
iptables -t nat -A PREROUTING -i hostbr1 -j ACCEPT
Direct access to a VM is handled by port redirection:
iptables -t nat -A PREROUTING -p tcp --dport <host-port> \
-j DNAT --to-destination <VM>:22
iptables -t nat -A PREROUTING -p tcp --dport 2022 \
-j DNAT --to-destination 169.254.1.2:22
e., ssh -p 2022 user@host is redirected to port 22 for the VM with the
IP 169.254.1.2.
Which networking setup (or both in some cases) I use for specific VM
depends on the purpose of the VM.
David
prev parent reply other threads:[~2010-06-28 23:05 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-28 22:26 kvm networking part last SuNeEl
2010-06-28 23:06 ` David S. Ahern [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C292AFE.1040005@cisco.com \
--to=daahern@cisco.com \
--cc=kvm@vger.kernel.org \
--cc=seacore14@yahoo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox