* kvm networking part last
@ 2010-06-28 22:26 SuNeEl
2010-06-28 23:06 ` David S. Ahern
0 siblings, 1 reply; 2+ messages in thread
From: SuNeEl @ 2010-06-28 22:26 UTC (permalink / raw)
To: kvm
I have been trying desperately to achieve virtual networking with kvm, but =
some how I failed each time.. rather lot of unclear tutorial using differen=
t methods achieving common goals made me confuse like bridging, vmnet, tun,=
etc etc routing ,iptable forward everything in a one pipe ... but before I=
give up i just thrown this question before you guys
Host-----------------guest1------------------guest2------------guest3
192.168.1.1 192.168.1.3 192.168.1.4 192.168.1.5
eth0
I wanted to use host eth0 to ssh on all guest + dont want to lose connectiv=
ity to host as well.
tell me if this is a dream in one shoot so I give up looking more positi=
veness in virtual networking
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: kvm networking part last
2010-06-28 22:26 kvm networking part last SuNeEl
@ 2010-06-28 23:06 ` David S. Ahern
0 siblings, 0 replies; 2+ messages in thread
From: David S. Ahern @ 2010-06-28 23:06 UTC (permalink / raw)
To: SuNeEl; +Cc: kvm
On 06/28/10 16:26, SuNeEl wrote:
> I have been trying desperately to achieve virtual networking with kvm, but =
> some how I failed each time.. rather lot of unclear tutorial using differen=
> t methods achieving common goals made me confuse like bridging, vmnet, tun,=
> etc etc routing ,iptable forward everything in a one pipe ... but before I=
> give up i just thrown this question before you guys
>
>
> Host-----------------guest1------------------guest2------------guest3
> 192.168.1.1 192.168.1.3 192.168.1.4 192.168.1.5
> eth0
>
> I wanted to use host eth0 to ssh on all guest + dont want to lose connectiv=
> ity to host as well.
>
> tell me if this is a dream in one shoot so I give up looking more positi=
> veness in virtual networking
I use both direct connect and host-only networking setups. In both cases
qemu is configured to use tap devices (-net tap).
VM's directly connected to LAN:
.------. .------. .------.
| VM 1 | | VM 2 | ... | VM N |
'------' '------' '------'
| | |
.------. .------. .------.
| tap | | tap | ... | tap |
'------' '------' '------'
| | |
'--------------------------
|
.-------.
| br0 |
'-------'
|
.-------.
| eth0 |
'-------'
| LAN
<-------------------------------------->
Host-side configuration:
/etc/sysconfig/network-scripts/ifcfg-eth0:
DEVICE=eth0
ONBOOT=yes
BRIDGE=mainbr0
/etc/sysconfig/network-scripts/ifcfg-mainbr0
DEVICE=mainbr0
ONBOOT=yes
BOOTPROTO=dhcp
In this case the VMs show up on the LAN just like any other node.
I also have the option to connect VM's to a host-only network:
.------. .------. .------.
| VM 1 | | VM 2 | ... | VM N |
'------' '------' '------'
| | |
.------. .------. .------.
| tap | | tap | ... | tap |
'------' '------' '------'
| | |
'--------------------------
|
.-------. .----------.
| br1 |<---| iptables |
'-------' '----------'
|
|
v
.-------.
| eth0 |
'-------'
LAN |
<-------------------------------------->
For br1, I chose to manually create it at boot time using an rc-script:
brctl addbr hostbr1
ifconfig hostbr1 <ip> netmask <mask> up
VM access to off-box resources is handled through iptables:
iptables -t nat -A PREROUTING -i hostbr1 -j ACCEPT
Direct access to a VM is handled by port redirection:
iptables -t nat -A PREROUTING -p tcp --dport <host-port> \
-j DNAT --to-destination <VM>:22
iptables -t nat -A PREROUTING -p tcp --dport 2022 \
-j DNAT --to-destination 169.254.1.2:22
e., ssh -p 2022 user@host is redirected to port 22 for the VM with the
IP 169.254.1.2.
Which networking setup (or both in some cases) I use for specific VM
depends on the purpose of the VM.
David
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-06-28 23:05 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-06-28 22:26 kvm networking part last SuNeEl
2010-06-28 23:06 ` David S. Ahern
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox