kvm虚拟网络

kvm

字数统计: 1.8k阅读时长: 9 min

 2017/08/17   Share

kvm虚拟网络

kvm虚拟网络，常见的虚拟网络分Host-Only,NAT,桥接：

Host-Only网络展示：

这种模式可以实现虚拟机之间的通信，但是无法跟宿主机和其他网络通信，相当于多台服务器连接到一台交换机上的局域网。

NAT网络展示：

这种模式在服务器上多处一块virnet网卡，这块网卡就相当于，交换机上与外部宿主机网卡间的NAT网络转换。

桥接网络展示：

需要将虚拟机的虚拟网卡模拟成实际宿主机的网络，就需要在这块宿主机上网卡开启浑杂模式，而如果要识别每块网卡的设备号，也就只有把宿主网卡当成交换机使用，而原本宿主机上的网卡地址等就需要设置桥接网卡，再桥接上宿主网卡。

桥接网卡设置方法

手动设置：

~]# systemctl stop NetworkManager
~]# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-br0
~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE="Ethernet"
BOOTPROTO="none"
NAME="eth0"
DEVICE="eth0"
ONBOOT="yes"
BRIDGE="br0"
~]# vim /etc/sysconfig/network-scripts/ifcfg-br0
NAME="br0"
ONBOOT="yes"
BOOTPROTO="dhcp"
TYPE="Bridge"
DEVICE="br0"
~]# systemctl restart network
~]# ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.211.55.39  netmask 255.255.255.0  broadcast 10.211.55.255
        inet6 fdb2:2c26:f4e4:0:21c:42ff:fe3f:7d43  prefixlen 64  scopeid 0x0<global>
        inet6 fe80::21c:42ff:fe3f:7d43  prefixlen 64  scopeid 0x20<link>
        ether 00:1c:42:3f:7d:43  txqueuelen 1000  (Ethernet)
        RX packets 28  bytes 2906 (2.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 29  bytes 3594 (3.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        ether 00:1c:42:3f:7d:43  txqueuelen 1000  (Ethernet)
        RX packets 1026787  bytes 1279338262 (1.1 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 517471  bytes 41323011 (39.4 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1  (Local Loopback)
        RX packets 19117  bytes 4112841 (3.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 19117  bytes 4112841 (3.9 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:d0:5a:d6  txqueuelen 1000  (Ethernet)
        RX packets 3  bytes 216 (216.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

自动创建

1	~]# virsh iface-list
2	Name State MAC Address
3	---------------------------------------------------
4	eth0 active 00:1c:42:3f:7d:43
5	lo active 00:00:00:00:00:00
6	~]# virsh iface-bridge eth0 br0
7	~]# virsh iface-list
8	Name State MAC Address
9	---------------------------------------------------
10	br0 active 00:1c:42:3f:7d:43
11	lo active 00:00:00:00:00:00

这样我们在创建虚拟机的时候就可以看见有br0的桥接网络可以选择了。

构建Host Only模型

~]# rpm -qf /usr/sbin/brctl 
bridge-utils-1.5-9.el7.x86_64
~]# brctl -h
Usage: brctl [commands]
commands:
        addbr           <bridge>                add bridge
        delbr           <bridge>                delete bridge
        addif           <bridge> <device>       add interface to bridge
        delif           <bridge> <device>       delete interface from bridge
        hairpin         <bridge> <port> {on|off}        turn hairpin on/off
        setageing       <bridge> <time>         set ageing time
        setbridgeprio   <bridge> <prio>         set bridge priority
        setfd           <bridge> <time>         set bridge forward delay
        sethello        <bridge> <time>         set hello time
        setmaxage       <bridge> <time>         set max message age
        setpathcost     <bridge> <port> <cost>  set path cost
        setportprio     <bridge> <port> <prio>  set port priority
        show            [ <bridge> ]            show a list of bridges
        showmacs        <bridge>                show a list of mac addrs
        showstp         <bridge>                show bridge stp info
        stp             <bridge> {on|off}       turn stp on/off
~]# brctl addbr mybr0
~]# ip link set mybr0 up
~]# vim /etc/qemu-ifup
#!/bin/bash
bridge=mybr0
if [ -n "$1" ];then
	ip link set $1 up
	sleep 1
	brctl addif $bridge $1
	[ $? -eq 0 ] && exit 0 || exit 1
else
	echo "Error:no interface specified."
	exit 1
fi
~]# vim /etc/qemu-ifdown
#!/bin/bash
bridge=mybr0
if [ -n "$1" ];then
	brctl delif $bridge $1
	ip link set $1 down
	exit 0
else
	echo "Error:no interface specified."
	exit 1
fi
~]# chmod +x /etc/qemu-if*

创建虚拟机：
~]# cd /usr/libexec
~]# ln -s qemu-kvm /usr/bin
~]# qemu-kvm -name test -m 64 -smp 2 -drive file=/vms/images/test/test-0.qcow2,media=disk,if=virtio,format=qcow2 -net nic,model=virtio,macaddr=52:54:00:00:00:01 -net tap,ifname=vent1,script=/etc/qemu-ifup,downscript=/etc/qemu-ifdown -vnc :1 -daemonize
~]# qemu-kvm -name test1 -m 64 -smp 2 -drive file=/vms/images/test1/test1-0.qcow2,media=disk,if=virtio,format=qcow2 -net nic,model=virtio,macaddr=52:54:00:00:01:01 -net tap,ifname=vent2,script=/etc/qemu-ifup,downscript=/etc/qemu-ifdown -vnc :2 -daemonize
~]# brctl show  确保两台虚拟的网卡都被桥接到同一台桥接口
bridge name     bridge id               STP enabled     interfaces
br0             8000.001c423f7d43       no              eth0
mybr0           8000.0a4d604ee0f8       no              vent1
                                                        vent2
~]# yum install -y tigervnc
~]# vncviewer :3
~]# vncvierer :4
各自配上网路测试


~]# ifconfig mybr0 10.0.0.254/24 up
这样宿主机就可以更虚拟机通信了

构建NAT模型

首先我们需要将虚拟机网络网关指向我们桥接上的那块网卡的地址。
修改iptable上规则进行SNAT装换
开启内核路由转发

1	~]# route add default gw 10.0.0.254
2
3	在宿主机上进行抓包分析下：
4	~]# tcpdump -i mybr0 host 10.0.0.1 and icmp
5	tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
6	listening on mybr0, link-type EN10MB (Ethernet), capture size 65535 bytes
7	05:35:17.138456 IP 10.0.0.1 > 10.211.55.2: ICMP echo request, id 1029, seq 107, length 64
8	05:35:18.139367 IP 10.0.0.1 > 10.211.55.2: ICMP echo request, id 1029, seq 108, length 64
9	05:35:19.146900 IP 10.0.0.1 > 10.211.55.2: ICMP echo request, id 1029, seq 109, length 64
10
11	可以看见我们的虚拟机已经可ping出外网了，但是没有回来的报文，原因是当网络报文返回时无从知道10.0.0.0/24的网段在哪？
12	iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j SNAT --to-source 10.211.55.39
13
14	echo "1" > /proc/sys/net/ipv4/ip_forward
15
16	tcpdump -i mybr0 host 10.0.0.1 and icmp -nn
17	tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
18	listening on mybr0, link-type EN10MB (Ethernet), capture size 65535 bytes
19	06:01:20.219606 IP 10.0.0.1 > 10.211.55.39: ICMP echo request, id 3077, seq 175, length 64
20	06:01:20.219651 IP 10.211.55.39 > 10.0.0.1: ICMP echo reply, id 3077, seq 175, length 64
21	06:01:21.236760 IP 10.0.0.1 > 10.211.55.39: ICMP echo request, id 3077, seq 176, length 64
22	06:01:21.236804 IP 10.211.55.39 > 10.0.0.1: ICMP echo reply, id 3077, seq 176, length 64

当然这里的机制只是允许虚拟机可以访问网络，而外部机想要与虚拟机通信，跟交换路由的规则一样，我们做DNAT。

1	这里我们新建一个地址做DNAT地址
2	~]# ifconifg eth0:0 10.211.55.40/24 up
3	~]# iptables -t nat -R 1 POSTROUTING -s 10.0.0.0/24 -j SNAT --to-source 10.211.55.40
4	~]# iptables -t nat -A PREROUTING -d 10.211.55.40 -j DNAT --to-destination 10.0.0.1

构建桥接模型

将宿主机的物理网卡做成成桥接–即上文中创建br0的步骤。
将虚拟的vent1，vent2的网络接口指向br0–修改创建时的qemu-ifup，qemu-ifdown文件将桥指向br0即可。

桥接好像更简单，0.0 …

原文作者：Zhang Jusene

原文链接：http://jusene.github.io/2017/08/17/kvm-network/

发表日期：August 17th 2017, 10:58:04 pm

更新日期：November 30th 2019, 1:54:24 am

Next Post

Mysql 高可用架构 MHA
Previous Post

kvm虚拟化技术(基础)

CATALOG

1. kvm虚拟网络
2. 桥接网卡设置方法
3. 构建Host Only模型
4. 构建NAT模型
5. 构建桥接模型



1	~]# systemctl stop NetworkManager
2	~]# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-br0
3	~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
4	TYPE="Ethernet"
5	BOOTPROTO="none"
6	NAME="eth0"
7	DEVICE="eth0"
8	ONBOOT="yes"
9	BRIDGE="br0"
10	~]# vim /etc/sysconfig/network-scripts/ifcfg-br0
11	NAME="br0"
12	ONBOOT="yes"
13	BOOTPROTO="dhcp"
14	TYPE="Bridge"
15	DEVICE="br0"
16	~]# systemctl restart network
17	~]# ifconfig
18	br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
19	inet 10.211.55.39 netmask 255.255.255.0 broadcast 10.211.55.255
20	inet6 fdb2:2c26:f4e4:0:21c:42ff:fe3f:7d43 prefixlen 64 scopeid 0x0<global>
21	inet6 fe80::21c:42ff:fe3f:7d43 prefixlen 64 scopeid 0x20<link>
22	ether 00:1c:42:3f:7d:43 txqueuelen 1000 (Ethernet)
23	RX packets 28 bytes 2906 (2.8 KiB)
24	RX errors 0 dropped 0 overruns 0 frame 0
25	TX packets 29 bytes 3594 (3.5 KiB)
26	TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
27
28	eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
29	ether 00:1c:42:3f:7d:43 txqueuelen 1000 (Ethernet)
30	RX packets 1026787 bytes 1279338262 (1.1 GiB)
31	RX errors 0 dropped 0 overruns 0 frame 0
32	TX packets 517471 bytes 41323011 (39.4 MiB)
33	TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
34	lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
35	inet 127.0.0.1 netmask 255.0.0.0
36	inet6 ::1 prefixlen 128 scopeid 0x10<host>
37	loop txqueuelen 1 (Local Loopback)
38	RX packets 19117 bytes 4112841 (3.9 MiB)
39	RX errors 0 dropped 0 overruns 0 frame 0
40	TX packets 19117 bytes 4112841 (3.9 MiB)
41	TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
42
43	virbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
44	inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
45	ether 52:54:00:d0:5a:d6 txqueuelen 1000 (Ethernet)
46	RX packets 3 bytes 216 (216.0 B)
47	RX errors 0 dropped 0 overruns 0 frame 0
48	TX packets 0 bytes 0 (0.0 B)
49	TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

1	~]# rpm -qf /usr/sbin/brctl
2	bridge-utils-1.5-9.el7.x86_64
3	~]# brctl -h
4	Usage: brctl [commands]
5	commands:
6	addbr <bridge> add bridge
7	delbr <bridge> delete bridge
8	addif <bridge> <device> add interface to bridge
9	delif <bridge> <device> delete interface from bridge
10	hairpin <bridge> <port> {on\|off} turn hairpin on/off
11	setageing <bridge> <time> set ageing time
12	setbridgeprio <bridge> <prio> set bridge priority
13	setfd <bridge> <time> set bridge forward delay
14	sethello <bridge> <time> set hello time
15	setmaxage <bridge> <time> set max message age
16	setpathcost <bridge> <port> <cost> set path cost
17	setportprio <bridge> <port> <prio> set port priority
18	show [ <bridge> ] show a list of bridges
19	showmacs <bridge> show a list of mac addrs
20	showstp <bridge> show bridge stp info
21	stp <bridge> {on\|off} turn stp on/off
22	~]# brctl addbr mybr0
23	~]# ip link set mybr0 up
24	~]# vim /etc/qemu-ifup
25	#!/bin/bash
26	bridge=mybr0
27	if [ -n "$1" ];then
28	ip link set $1 up
29	sleep 1
30	brctl addif $bridge $1
31	[ $? -eq 0 ] && exit 0 \|\| exit 1
32	else
33	echo "Error:no interface specified."
34	exit 1
35	fi
36	~]# vim /etc/qemu-ifdown
37	#!/bin/bash
38	bridge=mybr0
39	if [ -n "$1" ];then
40	brctl delif $bridge $1
41	ip link set $1 down
42	exit 0
43	else
44	echo "Error:no interface specified."
45	exit 1
46	fi
47	~]# chmod +x /etc/qemu-if*
48
49	创建虚拟机：
50	~]# cd /usr/libexec
51	~]# ln -s qemu-kvm /usr/bin
52	~]# qemu-kvm -name test -m 64 -smp 2 -drive file=/vms/images/test/test-0.qcow2,media=disk,if=virtio,format=qcow2 -net nic,model=virtio,macaddr=52:54:00:00:00:01 -net tap,ifname=vent1,script=/etc/qemu-ifup,downscript=/etc/qemu-ifdown -vnc :1 -daemonize
53	~]# qemu-kvm -name test1 -m 64 -smp 2 -drive file=/vms/images/test1/test1-0.qcow2,media=disk,if=virtio,format=qcow2 -net nic,model=virtio,macaddr=52:54:00:00:01:01 -net tap,ifname=vent2,script=/etc/qemu-ifup,downscript=/etc/qemu-ifdown -vnc :2 -daemonize
54	~]# brctl show 确保两台虚拟的网卡都被桥接到同一台桥接口
55	bridge name bridge id STP enabled interfaces
56	br0 8000.001c423f7d43 no eth0
57	mybr0 8000.0a4d604ee0f8 no vent1
58	vent2
59	~]# yum install -y tigervnc
60	~]# vncviewer :3
61	~]# vncvierer :4
62	各自配上网路测试
63
64
65	~]# ifconfig mybr0 10.0.0.254/24 up
66	这样宿主机就可以更虚拟机通信了