QEMU-KVM create virtual machine automatically specify the IP configuration

You cannot specify an IP address when using qemu to create a virtual machine. However, in actual applications, we need the virtual machine to have an IP address and do not manually configure it on the virtual machine operating system. In the qemu Virtual Machine technical documentation (http://qemu.weilnetz.de/qemu-doc.html#pcsys_005fmonitor) in the drums for a long time, found in the virtual machine to create a virtual network card can specify the MAC address, suddenly eyes bright:If you can specify a unique MAC address for a VM Nic, you can configure DHCP to implement a unique ing between the MAC address and the IP address.. Now the problem is how to configure the DHCP server.

DHCP Configuration

The server I use is Red Hat Enterprise Linux 6.2. I will not introduce DHCP installation here. There are a lot of online servers. Here I will only explain whether DHCP commands are installed on the server:

rpm -qa | grep dhcp

If the preceding command is output, DHCP is installed on the server.

The default configuration file of the DHCP service is in/etc/dhcp/dhcpd. conf (it seems that the DHCP configuration file in earlier versions of linux is in/etc/dhcpd. conf, so pay attention to it ). DHCP is started through its configuration file. If all the configurations in the configuration file are correct, the DHCP service can be started normally. If you are a newbie, we recommend that you directly use the configuration file contained in the DHCP Installation File and modify it based on it to avoid many unnecessary errors, at that time, I wrote the configuration file according to some examples on the Internet, which made me suffer a lot. Run the following command to copy the configuration file template:

Cd/etc/dhcp/cp/usr/share/doc/dhcp-3.0pl1/dhcpd. conf. sample dhcpd. conf // copy the configuration file template vim/etc/dhcp/dhcpd. conf // use vi to modify/etc/dhcpd. conf

The purpose of the configuration is to bind the MAC address to a specific IP address. In order to better understand DHCP, the following describes how DHCP works:

Assume that multiple computers are in the same domain. That is to say, the DHCP Server and its Clients are both in the same CIDR Block and can communicate with each other through software broadcasting. The IP address obtained by the Client through the DHCP Server is:

1. If the Client computer sets the DHCP protocol to obtain network parameters, the Client computer will start up or restart the NIC, the DHCP Client request is automatically sent to each computer in the domain. At this time, because the sent message is expected to be accepted by each computer, the message is not only the hardware address (MAC) of the network card) the source software of the message must be set to 0.0.0.0, And the destination address is 255.255.255.255.255 (automatically set in linux ). Other computers in the domain that do not provide the DHCP service will automatically discard the packet after receiving the packet without responding.

2. DHCP host Response Message: If the DHCP host receives the DHCP request from the Client, then, the DHCP host will first compare the set values of the MAC and DHCP hosts carried by the request message, if the DHCP host is set to provide a static IP address for the MAC address (a fixed IP address is given each time), the Client-related fixed IP address is provided with relevant network parameters; if the MAC address of the message is not set in the DHCP host, the DHCP host selects the IP address not used in the current domain (this IP address is related to the setting value) to the client.

3. The Client accepts network parameters from the DHCP host and sets the Client's network environment: after the Client receives the response, it first sends a message in the domain using ARP packets, to confirm that the IP address from the DHCP host is not occupied. If the IP address is already in use, the Client will not accept the DHCP information this time, but will broadcast packets to the network for DHCP requests again. If the IP address is not in use, the client can accept the network parameters provided by the DHCP host. These parameters will be used in the network settings of the client, and the Client will also send a confirmation packet to the DHCP host, tell the server that this requirement has been confirmed, and the server will record this information.

4. The Client ends the right to use the IP Address: when the Client starts to use the IP address issued by DHCP, the right to use the IP address may be lost in several cases: the Client is offline (whether it is to disable the network interface, re-boot, shutdown, or so on). At this time, the server recycles the IP address, and put it in the server's standby zone, waiting for future use); Client-end lease expiration (the IP address issued by the DHCP server has its validity period, when the Client uses this IP address for the specified period of time, the Client needs to return the IP address after the specified period of time when the Client uses this IP address, which may cause a disconnection, the client can also request an IP address to be assigned again to the DHCP host ).

The following is a configuration file written based on the DHCP configuration file template, which implements the MAC address: 66: 66: 66: 66: 66: 0b and IP Address: binding between 192.168.0.88. You can bind more MAC addresses and IP addresses as needed.

# dhcpd.conf## Sample configuration file for ISC dhcpd## Use this to enble / disable dynamic dns updates globally.ddns-update-style none;ignore client-updates;# If this DHCP server is the official DHCP server for the local# network, the authoritative directive should be uncommented.#authoritative;# Use this to send dhcp log messages to a different log file (you also# have to hack syslog.conf to complete the redirection).#log-facility local7;# No service will be given on this subnet, but declaring it helps the # DHCP server to understand the network topology.# This is a very basic subnet declaration.# A slightly different configuration for an internal subnet.subnet 192.168.0.0 netmask 255.255.255.0 {  range 192.168.0.30 192.168.0.39;  option domain-name-servers 192.168.0.31;  option domain-name "wan.hust.china";  option routers 192.168.0.1;  option broadcast-address 192.168.0.255;  default-lease-time 21600;  max-lease-time 43200;  host pc001 {  hardware ethernet 66:66:66:66:66:0b;  fixed-address 192.168.0.88;  }}

The command to start the DHCP service is as follows:

Service dhcpd start # start DHCP service dhcpd status # view DHCP status

To start the DHCP service, run the following command:

chkconfig --level 345 dhcpd on 

So far, DHCP configuration is complete.

QEMU-KVM Virtual Machine creation settings

Now, you can indirectly specify the IP address by specifying the MAC address when creating the VM:

/usr/local/qemu-kemari-v0.2.14/bin/qemu-system-x86_64 -m 1024 /images/test2.img -net nic,mac=66:66:66:66:66:0b -net tap,ifname=tap1,script=/etc/qemu-ifup,downscript=no -vnc :6 -enable-kvm

Open the virtual machine to view the NIC information of the virtual machine, you can see that the virtual machine IP address is configured.

Note: When both virtual machines specify the same MAC address bound to a specific IP address, DHCP does not report an error, but assigns this specific IP address to both virtual machines.. Below are some posts I have found on the Internet to explain that two computers in the same CIDR block can have the same IP address and MAC address: Actually, they can, you can change the IP address and MAC address of the two computers to the same one, not only for Internet access, but also for IP address conflict. This method can not only break through the routing blocking, but also be used in the Internet environment with IEEE802.1X authentication, however, the premise is that you must use the same account to dial the internet (the premise authentication server does not set up the repetition of the verification account), my computer is connected to the internet through the school campus network, the client uses the 802.1x Authentication client software "STAR Supplicant dial-up software" to dial the internet, in our school, we can change the IP addresses and MAC addresses of the two machines to the same, and then use the same account to share the internet, however, in our school, we can only share the Internet with two computers in the same dormitory, because our school server not only verifies the account, ip address, MAC also verifies the Access Server IP (nas ip), and the access server port (NAS port). Different dormitories are connected to different ports on the school switch, therefore, only the same dormitory can share the internet.
As for why it does not cause IP conflicts and the Internet can be accessed, this is because ARP DefectsThe system prompts "IP conflict" because the ARP in TCP/IP broadcasts a free ARP packet when the system starts) the request packet is sent to the network segment. This ARP (free arp) packet contains its own IP address and MAC address. If the network segment responds to this packet, this broadcasting machine will think that there are other machines in the LAN that use the same IP address as their own,
For example, the IP addresses of pc a and pc B are exactly the same as those of MAC. When the system starts, PC A broadcasts A free ARP (free arp) request packet containing its own IP address and MAC address to the network segment, if pc B responds to this request, PC A considers that its IP address conflicts with the IP address on the network and sends A prompt (this is why the IP address conflict usually occurs when the system is just started ), the problem is that pc B will not respond to this request packet because the IP address of this request packet is exactly the same as that of MAC and pc B, while pc B will regard it as its own package, so there is no response. Since there is no response, there will naturally be no IP conflict.
Well, let me explain the next question: will the IP addresses of the two machines be the same as those of the MAC server, leading to the inability to access the Internet:
If yes, how can I partition the data of the hardware devices on the network ?? We all know that hardware addresses are used for communication in the LAN. Layer 2 devices (such as switches) in the LAN maintain an address table, the address table records the MAC corresponding to each port of the device (Note: it is not the MAC of the port, but the MAC of the device connected to the port ), the device must pass the address learning status to know the MAC address corresponding to these ports. When a frame passes through a specified port of the device, the device checks the source address and destination address of the frame, then compare the address table to check whether the corresponding item of the source address exists in the address table. If the source address does not exist, the port will change to "address learning status ", save the address in the address table to form a new table item. If both PCA and PCB are connected to the same switch, the switch goes through the address learning status, there are two identical address entries in the address table, but their corresponding ports are different. When the switch receives an external destination address as this address (the same MAC address of PCA and PCB) the address table is checked. After the address table is checked, two table items with the same address exist, the switch will forward the frame to the port corresponding to the two table items. Forwarding to the two ports is not clear ).
The same is true for vrouters. The router address table is a route table and stores IP addresses instead of hardware addresses.
The PCA and PCB connected to these two ports will receive the same frame. Since the same frame will be received, how can the computer know which frames are what they want? This depends on the upper-layer TCP/IP protocol. Although the network adapter receives this frame, the upper-layer protocol can also be used as a filter, when a TCP/IP network interface layer (also called the link layer) receives a frame, it checks the frame type in the frame header. If it is an ARP type, it is handed over to the ARP protocol for processing, if the RARP type is used, it will be handed over to the RARP protocol. If the IP type is used, the frame header will be removed and the frame will be transmitted to the previous layer (that is, the network layer for processing ), the network layer is used based on the protocol type in the packet header (the IP packet is called when the frame header is removed). If the TCMP type is used, the packet is sent to the ICMP protocol for processing. If the IGMP type is used, the packet is sent to the IGMP protocol for processing, if it is TCP or UDP, the packet header is removed and handed over to the previous layer (that is, the transport layer) for chip processing. After the IP packet header is removed, it is called packet segmentation (Unit of the transport layer ), similarly, the transport layer checks the packet segment header for further use. If the packet type is TCP, the packet is sent to the TCP protocol for processing. If the packet type is UDP, the packet is sent to the UDP protocol for processing, TCP or UDP will be handed over to the application layer based on the "Destination Port Number" in the header of the packet segment (to the application layer) The user process at the application layer determines whether to receive the data based on the "Port Number". For example, a QQ process opens the UDP 1324 port, the UDP protocol at the transport layer will send all received packets with the "Destination Port Number" of 1324 to QQ in segments, so that the whole process of receiving data is completed. Although both computers receive data frames that are not their own, they may be lost when they hand over frames to the upper-layer protocol chip, for example, the QQ process at the application layer will not receive data packets other than the "Destination Port Number" 1324, because the data has been discarded before the application layer.

In theory, the same MAC address is allowed in the same LAN. Why can PCs with the same MAC address run in the same network segment? First, we need to make it clear that the communication in the LAN is frame-based, that is, the MAC address we usually call rather than the IP address. Secondly, routers (especially the routes used by our family at ordinary times, such as tplink) or switches (such as cisco) exchange data based on mac-table in the LAN. In addition, these tables have specific lifetime, not static. Assume that two PCs (PC1 and PC2) have the same MAC address and are connected to the two ports (port1 and port2) of the router (or vswitch) respectively, pc1 first initiates a request to connect the server of the ghost game, then the mac address of PC1 will be added to port1 on the vro (or vswitch) in mac-table, when the defender game server responds to the request, the router will also forward the information to port1 to PC1. Similarly, when PC2 also needs to log on to the defender game server, the process is the same. However, the mac-table of the vro is dynamic. When pc1 requests a connection and the port corresponding to this mac address is recorded as port1 by the vro, pc2 suddenly initiates a request to connect to the Warcraft server, then, the mac-table of the vro changes the corresponding port of the MAC address and changes the port of the mac address to port2. Then, the Response Message of pc1 is sent directly to pc2, as a result, pc1 cannot access the Internet. Of course, this is rare, because the request response is completed within several seconds or even dozens of milliseconds.
This also explains why one PC experiences a network disconnection when receiving a large amount of data.