KVM Virtual Machine Network Configuration bridge mode, Nat mode

Summary: Two ways to configure a KVM virtual Machine network: NAT and bridge. The configuration principle and procedure of bridge mode. The bridge approach applies to virtualization of server hosts. The NAT approach applies to virtualization of desktop hosts.

Network structure diagram for NAT:



Bridge's network structure see diagram:

Bridge mode
problem

After the client installation is complete, you need to set up a network interface for it to communicate with the host network, the client network. In fact, if you want to use network traffic at installation time, you need to set up a client's network connection in advance.

There are two ways to have a KVM client network connection: A user network: A simple way for a virtual machine to access resources on a host, internet, or local network, but not access to clients from a network or other client, which requires significant performance adjustments. Networking Nat Way. Virtual Bridge: This approach is more complex than the user network, but with the client and the Internet set up, communication between the client and the host is easy. Bridge Way.

This article mainly explains the configuration of bridge mode.

Bridge Mode principle

Bridge mode is the network connection mode of virtual bridges, and the machines inside the client and subnet can communicate with each other. you can make a virtual machine a host with independent IP on your network .

Bridging networks (also called physical device sharing) are used to replicate a physical device to a virtual machine. The network bridge is used as the advanced setting, especially the host multiple network interfaces.

As pictured above, the basic principle of the bridge is to create a bridging interface Br0, which transmits data between the physical and virtual network interfaces.

the application scope of bridge mode

Server host virtualization.

Network Bridge mode configuration steps

1, edit and modify the network device script file, increase the network Bridge equipment br0

Vi/etc/sysconfig/network-scripts/ifcfg-br0
Device= "Br0"
onboot= "Yes"
Type= "Bridge"
Bootproto=static
ipaddr=10.0.112.39
netmask=255.255.255.0
gateway=10.0.112.1
Defroute=yes

The configuration above configures the virtual NIC to the 10.0.112.* network segment. If you do not need a static address, you can mask the dependencies of the configuration address. Such as:

Device= "Br0"
onboot= "Yes"
Type= "Bridge"
Bootproto=dhcp

2, Edit and modify the network device script file, modify the NIC device eth0

Device= "Eth0"
Nm_controlled= "No"
onboot= "Yes"
Type=ethernet
Bootproto=none
Bridge= "Br0"
Name= "System eth0"
Hwaddr=44:37:e6:4a:62:ad

Nm_controlled This property value, the Redhat company's document must be set to "no" (this value is "yes" to be managed by the service NetworkManager). The NetworkManager service does not support bridging, so it is set to "no". , but actually found no problem setting to Yes. Communication is normal.

3. Restart Network Services

#service Network Restart

4, check Bridge interface

#brctl Show
Bridge name Bridge ID STP enabled interfaces
Br0 8000.4437E64A62AD No eth0

Client Configuration

When the client is installed, be aware that the network will choose to use the Br0 bridging method.

Graphical approach:

Text mode:

Edit the virtual machine configuration file/etc/libvirt/qemu/v1.xml to add the following

<interface type= ' bridge ' >
<mac address= ' 52:54:00:da:c3:dc '/>
<source bridge= ' br0 '/>
<model type= ' Virtio '/>
<address type= ' PCI ' domain= ' 0x0000 ' bus= ' 0x00 ' ' slot= ' 0x03 ' ' function= ', ' 0x0 '
</interface>

Verify that the network interface is normal after the virtual machine is started:

# brctl Show
Bridge name     Bridge id                STP enabled     Interfaces
br0              8000.4437e64a62ad       No               eth0
                                                                                   VNET0

Nat Way Impact

The configuration of the bridge mode and the virtual Machine Support module installation of the Virtual Network Bridge interface Virbr0 does not have any relationship, configure the Network bridge mode, you can virbr0 interface (that is, the default virtual network in the NAT mode) deleted.

# Virsh Net-destroy Default
# Virsh Net-undefine Default
# Service LIBVIRTD Restart

=================================hzhsan: I am a handsome and low-key do divider line ================================================

Nat Way problem

After the client installation is complete, you need to set up a network interface for it to communicate with the host network, the client network. In fact, if you want to use network traffic at installation time, you need to set up a client's network connection in advance.

There are two ways to have a KVM client network connection: A user network: A simple way for a virtual machine to access resources on a host, internet, or local network, but not access to clients from a network or other client, which requires significant performance adjustments. Networking Nat Way. Virtual Bridge: This approach is more complex than the user network, but with the client and the Internet set up, communication between the client and the host is easy. Bridge Way.

This article mainly explains the configuration of NAT mode.
The principle of NAT mode

NAT is the default method after KVM installation. It supports the exchange of hosts and virtual machines, while also supporting virtual machines to access the Internet, but does not support outside access to virtual machines.

Check the current network settings:

#virsh net-list--all
Name State Autostart
-----------------------------------------
Default Active Yes

Default is installed automatically when the host hosts the virtual machine support module.

Check the current network interface:

#ifconfig
Eth0 Link encap:ethernet hwaddr 44:37:e6:4a:62:ad
Inet6 ADDR:FE80::4637:E6FF:FE4A:62AD/64 Scope:link
Up broadcast RUNNING multicast mtu:1500 metric:1
RX packets:987782 errors:0 dropped:0 overruns:0 frame:0
TX packets:84155 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:109919111 (104.8 MiB) TX bytes:12695454 (12.1 MiB)
Interrupt:17

Lo Link encap:local Loopback
inet addr:127.0.0.1 mask:255.0.0.0
Inet6 addr::: 1/128 scope:host
Up loopback RUNNING mtu:16436 metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:240 (240.0 b) TX bytes:240 (240.0 b)

Virbr0 Link encap:ethernet hwaddr 52:54:00:b9:b0:96
inet addr:192.168.122.1 bcast:192.168.122.255 mask:255.255.255.0
Up broadcast RUNNING multicast mtu:1500 metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:2126 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0  (0.0 b) TX bytes:100387 (98.0 KiB)

Virbr0-nic Link encap:ethernet hwaddr 52:54:00:b9:b0:96
Broadcast Multicast mtu:1500 metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0  (0.0 b) TX bytes:0 (0.0 b)

The VIRBR0 is a virtual network interface generated by the host virtual Machine Support module installation, and is also a switch and bridge, responsible for distributing the content to each virtual machine.

The interface relationships generated by several virtual machine management modules are shown below:

As can be seen from the graph, there is no connection between the virtual interface and the physical interface, so the virtual machine can only access the external world through the virtual network and cannot locate and access the virtual host from the network .

Virbr0 is a bridge that receives all the content that is 192.168.122.* to the network. You can verify from the following command:

# Brctl Show
Bridge name Bridge ID STP enabled interfaces
Virbr0 8000.525400b9b096 Yes Virbr0-nic

# route
Kernel IP Routing Table
Destination Gateway genmask Flags Metric Ref use Iface
192.168.122.0 * 255.255.255.0 U 0 0 0 virbr0

At the same time, the virtual Machine support module modifies the iptables rule by using commands to view:

# iptables-t Nat-l-NV
Chain prerouting (Policy ACCEPT 16924 packets, 2759K bytes)
Pkts bytes Target prot opt in Out source destination
Chain postrouting (Policy ACCEPT 2009 packets, 125K bytes)
Pkts bytes Target prot opt in Out source destination
421 31847 Masquerade All--* * 192.168.122.0/24!192.168.122.0/24-----------> This is the key, it is configured with NAT features.
Chain OUTPUT (Policy ACCEPT packets, 125K bytes)
Pkts bytes Target prot opt in Out source destination

# iptables-t Filter-l-NV
Chain INPUT (Policy ACCEPT 0 packets, 0 bytes)
Pkts bytes Target prot opt in Out source destination
1 ACCEPT UDP--virbr0 * 0.0.0.0/0 0.0.0.0/0 UDP dpt:53----> automatically written by Libvirt script
0 0 ACCEPT TCP--Virbr0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:53----> automatically written by Libvirt script
3 984 ACCEPT UDP--virbr0 * 0.0.0.0/0 0.0.0.0/0 UDP dpt:67----> automatically written by Libvirt script
0 0 ACCEPT TCP--Virbr0 * 0.0.0.0/0 0.0.0.0/0 TCP dpt:67----> automatically written by Libvirt script
178K 195M ACCEPT All--* * 0.0.0.0/0 0.0.0.0/0 State related,established----&G System presets for T;iptables
2 ACCEPT ICMP---* 0.0.0.0/0 0.0.0.0/0---->iptables system preset
1148 216K ACCEPT All--Lo * 0.0.0.0/0 0.0.0.0/0---->iptables system preset
1 ACCEPT TCP--* * 0.0.0.0/0 0.0.0.0/0 State NEW TCP dpt:22---->iptables The System preset
16564 2721K REJECT All--* * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited- System Presets for--->iptables
Chain FORWARD (Policy ACCEPT 0 packets, 0 bytes)
Pkts bytes Target prot opt in Out source destination
3726 3485K ACCEPT All--virbr0 0.0.0.0/0 192.168.122.0/24 State related,established----> Automatically written by Libvirt script
3491 399K ACCEPT All--virbr0 * 192.168.122.0/24 0.0.0.0/0----> automatically written by Libvirt script
0 0 ACCEPT All--virbr0 virbr0 0.0.0.0/0 0.0.0.0/0----> automatically written by Libvirt script
0 0 REJECT all&