RedHat/centos6.2 x86 system KVM Virtual Machine network configuration (I)-Nat Mode

Abstract: two methods are available for KVM Virtual Machine network configuration: Nat and bridge. NAT configuration principles and procedures. Nat is applicable to desktop host virtualization.

Problem

After the client is installed, you need to set up a network interface for it to communicate with the host network and the client network. In fact, to use network communication during installation, you need to set the network connection of the client in advance.

There are two methods to connect the KVM client to the network:

• User networking: a simple way for virtual machines to access resources on the host, Internet, or local network, but not from the network or other clients, performance also needs to be greatly adjusted. Nat mode.
• Virtual Bridge: This method is more complex than the user's network, but after the configuration, the client and the Internet, the communication between the client and the host is easy. Bridge Mode.

This document describes how to configure Nat.

Nat principles

Nat is the default mode after KVM is installed. It supports mutual access between hosts and virtual machines, and also supports virtual machines to access the Internet, but does not support external access to virtual machines.

Check the current network settings:

# Virsh net-list -- all
Name state autostart
-----------------------------------------
Default active Yes

Default is automatically installed when the VM support module is installed on the host.

Check the current network interface:

# Ifconfig
Eth0 link encap: Ethernet hwaddr 44: 37: E6: 4A: 62: ad
Inet6 ADDR: fe80: 4637: e6ff: fe4a: 62ad/64 scope: Link
Up broadcast running Multicast MTU: 1500 Metric: 1
RX packets: 987782 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 84155 errors: 0 dropped: 0 overruns: 0 carrier: 0
Collisions: 0 FIG: 1000
RX Bytes: 109919111 (104.8 MIB) TX Bytes: 12695454 (12.1 MIB)
Interrupt: 17

Lo link encap: local loopback
Inet ADDR: 127.0.0.1 mask: 255.0.0.0
Inet6 ADDR: 1/128 scope: Host
Up loopback running MTU: 16436 Metric: 1
RX packets: 4 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 4 errors: 0 dropped: 0 overruns: 0 carrier: 0
Collisions: 0 txqueuelen: 0
RX Bytes: 240 (240.0 B) TX Bytes: 240 (240.0 B)

Virbr0 link encap: Ethernet hwaddr 52: 54: 00: B9: B0: 96
Inet ADDR: 192.168.122.1 bcast: 192.168.122.255 mask: 255.255.255.0
Up broadcast running Multicast MTU: 1500 Metric: 1
RX packets: 0 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 2126 errors: 0 dropped: 0 overruns: 0 carrier: 0
Collisions: 0 txqueuelen: 0
RX Bytes: 0 (0.0 B) TX Bytes: 100387 (98.0 kib)

Virbr0-nic link encap: Ethernet hwaddr 52: 54: 00: B9: B0: 96
Broadcast multicast MTU: 1500 Metric: 1
RX packets: 0 errors: 0 dropped: 0 overruns: 0 frame: 0
TX packets: 0 errors: 0 dropped: 0 overruns: 0 carrier: 0
Collisions: 0 FIG: 500
RX Bytes: 0 (0.0 B) TX Bytes: 0 (0.0 B)

Among them, virbr0 is a virtual network interface generated when the host machine support module is installed. It is also a switch and bridge that distributes content to various virtual machines.

The interface relationships generated by several virtual machine management modules are as follows:

As can be seen from the figure, there is no connection between the virtual interface and the physical interface, so the virtual machine can only access the external world through the virtual network, and cannot locate and access the virtual host from the network.

Virbr0 is a bridge that receives all contents of network 192.168.122. Run the following command to verify:

# Brctl show
Bridge name bridge id stp enabled Interfaces
Virbr0 8000.525400b9b096 Yes virbr0-nic

# Route
Kernel IP routing table
Destination gateway genmask flags metric ref use iface
192.168.122.0*255.255.255.0 u 0 0 0 virbr0

In addition, the virtual machine support module modifies the iptables rules. You can view the rules by running the following command:

# Iptables-T nat-L-NV
Chain prerouting (Policy accept 16924 packets, 2759 K bytes)
Pkts bytes target prot opt in out source destination
Chain postrouting (Policy accept 2009 packets, 125 k bytes)
Pkts bytes target prot opt in out source destination
421 31847 masquerade all -- ** 192.168.122.0/24! 192.168.122.0/24 -----------> This is the key. It configures the NAT Function.
Chain output (Policy accept 2011 packets, 125 k bytes)
Pkts bytes target prot opt in out source destination

# Iptables-T filter-L-NV
Chain input (Policy accept 0 packets, 0 bytes)
Pkts bytes target prot opt in out source destination
1 74 accept UDP -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt: 53 ----> automatically written by libvirt script
0 0 accept TCP -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt: 53 ----> automatically written by libvirt script
3 984 accept UDP -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt: 67 ----> automatically written by libvirt script
0 0 accept TCP -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt: 67 ----> automatically written by libvirt script
178 K 195 m accept all -- ** 0.0.0.0/0 0.0.0.0/0 state related, established ----> iptables system preset
2 168 accept ICMP -- ** 0.0.0.0/0 0.0.0.0/0 ----> iptables system preset
1148 216 K accept all -- lo * 0.0.0.0/0 0.0.0.0/0 ----> iptables system preset
1 60 accept TCP -- ** 0.0.0.0/0 0.0.0.0/0 state New tcp dpt: 22 ----> iptables system preset
16564 2721 K reject all -- ** 0.0.0.0/0 0.0.0.0/0 reject-with ICMP-host-prohibited ----> iptables system preset
Chain forward (Policy accept 0 packets, 0 bytes)
Pkts bytes target prot opt in out source destination
3726 3485 K accept all -- * virbr0 0.0.0.0/0 192.168.122.0/24 state related, established ----> automatically written by libvirt script
3491 399 K accept all -- virbr0 * 192.168.122.0/24 0.0.0.0/0 ----> automatically written by libvirt script
0 0 accept all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0 ----> automatically written by libvirt script
0 0 reject all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with ICMP-Port-unreachable ----> automatically written by libvirt script
0 0 reject all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with ICMP-Port-unreachable ----> automatically written by libvirt script
0 0 reject all -- ** 0.0.0.0/0 0.0.0.0/0 reject-with ICMP-host-prohibited ----> iptables system preset
Chain output (Policy accept 181 K packets, 138 M bytes)
Pkts bytes target prot opt in out source destination

If no default exists, or you need to expand your own virtual network, you can run the command to reinstall Nat.

Applicable scope of NAT Methods

Desktop host virtualization.

Procedure

# Virsh net-Define/usr/share/libvirt/networks/Default. xml

This command defines the content of default. XML in a virtual network:

<Network>
<Name> default </Name>
<Bridge name = "virbr0"/>
<Forward/>
<IP address = "192.168.122.1" netmask = "255.255.255.0">
<DHCP>
<Range start = "192.168.122.2" End = "192.168.122.254"/>
</DHCP>
</IP>
</Network>

You can also modify XML to create your own virtual network.

Mark as auto start:

# Virsh net-autostart default
Network default marked as autostarted

Start the network:

# Virsh net-start default
Network default started

After the network is started, run the brctl show command to view and verify it.

Modify the parameters in/etc/sysctl. conf to allow IP forwarding:

Net. ipv4.ip _ forward = 1

Client installation

Note that you must use NAT for the network when installing the client.

Graphical Method:

Text mode:

Edit and modify the virtual machine configuration file/etc/libvirt/qemu/v1.xml, and add the following content:

<Interface type = 'network'>
<MAC address = '52: 54: 00: 4f: 1b: 07 '/>
<Source network = 'default'/>
<Model type = 'virtio '/>
<Address type = 'pci 'domain = '0x0000' bus = '0x00' slot = '0x03' function = '0x0'/>
</Interface>

Verify that the network interface is normal after the VM is started:

# Brctl show
Bridge name bridge id stp enabled Interfaces
Virbr0 8000.525400b9b096 Yes virbr0-nic
Vnet0

Influence of Bridge Mode

The interfaces configured in the bridge mode have no effect on the NAT mode, because the NAT mode does not use the physical Nic. But as a client, you can only select one of them.

Reference: Bridge Mode

The bridge mode is the network connection mode of the virtual bridge, which enables the client and the machines in the subnet to communicate with each other. Virtual machines can become hosts with independent IP addresses in the network.

Bridge configuration and principles.