Networking with kvm and libvirt

27 April 2007

When you’re using kvm to run virtual machines, you more than likely also want them to have some sort of network access. There’s two very basic setups that seem useful:

  1. Create a private network on the host that gets NAT'd to the 'outside', similar to how your home network is set up behind your DSL router. This setup is useful for laptops, or more generally, when you don't have infrastructure such as a DHCP or DNS server on your network yet.
  2. Bridge all the guests to the network the host is running on, and forward all traffic, including DHCP, DNS, etc. to the outside network. This is the setup you want if you already have DHCP and DNS servers somewhere, and have a stable, wired connection on the host. It's also what Xen does by default, and therefore pretty familiar to a lot of people

1. Private network for the guests

This configuration is, thanks to some recent additions to libvirt, available by default. Recent versions of libvirt, e.g. the 0.2.2 in rawhide, set everything up by default, and all you need to do is to make sure the virt-install command you use to create the guest looks something like %% virt-install –accelerate –hvm –connect qemu:///system \ –network network:default \ … usual options for memory/disk files/boot CD … %% (Of course, if you’re using virt-manager, this is a simple matter of pointing and clicking the right thing ;) )

If you have dnsmasq installed, and you should, libvirt will start dnsmasq to provide DHCP and DNS for the guests on the default network, and you’ll have your very own, completely enclosed network for the guests, that is NAT’d and forwarded over the host’s physical network connections.

If you’re curious, the default network is described in the file /etc/libvirt/qemu/networks/default.xml If you make changes to it, you need to let libvirt know by using the virsh net-* commands.

2. Xen-like bridging

Assuming you have one physical NIC on your host, and you want to bridge all the guests onto the physical network, you need to setup a bridge for that and enslave the physical NIC to it. We’ll call the bridge eth0 and the physical device peth0. Note that the bridge device eth0 is the one that receives an IP address. With that, you need to put two files into /etc/sysconfig/network-scripts: the file ifcfg-peth0 should be %% DEVICE=peth0 ONBOOT=yes BRIDGE=eth0 HWADDR=XX:XX:XX:XX:XX:XX %% and the file ifcfg-eth0 should be %% DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes TYPE=Bridge %%

You also want to add an iptables rule that allows forwarding of packets on the bridged physical NIC (otherwise DHCP from your guests won’t work): %% # service iptables start # iptables -I FORWARD -m physdev –physdev-is-bridged -j ACCEPT # service iptables save %%

You can now create your guests and add them to the bridge by running virt-install like so: %% virt-install –accelerate –hvm –connect qemu:///system \ –bridge eth0 \ … usual options for memory/disk files/boot CD … %%

Creative Commons License Watzmann.Blog by David Lutterkort is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.

Generated with Jekyll