Virtual machine networking

Connecting to your virtual machine

To view the console of your virtual machine you can either use the Virtual Machine Manager (select your virtual machine (VM) and choosen Open). Or you can use virt-viewer, e.g. for a guest sl1:

$ virt-viewer -c qemu:///system sl1

The advantage of virt-viewer is that it is a single command for a single purpose and can easily be run when logged into a remote system with X11 forwarding (i.e. ssh -Y or ssh -X).

Ideally, however, you will not be working on the virtual machine console but rather connecting over the network. This is a much faster way of working on virtual machines without a GUI. The console is useful for doing initial network configuration on the virtual machine guest, but first we must consider how the virtual machine is connected to the network.

There are two major ways that virtual machine networking can be configured using libvirt: bridged and NATted. The default (shown in the above examples) is to use the virtual machine host as a router and place the virtual machine behind a Network Address Translation (NAT) device, as illustrated for vm1 here:

VM networking

In NATted configuration, a virtual network interface on the host machine and a virtual network interface on the virtual machine are both attached to a virtual bridge device. This can be seen using brctl to enquire into the state of the virtual bridge:

$ brctl show virbr0
bridge name bridge id       STP enabled interfaces
virbr0      8000.525400a501ba   yes     virbr0-nic
                                              vnet0

The vnet0 device is the network device on the guest virtual machine. By default the 192.168.122.0/24 network is assigned for the default virtual machine network. Networks configuration is saved as XML files in /etc/libvirt/qemu/networks and the default network XML file looks like this:

<network>
  <name>default</name>
  <uuid>6195d992-0253-4cf6-9c32-a13a13e5122f</uuid>
  <bridge name="virbr0" />
  <mac address='52:54:00:A5:1:BA'/>
  <forward/>
  <ip address="192.168.122.1" netmask="255.255.255.0">
    <dhcp>
      <range start="192.168.122.2" end="192.168.122.254" />
    </dhcp>
  </ip>
</network>

As can be seen this network provides a DHCP server so that the virtual machine can get an IP address without needing static IP configuration. Traffic is forwarded through the host machine’s network interface (NAT is the default forwarding configuration) and masqueraded so that it appears to come from the host machine. This is done using the nat table of iptables. If any port forwarding needs to be configured for servers running on the virtual machine, it must also be done using iptables.

The alternative to NATted configuration is to connect both the host machine and the virtual machine guest to a virtual bridge and connect that to the physical network. In this scenario (shown as vm2) the virtual machine has direct access to the physical network and is may be allocated an IP address by whatever DHCP is running on that physical network segment. This configuration means that the virtual machine will be outside the iptables configuration of the host and directly exposed to network traffic.

Setting up bridged networking

To use bridged networking, first the bridge on the host machine should be configured and the IP address used by the host machine’s Ethernet port should be transferred to the bridge. This requires the bridge-utils package which should have been installed as a dependency by the above yum command. Drawing on the aforementioned howto, a bridge can be configured by:

  • Removing the IP address configuration from the existing networking configuration script
  • Adding a new network configuration script (e.g. /etc/sysconfig/network-scripts/ifcfg-br0) similar to this one:

    DEVICE=”br0″ NM_CONTROLLED=”yes” ONBOOT=yes TYPE=Bridge BOOTPROTO=none IPADDR=192.168.0.100 PREFIX=24 GATEWAY=192.168.0.1 DNS1=8.8.8.8 DNS2=8.8.4.4 DEFROUTE=yes IPV4_FAILURE_FATAL=yes IPV6INIT=no NAME=”System br0″

  • Restarting networking with service network restart

A new network can be added either using the Virtual Machine Manager (by selecting the hypervisor, right-clicking and selecting Details and then adding a virtual network in the Virtual Networks tab) or using virsh. For the virsh route first define the XML (e.g. in net.xml):

<network>
        <name>host-bridge</name>
        <forward mode="bridge"/>
        <bridge name="br0"/>
</network>

And then define and start the network:

$ virsh -c qemu:///system net-define net.xml 
Network host-bridge defined from net.xml

$ virsh -c qemu:///system net-start host-bridge
Network host-bridge started

Once the bridge is defined it can be used on an already defined guest by adding a device using virt-manager (you can also of course choose bridged networking when you define a virtual machine for the first time). In Virtual Machine Manager choose your virtual machine (VM) and select Open. Then select the i button to Show virtual hardware details and the Add hardware. Select Host device as Virtual network ‘host-bridge’ and Device model as virtio. You can click Finish and then, if you only want a single device, delete the existing NATted device.

This can also be done with virsh as this guide explains. So for a virtual machine named sl1 and the host-bridge network do:

virsh -c qemu:///system attach-interface sl1 network host-bridge\
    --persistent --model virtio

Using virsh you can list the interfaces for a domain using:

$ virsh -c qemu:///system domiflist head
Interface  Type       Source     Model       MAC
-------------------------------------------------------
-          network    default    virtio      52:54:00:e9:22:d7

Once you have chosen and set up your virtual machine networking, configure the virtual machine guest to connect to the network, note the IP address used by the virtual machine and now you should be able to connect to it using ssh.

Leave a Reply

Your email address will not be published. Required fields are marked *