KVM/libvirt虚机网络配置

8150阅读 0评论2015-05-19 guofs123
分类:虚拟化

libvirt网络xml配置

libvirt主机xml文件配置

-------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------
KVM网络配置  概述
-------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------
在较新版本的KVM中,网络有如下三种:
其一:用户定义网络模式(Usermode Networking)
     每个网络都有自己的配置文件(位于/etc/libvirt/qemu/networks目录),
     若将网络在开机时自动启动,需将配置文件链接到/etc/libvirt/qemu/networks/autostart目录.
其二:Bridge模式
     使用桥接方式(Bridged Networking),外部的机器可以直接联通到虚拟机,就像联通到你的主机一样
其三:MacvTap模式
     比较新的 kvm 中支持。基于原先的 MacVlan + tun。
     原理是创建一个 tun 设备,直接绑定到指定的(物理)端口进行收发包,在系统中生成 类似格式的虚拟网卡。

 

 


用户定义网络模式
-------------------------------------------------------------------------------------------------
help
   
说明
     所谓用户模式网络,即是采用libvirt的网络配置文件xml定义的网络,
     在libvirt中,允许用户可以采用xml文件来自定义网络,供虚拟机使用,
     有关常用命令如下:
         #touch /etc/libvirt/qemu/networks/gfs-net.xml     //定义一个网络配置文件
         #vi /etc/libvirt/qemu/networks/gfs-net.xml        //编辑网络配置文件
         ...
        
           gfs-network                                //网络名称,可以与配置文件名称不一致.
                                             //配置网络的转发类型,有:nat,bridge,route,private(uses a macvtap "direct"),vepa(uses a macvtap "direct"),passthrough(uses a macvtap "direct"),hostdev等几种.
           ...
        

         ...
         #virsh net-define /etc/libvirt/qemu/networks/gfs-net.xml   //语法检查
         #virsh net-start  gfs-network                              //启动该配置文件,即将配置生效到libvirt系统中.
         #virsh net-autostart gfs-network                           //将该网络在开机自动启动.
         #virsh net-destroy gfs-network                             //中止某个网络.
         #virsh net-list                                            //查看网络

     虚拟机引用用户定义的网络时,需进行如下配置,例如:
         #vi /etc/libvirt/qemu/winxp-1.xml
         ...
                              //type值必须为'network'
              
                         //指定自定义的网络名称.
              
              


            
         ...
        
     提示:
         在openvswitch与libvirt配合中,会采用自定义网络方式中的bridge类型.

     例如:
        /etc/libvirt/qemu/networks/default.xml
        这是libvirt自带的网络配置文件,实现NAT方式外出访问,虚拟机获取一个私有 IP(例如 192.168.122.0/24 网段的),并通过本地主机的 NAT 访问外网。
        它创建一个本地网桥 virbr0,包括两个端口:virbr0-nic 为网桥内部端口,vnet0 为虚拟机网关端口(192.168.122.1)。

 

NAT结构(/etc/libvirt/qemu/networks/default.xml)类型


                                 KVM宿主   
---------------------------------------------------------------------------       
               网络结构                                  虚拟主机 
+--------------------------------------+          +------------------+
|                                      |          |                  |
|                              +-------|          |---------+        |
|                       +------| vnet0 |----------|   eth0  |        |虚机1
|                       |      +-------|          |---------+        |
|                       |              |          |                  |
|------------+          |              |          +------------------+
|            |----------+              |
|            |                         |
|    virb0   |----------+              |
|            |          |              |
|            |---+      |              |
|------------+   |      |              |
|                |      |              |
|                |      |              |
|------------+   |      |              |
| virbro-nic |---+      |              |
|------------+          |              |
|                       |              |
|                       |              |
|----------+            |              |
|   eth0   |            |              |
|----------+            |              |          +------------------+
|                       |              |          |                  |
|----------+            |      +-------|          |---------+        |
|   eth1   |            +------| vnet1 |----------|   eth0  |        |虚机2
|----------+                   +-------|          |---------+        |
|                                      |          |                  |
|                                      |          +------------------+
+--------------------------------------+

为默认方式,虚拟机获取一个私有 IP(例如 192.168.122.0/24 网段的),并通过本地主机的 NAT 访问外网。
创建一个本地网桥 virbr0,包括两个端口:virbr0-nic 为网桥内部端口,vnet0 为虚拟机网关端口(192.168.122.1)。

虚网络设备virb0和virbro-nic由libvirtd自动产生.

配置文件为
#vi /etc/libvirt/qemu/networks/default.xml


  default
  707672c9-7a19-4fa5-b858-d80a6e13a39f
 
 
 
 
   
     
   

 

这是默认的网络配置文件,属于NAT类型,并自动启动.
#tree /etc/libvirt/qemu/networks
/etc/libvirt/qemu/networks
|-- autostart
|   `-- default.xml -> ../default.xml
`-- default.xml


查看接口
# ip link | grep vir
6: virbr0: mtu 1500 qdisc noqueue state DOWN mode DEFAULT
7: virbr0-nic: mtu 1500 qdisc pfifo_fast master virbr0 state DOWN mode DEFAULT qlen 500


配置主机采用NAT方式
#vi /etc/libvirt/qemu/winxp-1.xml              //通过桥virbr0外出
...
                    
             //网卡MAC地址
                    //此时为NAT方式.
     
     


   
...

#virsh define /etc/libvirt/qemu/winxp-1.xml  //将修改的配置生效
#virsh start winxp-1                         //启动VM虚机


# ifconfig | grep mtu
...
virbr0: flags=4163  mtu 1500
vnet0: flags=4163  mtu 1500
vnet1: flags=4163  mtu 1500

查看网桥
# brctl show
bridge name     bridge id               STP enabled     interfaces
virbr0          8000.525400198c64       yes             virbr0-nic
                                                        vnet0
                                                        vnet1


说明:
    NAT方式,其实也是通过网桥来实现的.所有虚机连接一个网桥virbr0上面.

 

Bridge模式
-------------------------------------------------------------------------------------------------
结构类型

                                                KVM宿主
                         ---------------------------------------------------------------  
                                         网络结构                         虚机
                         +---------------------------------------+     
                         |                                       |
                         |                                       |
+------------+   Trunk   |--------------+                        |
| 物理交换机 |-----------|     eth0     |                        |
+------------+           |--------------+                        |
                         |       |              网桥             |
                         |       |            +------+           |
                         |       |            | brXX |           |
                         |       |            +------+           |
                         |       |  Vlan子接口   |               |
                         |       |---------------|               |       +-------------+
                         |       |    eth0.XX    |       +-------|       |------+      |
                         |       |               |-------| vnetX |-------| eth0 |      |虚机1
                         |       |               |       +-------|       |------+      |
                         |       |               |               |       +-------------+
                         |       |               |               |
                         |       |               |               |       +-------------+
                         |       |               |       +-------|       |------+      |
                         |       |               |-------| vnetY |-------| eth0 |      |虚机2
                         |       |               |       +-------|       |------+      |
                         |       |                               |       +-------------+
                         |       |                               |
                         |       |            +------+           |
                         |       |            | brYY |           |
                         |       |            +------+           |
                         |       |  Vlan子接口   |               |
                         |       |---------------|               |       +-------------+    
                         |       |   eth0.YY     |       +-------|       |------+      |
                         |                       |-------| vnetX |-------| eth0 |      |虚机3
                         |                       |       +-------|       |------+      |
                         |                                       |       +-------------+
                         |                                       |
                         |--------------+                        |
                         |    eth1      |                        |
                         |--------------+                        |
                         |                                       |
                         +---------------------------------------+
要点:
1.每个vlan都有自己的子接口和网桥,且都处于up状况.
2.每个网桥只包括一个vlan子接口和多个vnetN接口.

配置
在Trunk接口中配置vlan子接口
vconfig add enp2s0f0 59
vconfig add enp2s0f0 89

将Vlan的虚接口(SVI)启动
ifconfig enp2s0f0.59 up
ifconfig enp2s0f0.89 up

定义网桥
brctl addbr br59
brctl addbr br89

将网桥接口启动
ifconfig br59 up
ifconfig br89 up

将VLAN的SVI接口加入对应的网桥中
brctl addif br59 enp2s0f0.59
brctl addif br89 enp2s0f0.89

#vi /etc/libvirt/qemu/xp-3.xml               //通过桥br59外出
...
                    //类型:type='bridge'为网桥方式
     
                      //直接写入vlan的子接口,.
     
     


   
...
#vi /etc/libvirt/qemu/winxp-1.xml            //通过桥br89外出
#virsh define /etc/libvirt/qemu/xp-3.xml     //将修改的配置生效
#virsh define /etc/libvirt/qemu/winxp-1.xml  //将修改的配置生效
#virsh start xp-3                            //启动VM虚机
#virsh start winxp-1                         //启动VM虚机


查看网络接口
# brctl show
bridge name     bridge id               STP enabled     interfaces
br59            8000.0026554bb43c       no              enp2s0f0.59
                                                        vnet0
                                                        vnet1
br89            8000.0026554bb43c       no              enp2s0f0.89
                                                        vnet2
# ip link
...
11: : mtu 1500 qdisc noqueue master br59 state UP mode DEFAULT
    link/ether 00:26:55:4b:b4:3c brd ff:ff:ff:ff:ff:ff
12: : mtu 1500 qdisc noqueue master br89 state UP mode DEFAULT
    link/ether 00:26:55:4b:b4:3c brd ff:ff:ff:ff:ff:ff
15: br59: mtu 1500 qdisc noqueue state UP mode DEFAULT
    link/ether 00:26:55:4b:b4:3c brd ff:ff:ff:ff:ff:ff
16: br89: mtu 1500 qdisc noqueue state UP mode DEFAULT
    link/ether 00:26:55:4b:b4:3c brd ff:ff:ff:ff:ff:ff
17: vnet0: mtu 1500 qdisc pfifo_fast master br59 state UNKNOWN mode DEFAULT qlen 500
    link/ether fe:54:00:c2:ea:3a brd ff:ff:ff:ff:ff:ff
18: vnet1: mtu 1500 qdisc pfifo_fast master br59 state UNKNOWN mode DEFAULT qlen 500
    link/ether fe:54:00:8f:ef:80 brd ff:ff:ff:ff:ff:ff
19: vnet2: mtu 1500 qdisc pfifo_fast master br89 state UNKNOWN mode DEFAULT qlen 500
    link/ether fe:54:00:ed:24:47 brd ff:ff:ff:ff:ff:ff

优点:
    Vlan通过虚接口与网桥连接,虚机通过网桥与Vlan连接,这样Vlan可以连接多个虚机.

 


MacvTap模式
-------------------------------------------------------------------------------------------------
Macvtap是一个新的设备驱动程序,旨在简化虚拟化的桥接网络。它取代基于macvlan设备驱动模块的TUN / TAP和桥驱动器的组合。
一个macvtap终点(endpoint)是一个字符设备,主要遵循的TUN / TAP ioctl接口,可以直接使用KVM/ qemu
和其他支持TUN / TAP接口的虚拟机管理程序

该模式会产生macvtapN虚拟网络接口,与vnetN类接口功能一样,用于连接虚拟机.
该模式中有如下几中方式
   Bridge      : 网桥方式
   VEPA        : Virtual Ethernet Port Aggregator,多个虚拟机指定同一个接口(例如 eth0),通过该接口连接到外部的物理网络。但虚机之间的访问需要先绕到外部的物理(也可以配置为软交换机)交换机,然后由外部交换机进行转发,再绕回来。
   Private     : 私有方式,
   Passthrough : 直通方式,种模式支持虚机迁移。

 

VEPA方式
-----------------------------
默认模式。多个虚拟机指定同一个接口(例如 eth0),通过该接口连接到外部的物理网络。但虚机之间的访问需要先绕到
外部的物理(也可以配置为软交换机)交换机,然后由外部交换机进行转发,再绕回来。
需要外部交换机支持 Reflective Relay,或者发夹(Hairpin)模式,即从一个接口发上来的流量还能扔回去。

结构类型

                                                KVM宿主
                         ---------------------------------------------------------------  
                                         网络结构                             虚机
                         +------------------------------------------+     
                         |                                          |
                         |                                          |
+------------+   Trunk   |--------------+                           |
| 物理交换机 |-----------|     eth0     |                           |
+------------+           |--------------+                           |
                         |       |                                  |
                         |       |                                  |
                         |       |  Vlan子接口                      |
                         |       |---------------|                  |       +-------------+
                         |       |    eth0.XX    |       +----------|       |------+      |
                         |       |               |-------| macvtapX |-------| eth0 |      |虚机1
                         |       |               |       +----------|       |------+      |
                         |       |               |                  |       +-------------+
                         |       |               |                  |
                         |       |               |                  |       +-------------+
                         |       |               |       +----------|       |------+      |
                         |       |               |-------| macvtapY |-------| eth0 |      |虚机2
                         |       |               |       +----------|       |------+      |
                         |       |                                  |       +-------------+
                         |       |                                  |
                         |       |                                  |
                         |       |                                  |
                         |       |  Vlan子接口                      |
                         |       |---------------|                  |       +-------------+    
                         |           eth0.YY     |       +----------|       |------+      |
                         |                       |-------| macvtapX |-------| eth0 |      |虚机3
                         |                       |       +----------|       |------+      |
                         |                                          |       +-------------+
                         |                                          |
                         |--------------+                           |
                         |    eth1      |                           |
                         |--------------+                           |
                         |                                          |
                         +------------------------------------------+

配置
在Trunk接口中配置vlan子接口
vconfig add enp2s0f0 59
vconfig add enp2s0f0 89

将Vlan的虚接口(SVI)启动
ifconfig enp2s0f0.59 up
ifconfig enp2s0f0.89 up

#vi /etc/libvirt/qemu/winxp-2.xml
...
                        //类型type='direct'为MacvTap模式
     
          //通过vlan59的子接口外出.类型mode='vepa'表示为VEPA方式,同一样vlan子接口可以配置给多个虚机.
     
     


   
...
#virsh define /etc/libvirt/qemu/winxp-1.xml
#virsh start winxp-1

查看网络接口
# ip link
...
8: : mtu 1500 qdisc noqueue state UP mode DEFAULT
    link/ether 00:26:55:4b:b4:3c brd ff:ff:ff:ff:ff:ff
9: : mtu 1500 qdisc noqueue state UP mode DEFAULT
    link/ether 00:26:55:4b:b4:3c brd ff:ff:ff:ff:ff:ff
22: : mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 500
    link/ether 52:54:00:c2:ea:3a brd ff:ff:ff:ff:ff:ff
23: : mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 500
    link/ether 52:54:00:8f:ef:80 brd ff:ff:ff:ff:ff:ff


Bridge方式
-----------------------------
跟 VEPA 模式类似,但绑到同一接口上(不确定同一主机上多个网卡之间是否可以)上的多个虚机之间直接本地就转发到对应的 macvtap 设备上了,
不需要到外面再绕回来。当然,要求源和目的虚机都配置为 bridge 模式。
虽然说是桥模式,但无需做有关网桥的配置.

#vi /etc/libvirt/qemu/xp-3.xml
...
                            //类型type='direct'为MacvTap模式
     
            //通过vlan59的子接口外出.类型mode='bridge'表示为bridge方式,同一样vlan子接口可以配置给多个虚机.
     
     


   
...
#virsh define /etc/libvirt/qemu/xp-3.xml     //将修改的配置生效
#virsh start xp-3

 

Private方式
-----------------------------
虚拟机之间不能相互访问,即使外部交换机支持 Reflective Relay 也不成。除非虚机处在不同的子网,经过外面网
关的转发再绕回来。要求源和目的虚机都配置为 private 模式。这种模式在多租户的公有云里面应该用处挺大。
类似于交换机中的PVLAN功能.

#vi /etc/libvirt/qemu/winxp-1.xml
...
                            //类型type='direct'为MacvTap模式
     
           //通过vlan59的子接口外出.类型mode='private'表示为private方式,同一样vlan子接口可以配置给多个虚机.
     
     


   
...
#virsh define /etc/libvirt/qemu/winxp-1.xml
#virsh start winxp-1

查看网络接口
#ip link
...
8: : mtu 1500 qdisc noqueue state UP mode DEFAULT
    link/ether 00:26:55:4b:b4:3c brd ff:ff:ff:ff:ff:ff
9: : mtu 1500 qdisc noqueue state UP mode DEFAULT
    link/ether 00:26:55:4b:b4:3c brd ff:ff:ff:ff:ff:ff
24: : mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 500
    link/ether 52:54:00:c2:ea:3a brd ff:ff:ff:ff:ff:ff
25: : mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 500
    link/ether 52:54:00:8f:ef:80 brd ff:ff:ff:ff:ff:ff

 

Passthrough方式
-----------------------------
如果本地物理网卡支持 SRIOV,那虚机可以直接绑定到不同的 VF 上。这种模式支持虚机迁移。


网络结构
                       +----------------------------+
             Trunk     |                            |
物理交换机-------------|eth0                        |
                       |   |                        |
                       |   |---eth0.X1-----macvtapN1|-----eth0虚机1
                       |   |---eth0.X2-----macvtapN2|-----eth0虚机2
                       |   |---eth0.X3-----macvtapN3|-----eth0虚机3
                       +----------------------------+

配置
vconfig add enp2s0f0 59
vconfig add enp2s0f0 89
ifconfig enp2s0f0.59 up
ifconfig enp2s0f0.89 up

#vi /etc/libvirt/qemu/xp-3.xml
...
                                        //类型type='direct'为MacvTap模式
     
                   //直接通过vlan59的子接口enp2s0f0.59外出.类型mode='passthrough'表示为passthrough方式
     
     


   
...
#virsh define /etc/libvirt/qemu/xp-3.xml     //将修改的配置生效
#virsh start xp-3

# ip link
...
11: : mtu 1500 qdisc noqueue state UP mode DEFAULT
    link/ether 52:54:00:c2:ea:3a brd ff:ff:ff:ff:ff:ff
12: : mtu 1500 qdisc noqueue state UP mode DEFAULT
    link/ether 52:54:00:ed:24:47 brd ff:ff:ff:ff:ff:ff
13: : mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 500
    link/ether 52:54:00:ed:24:47 brd ff:ff:ff:ff:ff:ff
14: : mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 500
    link/ether 52:54:00:c2:ea:3a brd ff:ff:ff:ff:ff:ff


缺点:
    每个VLan的虚接口只能连接一个虚机.

上一篇:netfiler/iptables数据流
下一篇:KVM/Libvirt采用openvswitch网络.