[libvirt] Network Configuration question

Remko Nolten remko at nolten.nu
Mon Feb 9 15:51:34 UTC 2009 

On 09 Feb 2009, at 14:17, Hugh O. Brock wrote:

> On Sun, Feb 08, 2009 at 10:34:06PM +0100, Remko Nolten wrote:
>> Hi!
>>
>> For a shared virtual hosting project with some friends we need a  
>> pretty
>> specialized network configuration. Because we have virtually no  
>> time for
>> experimenting (no pun intended), and the hosting organization has no
>> experience with libvirt/KVM configurations they suggested to try  
>> and ask
>> here.
>>
>> So, this is the situation: We have a server with one physical
>> connection. Each user gets one virtual machine with its own IP- 
>> address
>> (we have our own ip-range). The hosting organization gives us one  
>> "main"
>> address 'A' with netmask 255.255.255.0 (/24) and a default gateway  
>> for
>> our host machine. Besides this we get a number of addresses B1, B2,  
>> etc.
>> with netmask 255.255.255.255 (/32) and without a default gateway. The
>> switch just routes the traffic to our server for each ip-address we  
>> own
>> (A and Bn).
>>
>> According to our hosting organization, the normal solution is to
>> configure a loopback interface for each of the ip-addresses on the
>> server so you can configure your software just to use one of the
>> addresses. But we are not sure how this will work out in our virtual
>> environment. Our intuition tells us we need to use the routing  
>> network
>> forwarding mode, but when we bring the server to the data center we
>> don't want to have any surprises. :)
>
> Hi there.
>
> This actually sounds like a fairly standard configuration. What you
> want to do is set the single NIC on your server to bridge, following
> the instructions at
> http://wiki.libvirt.org/page/Networking#Bridged_networking_.28aka_.22shared_physical_device.22.29
> . Each VM can then have its own IP, which in your case sounds like it
> will be static.
>
> Hope this helps,
> --Hugh
>
>>


Hi Hugh!

Thanks for your response. I'm afraid this will not work since the ip- 
addresses for the VM's have a /32 netmask and no default gateway which  
is required when you create a interface using a bridge.

This how it works in a (non-virtualized) system at our hosting  
organization:
For example, my server has one main ip-address, 10.255.255.0 on eth0,  
and our hosting organization gives us 3 extra ip-addresses (so our  
range is 10.255.255.0/30) which are routed to 10.255.255.0. On our  
server, we can add the ip-addresses using:

	ip addr add 10.255.255.1/32 dev lo
	ip addr add 10.255.255.2/32 dev lo
	ip addr add 10.255.255.3/32 dev lo

So, our server gets the routed packages and will recognize them as one  
of his own which enables us to add listeners to the ip-addresses like  
Apache or a mail-server.

In our case, we don't want the server to route the packages to the  
loopback interface (so that services can listen to it), but we want  
the server to route the traffic to the virtual machine. The more I  
think of it, I suspect we need the "route" network option like this:

<network>
	<name>local</name>
	<bridge name="virbr%d" />
	<forward mode="route" dev="eth0"/>
		<!-- dev is the device which is directly connected to the network  
and has ip 10.255.255.0-->
	<ip address="10.255.255.0" netmask="255.255.255.4">
	  <dhcp>
	    <range start="10.255.255.1" end="10.255.255.3" />
	  </dhcp>
	</ip>
</network>

Is this correct?

-- 
Remko Nolten
Tel: 		06-45600767
E-mail: 	remko at nolten.nu

More information about the libvir-list mailing list