[libvirt] The config of IP address for 'macvtap' network

Laine Stump laine at laine.org
Tue May 15 16:23:55 UTC 2012 

On 05/15/2012 12:04 PM, Lei Li wrote:
> On 05/15/2012 11:12 PM, Laine Stump wrote:
>> On 05/15/2012 05:33 AM, Michal Privoznik wrote:
>>> On 15.05.2012 10:57, Lei Li wrote:
>>>> Hi guys,
>>>>
>>>> I know the macvtap network is supported by libvirt as forward mode
>>>> 'passthrough', I wonder is there anyway to configure the IP address
>>>> for its interface?
>>>>
>>>> For example, If I create a network as below:
>>>>
>>>> <network>
>>>>   <name>vdsm-testnet</name>
>>>>   <uuid>31f6b3b3-e959-0dd1-ad3a-bf95db660415</uuid>
>>>>   <forward dev='eth0.8' mode='passthrough'>
>>>>     <interface dev='eth0.8'/>
>>>>   </forward>
>>>> </network>
>>>>
>>>> For now, I have to set the IP address by 'ifconfig eth0.8 XXX.XXX.XXX.XXX'
>>>> after defining the network.
>> If only the guest will use the interface, that isn't necessary. As a
>> matter of fact, once an interface has been assigned to a guest using
>> macvtap passthrough mode, the host *can't* use the interface (it can
>> continue to use it in the other macvtap modes, however), so it's
>> completely pointless to configure an IP address for that interface on
>> the host.
>>
>>
>>>> How can I set IP address for this VLAN device 'eth0.8' by libvirt, I mean
>>>> does libvirt support to assign IP address in this mode now? If does,
>>>> what is the
>>>> xml format for it?
>> A network device being used for a guest macvtap connection only needs an
>> IP address set on the host if the host will also be using that interface
>> - the guest does not magically acquire/use the IP address that has been
>> set on the host, it needs its own IP address, configured on the guest in
>> the same fashion you would configure any other guest interface (keep in
>> mind that even in macvtap 'bridge' mode, the host and guest cannot
>> communicate with each other via a macvtap interface). Otherwise, it's
>> enough for the interface to be defined on the host (it may also be
>> necessary for it to be "up" if it's a vlan device - I haven't tried
>> macvtap with vlans). If you are using RHEL or Fedora, you can do any/all
>> of that configuration with the virsh iface-define command. For example,
>> here is the xml file that would define an "eth0.8" interface on a host
>> (This is *not* the <interface> element of a domain configuration):
>>
>>
>> <interface type="vlan" name="eth0.8">
>>   <start mode="none"/>
>>   <protocol family="ipv4">
>>     <ip address="192.168.43.1"/>
>>   </protocol>
>>   <vlan tag="8">
>>     <interface name="eth0"/>
>>   </vlan>
>> </interface>
>>
>> To get this defined in the system, you would use:
>>
>>    virsh iface-define eth0.8.xml
>>
>> But again, it seems doubtful this is what you really want.
>>
>>>> It'd appreciate a lot if anybody could read my post and give me some
>>>> suggestions!
>>>>
>>>>
>>> I suppose adding:
>>>
>>>  <ip address='192.168.123.1' netmask='255.255.255.0'/>
>>>
>>> into <network/> should work, doesn't it?
>> No.
>>
>> The IP address used by the host for that interface (if any) should be
>> configured in the normal manner of the host system. The IP address used
>> by any guests using this interface / network based on this interface
>> should be configured in the guest just as you would any other interface
>> (if the guest is configured to get its IP address from DHCP, then you
>> would need to have a DHCP server running *on a different host* connected
>> to the .8 vlan.
>>
>> (BTW, note that in passthrough mode, only a single guest can connect to
>> each physical device, so having a <network> defined for passthrough mode
>> is mostly only useful if you have a pool of devices available. The way
>> you have it defined above, only a single guest would be able to use that
>> network.)
> Hi Laine,
> /
> /Thank you for your detailed reply!
> The vdsm support bridgless network by libvirt through passthrough mode, it just
> define a network by the xml format:
>
> <network>
>   <name>vdsm-XXX</name>
>   <uuid>...</uuid>
>   <forward dev=... mode='passthrough>
>     <interface dev=.../>
>   </forward>
> </network>
>
> I want to let IP address config for the host network enabled. It doesn't have to 
> be connected by a VLAN device, a simpler example, If I create a bridgeless 
> network by passthrough mode, its interface is eth0. What is the xml format for 
> the host to let the IP address configuration enabled?

1) There is no place in the <network> XML to configure the host's IP
address for an interface that is being used by that network for a
macvtap-type connection. If you want the host to have an IP address
configured for that interface, you would do it via the normal host
interface configuration method (for example, by editing the file
/etc/sysconfig/network-scripts/ifcfg-eth0.8 on a RHEL/Fedora/Suse
system, or by using the "virsh iface-define" command as I pointed out in
my previous message).

2) Since you are using macvtap "passthrough" mode, there is no point in
configuring an IP address on the host for this interface anyway - as
soon as the guest is started, that interface will be setup for use
exclusively by the guest, and any attempts by the host to use it will fail.

You can easily perform a test to verify this (as I did before my earlier
mail):

a) configure an interface on the host with an IP address, and verify
that it is working by starting up a "ping" to another machine on the
network. Leave this ping running.

b) setup a guest to use that interface in "passthrough" mode.

c) start the guest.

d) notice that the pings that you had left running in step (a) are now
failing.

If you want to allow the host to continue using the interface while the
guest is using it (and coincidentally also to allow multiple guests to
use the same interface at the same time), use "mode='bridge'" instead of
"mode='passthrough'".

(I think it's a bit misguided to define a network with
mode='passthrough' and only a single device, since only a single guest
can use a device in passthrough mode - normally when passthrough mode is
used, a pool of several interfaces is defined in the network (usually
virtual functions of an SRIOV-capable network card)).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120515/499c67a3/attachment-0001.htm>

More information about the libvir-list mailing list