[libvirt-users] inquiry about differences between the tap and the vnet in the virt-manager
Laine Stump
laine at laine.org
Mon Apr 20 19:45:26 UTC 2015
On 04/20/2015 10:20 AM, wh.h at foxmail.com wrote:
>
>
>> inquiry about differences between the tap and the vnet in the
>> virt-manager
>>
>>
>> Greetings!
>>
>> I encounter a problem about the network when using virt-manager
>> to create and run a VM.
>>
>> when I want to establish a network bridge for the guest OS, I
>> generally use two kinds of ways described as fellow :
>>
>> *First method : create a bridge with the help of linux
>> commad: brctl*, or
>>
>> *Second method : using virt-manager *
>>
>> *(1) create a bridge with the help of linux commad: brctl*
>>
>> I use a script to establish a bridge, there are many script
>> examples on the web to establish a bridge. when I restart the
>> network service, I get the bridge :
>>
>> *1.1 create network bridge *
>>
>> [root at localhost ~]# ifconfig
>>
>> br0 Link encap:Ethernet HWaddr C2:CD:89:61:2C:F0
>>
>> inet addr:192.168.1.189 Bcast:192.168.1.255
>> Mask:255.255.255.0
>>
>> inet6 addr: fe80::c0cd:89ff:fe61:2cf0/64 Scope:Link
>>
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>
>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>
>> TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
>>
>> collisions:0 txqueuelen:0
>>
>> RX bytes:0 (0.0 b) TX bytes:1080 (1.0 KiB)
>>
>> eth2 Link encap:Ethernet HWaddr 00:25:90:8E:C0:F0
>>
>> inet addr:172.16.1.189 Bcast:172.16.255.255
>> Mask:255.255.0.0
>>
>> inet6 addr: fe80::225:90ff:fe8e:c0f0/64 Scope:Link
>>
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>
>> RX packets:918998 errors:0 dropped:0 overruns:0 frame:0
>>
>> TX packets:2033 errors:0 dropped:0 overruns:0 carrier:0
>>
>> collisions:0 txqueuelen:1000
>>
>> RX bytes:84486598 (80.5 MiB) TX bytes:148116 (144.6 KiB)
>>
>> Memory:fbe20000-fbe3ffff
>>
>> [root at localhost ~]# brctl show
>>
>> bridge name bridge id STP
>> enabled interfaces
>>
>> br0 8000.0025908ec0f0 no
>>
>> virbr0 8000.525400b1de42 yes
>> virbr0-nic
>>
>> *1.2 add bridge interface *
>>
>> the eth2 device is a physical ethernet device,
>>
>> [root at localhost ~]# brctl addif br0 eth2
>>
>> [root at localhost ~]# brctl show
>>
>> bridge name bridge id STP
>> enabled interfaces
>>
>> br0 8000.0025908ec0f0 no
>> eth2
>>
>> virbr0 8000.525400b1de42 yes
>> virbr0-nic
>>
>> *1.3 create tap and add it to the bridge *
>>
>> *create tap:*
>>
>> tunctl -t tap0 -u root
>>
>> brctl addif br0 tap0
>>
>> ifconfig tap0 up
>>
>> chmod a+rw /dev/net/tun
>>
>> echo 1 > /proc/sys/net/ipv4/ip_forward
>>
>> iptables -t nat -A POSTROUTING -j MASQUERADE
>>
>
> The previous two lines do nothing for a bridge'd setup. Neither
> the setting of ip_forward nor a POSTROUTING rule will have any
> effect on packets that are bridged directly to a physical device
> (i.e. L2) - they only take effect on packets that are routed via
> the host's IP stack (i.e. L3).
>
> ///////////////////////////
> weihua:
> thanks for you suggestion !
> I want to use "ping" command to test network state , so I make
> these setting .
> ///////////////////////////
>
Those will also do nothing for the ability of ping to work. As I said,
they only have an effect on packets that are L3 *routed* by the host,
but you have the bridge directly connected to a physical device (and
presumably the guest has an IP address that is on the physical network)
so all the guest traffic will go directly across the bridge to the
host's ethernet and out onto the physical network - everything is L2
forwarding, no IP routing involved.
>
>> *add it to the bridge *
>>
>> [root at localhost ~]# brctl addif br0 tap0
>>
>> [root at localhost ~]# brctl show
>>
>> bridge name bridge id STP
>> enabled interfaces
>>
>> br0 8000.0025908ec0f0 no
>> eth2
>>
>>
>> tap0
>>
>> virbr0 8000.525400b1de42 yes
>> virbr0-nic
>>
>> [root at localhost kvm_img]# ifconfig
>>
>> br0 Link encap:Ethernet HWaddr 00:25:90:8E:C0:F0
>>
>> inet addr:172.16.1.189 Bcast:172.16.255.255
>> Mask:255.255.0.0
>>
>> inet6 addr: fe80::c0cd:89ff:fe61:2cf0/64 Scope:Link
>>
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>
>> RX packets:37947 errors:0 dropped:0 overruns:0 frame:0
>>
>> TX packets:10485 errors:0 dropped:0 overruns:0 carrier:0
>>
>> collisions:0 txqueuelen:0
>>
>> RX bytes:2581300 (2.4 MiB) TX bytes:40996927 (39.0 MiB)
>>
>> eth2 Link encap:Ethernet HWaddr 00:25:90:8E:C0:F0
>>
>> inet6 addr: fe80::225:90ff:fe8e:c0f0/64 Scope:Link
>>
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>
>> RX packets:957962 errors:0 dropped:34 overruns:0 frame:0
>>
>> TX packets:38466 errors:0 dropped:0 overruns:0 carrier:0
>>
>> collisions:0 txqueuelen:1000
>>
>> RX bytes:87721507 (83.6 MiB) TX bytes:42551007 (40.5 MiB)
>>
>> Memory:fbe20000-fbe3ffff
>>
>> tap0 Link encap:Ethernet HWaddr F2:55:FC:F8:95:DC
>>
>> inet6 addr: fe80::f055:fcff:fef8:95dc/64 Scope:Link
>>
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>
>> RX packets:11 errors:0 dropped:0 overruns:0 frame:0
>>
>> TX packets:1328 errors:0 dropped:0 overruns:0 carrier:0
>>
>> collisions:0 txqueuelen:500
>>
>> RX bytes:846 (846.0 b) TX bytes:173159 (169.1 KiB)
>>
>>
>>
>> *1.4 boot the guest (using the tap0)*
>>
>> kvm -boot c -localtime -m 4G -hda /home/kvm_img/centos6p4.img
>> -net nic -net tap,ifname=tap0,script=no -enable-kvm
>>
>
> I haven't seen anything in this case where you attach the host's
> eth2 to the bridge. (I'm not sure why you would want to do all of
> this by hand rather than using libvirt and letting it take care of
> the details for you, but that's not what you asked...)
>
> ///////////////////////////
> weihua:
> I use this command to add it to the bridge :
>>
>> brctl addif br0 eth2
>>
>> [root at localhost ~]# brctl show
>>
Right. Derp. I scanned through the output a half dozen times looking for
that and for some reason skipped over it *every* time :-/
>> bridge name bridge id STP
>> enabled interfaces
>>
>> br0 8000.0025908ec0f0 no
>> eth2
>>
>>
>> tap0
>>
>> virbr0 8000.525400b1de42 yes
>> virbr0-nic
>>
>>
>> what I want to do this by hand is that I want to manage the VM by
>> script commands . But the virt-manager is a graphic tool.
>>
>>
>> Would you please tell me something about the differences between
>> the tap created by linux command and the vnet device created by
>> libvirt? so I could write some scripts to make the tap the same
>> as the vnet device .
>>
>> thanks a lot!
>>
> ///////////////////////////
>
>> *(2) using virt-manager*
>>
>> *2.1 create network bridge *
>>
>> [root at localhost ~]# ifconfig
>>
>> br0 Link encap:Ethernet HWaddr C2:CD:89:61:2C:F0
>>
>> inet addr:192.168.1.189 Bcast:192.168.1.255
>> Mask:255.255.255.0
>>
>> inet6 addr: fe80::c0cd:89ff:fe61:2cf0/64 Scope:Link
>>
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>
>> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>>
>> TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
>>
>> collisions:0 txqueuelen:0
>>
>> RX bytes:0 (0.0 b) TX bytes:1080 (1.0 KiB)
>>
>> eth2 Link encap:Ethernet HWaddr 00:25:90:8E:C0:F0
>>
>> inet addr:172.16.1.189 Bcast:172.16.255.255
>> Mask:255.255.0.0
>>
>> inet6 addr: fe80::225:90ff:fe8e:c0f0/64 Scope:Link
>>
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>
>> RX packets:918998 errors:0 dropped:0 overruns:0 frame:0
>>
>> TX packets:2033 errors:0 dropped:0 overruns:0 carrier:0
>>
>> collisions:0 txqueuelen:1000
>>
>> RX bytes:84486598 (80.5 MiB) TX bytes:148116 (144.6 KiB)
>>
>> Memory:fbe20000-fbe3ffff
>>
>> [root at localhost ~]# brctl show
>>
>> bridge name bridge id STP
>> enabled interfaces
>>
>> br0 8000.0025908ec0f0 no
>>
>> virbr0 8000.525400b1de42 yes
>> virbr0-nic
>>
>> *2.2 add bridge interface *
>>
>> the eth2 device is a physical ethernet device,
>>
>> [root at localhost ~]# brctl addif br0 eth2
>>
>> [root at localhost ~]# brctl show
>>
>> bridge name bridge id STP
>> enabled interfaces
>>
>> br0 8000.0025908ec0f0 no
>> eth2
>>
>> virbr0 8000.525400b1de42 yes
>> virbr0-nic
>>
>> *2.3 run the virt-manager and select the NIC option*
>>
>> I find the bridge created above , configure it as fellow :
>>
>> in "*Virtual Network Interface* " setting:
>>
>> Source device: Host device tap0 (bridge br0)
>>
I would figure that "Host device tap0" would make a macvtap connection
to tap0 (which would probably work, but be inefficient; anyway, since
the tap device created by libvirt is called "vnet0" rather than
"macvtap0", I know that's not the case, but *something* doesn't add up).
What you want to select would look something like this on the version of
virt-manager I'm using: "Bridge br0: Host device eth2".
>> Device model: e1000
>>
>> Mac address: 52:54:00:84:E3:62
>>
>> *2.4 I start the VM using virt-manager*
>>
>> I get a vnet0 device created by virt-manager,
>>
>> [root at localhost ~]# ifconfig
>>
>> br0 Link encap:Ethernet HWaddr 00:25:90:8E:C0:F0
>>
>> inet addr:172.16.1.189 Bcast:172.16.255.255
>> Mask:255.255.0.0
>>
>> inet6 addr: fe80::c0cd:89ff:fe61:2cf0/64 Scope:Link
>>
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>
>> RX packets:62160 errors:0 dropped:1 overruns:0 frame:0
>>
>> TX packets:22071 errors:0 dropped:0 overruns:0 carrier:0
>>
>> collisions:0 txqueuelen:0
>>
>> RX bytes:4007196 (3.8 MiB) TX bytes:59626981 (56.8 MiB)
>>
>> eth2 Link encap:Ethernet HWaddr 00:25:90:8E:C0:F0
>>
>> inet6 addr: fe80::225:90ff:fe8e:c0f0/64 Scope:Link
>>
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>
>> RX packets:982209 errors:0 dropped:47 overruns:0 frame:0
>>
>> TX packets:61101 errors:0 dropped:0 overruns:0 carrier:0
>>
>> collisions:0 txqueuelen:1000
>>
>> RX bytes:89496644 (85.3 MiB) TX bytes:61778801 (58.9 MiB)
>>
>> Memory:fbe20000-fbe3ffff
>>
>> vnet0 Link encap:Ethernet HWaddr FE:54:00:84:E3:62
>>
>> inet6 addr: fe80::fc54:ff:fe84:e362/64 Scope:Link
>>
>> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
>>
>> RX packets:5 errors:0 dropped:0 overruns:0 frame:0
>>
>> TX packets:114 errors:0 dropped:0 overruns:0 carrier:0
>>
>> collisions:0 txqueuelen:500
>>
>> RX bytes:670 (670.0 b) TX bytes:13720 (13.3 KiB)
>>
>>
>>
>> both of the methods above seems that the network of guest OS is
>> OK at most of environments, and I can get the attributes of the
>> virtual network device . They are seemed to be the same.
>>
>> *about the tap0**:*
>>
>> [root at localhost ~]# ethtool -i tap0
>>
>> driver: tun
>>
>> version: 1.6
>>
>> firmware-version:
>>
>> bus-info: tap
>>
>> supports-statistics: no
>>
>> supports-test: no
>>
>> supports-eeprom-access: no
>>
>> supports-register-dump: no
>>
>> supports-priv-flags: no
>>
>> *about the vnet0 created by virt-manager :*
>>
>> *[root at localhost ~]# ethtool -i vnet0*
>>
>> driver: tun
>>
>> version: 1.6
>>
>> firmware-version:
>>
>> bus-info: tap
>>
>> supports-statistics: no
>>
>> supports-test: no
>>
>> supports-eeprom-access: no
>>
>> supports-register-dump: no
>>
>> supports-priv-flags: no
>>
>> *but the action between tap and vnet is not exactly the same**!I
>> will describe it in the following.*
>>
>> *this is my project **environment*
>> <http://www.iciba.com/application_environment>*:*
>>
>> hardware : intel xeon E5 2600 server from supermicro
>>
>> host OS: centos 6.4 (kernel version is changed to 3.15.10 by me)
>>
>> virtual software : KVM+qemu 2.1.3
>>
>> guest OS: centos 6.4 (kernel is not changed : 2.6.32 64bit)
>>
>>
>>
>> when I establish the network by *the first method: create a
>> bridge with the help of Linux commad: brctl*, tap0 device is
>> created in the host and assigned to the guest OS. tap0 device
>> gets a name “eth0” in the guest OS.
>>
>> I use “ping ” command to test network state . I get the following
>> result :
>>
>> *concept explanation : *
>>
>> local host: the OS where the guest OS is running
>>
>> remote host: another server which is connected to the local host
>> using ethernet network .
>>
>> and this is my results:
>>
>> ping local host from guest OS is OK, I get reply from local host;
>>
>> ping remote host from local host is OK, I get reply from remote host;
>>
>> *ping remote host from guest OS is not OK, I don’t get any reply
>> from remote host; and this is my question.*
>>
*Usually this behavior indicates that the following sysctl is set to 1:
*
net.bridge.bridge-nf-call-iptables
You can check for this with: "sysctl
net.bridge.bridge-nf-call-iptables". If it shows "1" set it to 0 like this:
sysctl -w net.bridge.bridge-nf-call-iptable=1
But again I wonder why you even want to go to the trouble of creating
your own tap devices and constructing a qemu commandline, when libvirt
will do all of that for you.
>> **
>>
>>
>>
>> when I establish the network by *the second method: using
>> virt-manager*, at this time , vnet0 device is created in the host
>> and assigned to the guest OS. vnet0 device gets a name “eth0” in
>> the guest OS.
>>
>> I also use “ping ” command to test network state . I get the
>> following result :
>>
>> ping local host from guest OS is OK, I get reply from local host;
>>
>> ping remote host from local host is OK, I get reply from remote host;
>>
>> *ping remote host from guest OS is OK, I get reply from remote host;*
>>
>>
>>
>> *my question is :*
>> why I cannot get reply when I ping *remote host from guest OS
>> using the first method?*
>>
>> I use the same bridge: br0, so I think that the bridge: br0 is
>> not responsible for the fault. and I have also stop the firewall .
>>
>> I guess the reason is that there are some differences between the
>> tap device created by linux command and vnet device created by
>> virt-manager. could you please kindly give my some advices to
>> solve the problem ?
>>
>>
>>
>> I would be grateful if you could give me some advice . look
>> forward to your reply !
>>
>> weihua
>> ------------------------------------------------------------------------
>>
>
>
>
> _______________________________________________
> libvirt-users mailing list
> libvirt-users at redhat.com
> https://www.redhat.com/mailman/listinfo/libvirt-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20150420/b343f6a7/attachment.htm>
More information about the libvirt-users
mailing list