openSUSE Leap Documentation › Virtualization Guide › Managing Virtual Machines with libvirt › Managing Networks
ContentsContents
Virtualization Guide
  1. About This Manual
  2. I Introduction
    1. 1 Virtualization Technology
    2. 2 Introduction to Xen Virtualization
    3. 3 Introduction to KVM Virtualization
    4. 4 Introduction to Linux Containers
    5. 5 Virtualization Tools
    6. 6 Installation of Virtualization Components
    7. 7 Supported Guests, Hosts and Features
  3. II Managing Virtual Machines with libvirt
    1. 8 Starting and Stopping libvirtd
    2. 9 Guest Installation
    3. 10 Basic VM Guest Management
    4. 11 Connecting and Authorizing
    5. 12 Managing Storage
    6. 13 Managing Networks
    7. 14 Configuring Virtual Machines
  4. III Hypervisor-Independent Features
    1. 15 Disk Cache Modes
    2. 16 VM Guest Clock Settings
    3. 17 libguestfs
  5. IV Managing Virtual Machines with Xen
    1. 18 Setting Up a Virtual Machine Host
    2. 19 Virtual Networking
    3. 20 Managing a Virtualization Environment
    4. 21 Block Devices in Xen
    5. 22 Virtualization: Configuration Options and Settings
    6. 23 Administrative Tasks
    7. 24 XenStore: Configuration Database Shared between Domains
    8. 25 Xen as a High-Availability Virtualization Host
  6. V Managing Virtual Machines with QEMU
    1. 26 QEMU Overview
    2. 27 Setting Up a KVM VM Host Server
    3. 28 Guest Installation
    4. 29 Running Virtual Machines with qemu-system-ARCH
    5. 30 Virtual Machine Administration Using QEMU Monitor
  7. VI Managing Virtual Machines with LXC
    1. 31 Linux Containers
    2. 32 Migration from LXC to libvirt-lxc
  8. Glossary
  9. A Virtual Machine Drivers
  10. B Appendix
  11. C XM, XL Toolstacks and Libvirt framework
  12. D GNU Licenses
Navigation
openSUSE Leap Documentation › Virtualization Guide › Managing Virtual Machines with libvirt › Managing Networks
Top
Applies to openSUSE Leap 42.1

13 Managing Networks

Abstract

This chapter introduces common networking configurations supported by libvirt. It does not depend on the hypervisor used, which means that it is valid for all hypervisors supported by libvirt, such as KVM or Xen. These setups can be achieved using both the graphical interface of Virtual Machine Manager and the command line tool virsh.

13.1 Virtual Networks
13.2 Bridged Networking

There are two common network setups to provide a VM Guest with a network connection—either create a virtual network for the guest, or create a network bridge over a host's physical network interface and have the guest use it.

13.1 Virtual Networks

A virtual network is a computer network which does not consist of a physical network link, but rather uses a virtual network link. Each host can have a number of virtual networks defined. Virtual networks are based on virtual devices that connects virtual machines inside a hypervisor. They allow outgoing traffic translated to the LAN and are provided with DHCP and DNS services. Virtual networks can be either isolated, or forwarded to a physical network.

Guests inside an isolated virtual network can communicate with each other, but cannot communicate with guests outside the virtual network. Also, guests not belonging to the isolated virtual network cannot communicated with guests inside.

On the other hand, guests inside a forwarded (NAT, network address translation) virtual network can make any outgoing network connection they request. Incoming connections are allowed from VM Host Server, and from other guests connected to the same virtual network. All other incoming connections are blocked by iptables rules.

A standard libvirt installation on openSUSE Leap already comes with a predefined virtual network providing DHCP server and network address translation (NAT) named "default".

13.1.1 Managing Virtual Networks with Virtual Machine Manager

You can define, configure, and operate both isolated and forwarded virtual networks with Virtual Machine Manager.

13.1.1.1 Defining Virtual Networks

  1. Start Virtual Machine Manager. In the list of available connections, left-click the name of the connection for which you need to configure the virtual network, and then select Details.

  2. In the Connection Details window, click the Virtual Networks tab. You can see the list of all virtual networks available for the current connection. On the right, there are details of the highlighted virtual network.

    Connection Details
    Figure 13.1: Connection Details

  3. Click to add a new virtual network.

  4. Type a name for the new virtual network and click Forward.

    Create virtual network
    Figure 13.2: Create virtual network

  5. If you want to specify an IPv4 network address space definition, activate the relevant option and type it into the Network text entry.

    Create virtual network
    Figure 13.3: Create virtual network

  6. libvirt can provide your virtual network with a DHCP server. If you need it, activate Enable DHCPv4, then type the start and end IP address range of assignable addresses.

  7. To enable static routing for the new virtual network, activate the relevant option and type the network and gateway addresses.

  8. Click Forward to proceed.

  9. To specify IPv6-related options—network address space, DHCPv6 server, or static route—activatei Enable IPv6 network address space definition and activate/fill the relevant options.

  10. Click Forward to proceed.

  11. Select whether you want isolated or forwarded virtual network.

    Create virtual network
    Figure 13.4: Create virtual network

    For forwarded networks, specify the network interface to which the requests will be forwarded, and one of the forwarding modes: while NAT (network address translation) remaps the virtual network address space and allows sharing a single IP address, Routed connects the virtual switch to the physical host LAN with no network translation.

  12. If you did not specify IPv6 network address space definition earlier, you can enable IPv6 internal routing between virtual machines.

  13. Optionally, change the DNS domain name.

  14. Click Finish to create the new virtual network. On VM Host Server, a new virtual network bridge virbrXis available, which corresponds to the newly create virtual network. You can check with brctl show. libvirt automatically adds iptables rules to allow traffic to/from guests attached to the new virbrX device.

13.1.1.2 Starting Virtual Networks

To start a virtual network that is temporarily stopped, follow these steps:

  1. Start Virtual Machine Manager. In the list of available connections, left-click the name of the connection for which you need to configure the virtual network, and then select Details.

  2. In the Connection Details window, click the Virtual Networks tab. You can see the list of all virtual networks available for the current connection.

  3. Click to start the virtual network.

13.1.1.3 Stopping Virtual Networks

To stop an active virtual network, follow these steps:

  1. Start Virtual Machine Manager. In the list of available connections, left-click the name of the connection for which you need to configure the virtual network, and then select Details.

  2. In the Connection Details window, click the Virtual Networks tab. You can see the list of all virtual networks available for the current connection.

  3. Click to stop the virtual network.

13.1.1.4 Deleting Virtual Networks

To delete a virtual network from VM Host Server, follow these steps:

  1. Start Virtual Machine Manager. In the list of available connections, left-click the name of the connection for which you need to configure the virtual network, and then select Details.

  2. In the Connection Details window, click the Virtual Networks tab. You can see the list of all virtual networks available for the current connection.

  3. Click to delete the virtual network.

13.1.2 Managing Virtual Networks with virsh

You can manage libvirt-provided virtual networks with the virsh command line tool. To view all network related virsh commands, run 

# virsh help network
Networking (help keyword 'network'):
 net-autostart                  autostart a network
        net-create                     create a network from an XML file
        net-define                     define (but don't start) a network from an XML file
        net-destroy                    destroy (stop) a network
        net-dumpxml                    network information in XML
        net-edit                       edit XML configuration for a network
        net-event                      Network Events
        net-info                       network information
        net-list                       list networks
        net-name                       convert a network UUID to network name
        net-start                      start a (previously defined) inactive network
        net-undefine                   undefine an inactive network
        net-update                     update parts of an existing network's configuration
 net-uuid                       convert a network name to network UUID

To view a brief help information for a specific virsh command, run virsh help virsh_command: 

# virsh help net-create
  NAME
    net-create - create a network from an XML file

  SYNOPSIS
    net-create <file>

  DESCRIPTION
    Create a network.

  OPTIONS
    [--file] <string>  file containing an XML network description

13.1.2.1 Creating a Network

To create a new running virtual network, run 

root # virsh net-create vnet_definition.xml

The vnet_definition.xml XML file includes the definition of the virtual network that libvirt accepts.

To define a new virtual network without activating it, run 

root # virsh net-define vnet_definition.xml

The following examples illustrate definitions of different types of virtual networks.

Example 13.1: NAT Based Network

The following configuration allows VM Guests outgoing connectivity if it is available on VM Host Server. In the absence of VM Host Server networking, it allows guests to talk directly to each other. 

<network>
<name>vnet_nated</name>1
<bridge name="virbr1" />2
 <forward mode="nat"/>3
 <ip address="192.168.122.1" netmask="255.255.255.0">4
  <dhcp>
   <range start="192.168.122.2" end="192.168.122.254" />5
  </dhcp>
 </ip>
</network>

1

The name of the new virtual network.

2

The name of the bridge device used to construct the virtual network. When defining a new network with a <forward> mode of "nat" or "route" (or an isolated network with no <forward> element), libvirt will automatically generate a unique name for the bridge device if none is given.

3

Inclusion of the <forward> element indicates that the virtual network will be connected to the physical LAN. The mode attribute specifies the forwarding method. The most common modes are "nat" (default, network address translation), "route" (direct forwarding to the physical network, no address translation), and "bridge" (network bridge configured outside of libvirt). If the <forward> element is not specified, the virtual network will be isolated from other networks. For a complete list of forwarding modes, see http://libvirt.org/formatnetwork.html#elementsConnect.

4

The IP address and netmask for the network bridge.

5

Enable DHCP server for the virtual network, offering IP addresses ranging from the specified start and end attribute.

Example 13.2: Routed Network

The following configuration routes traffic from the virtual network to the LAN without applying any NAT. The IP address range must be pre-configured in the routing tables of the router on VM Host Server network. 

<network>
 <name>vnet_routed</name>
 <bridge name="virbr1" />
 <forward mode="route" dev="eth1"/>1
 <ip address="192.168.122.1" netmask="255.255.255.0">
  <dhcp>
   <range start="192.168.122.2" end="192.168.122.254" />
  </dhcp>
 </ip>
</network>

1

The guest traffic may only go out via the eth1 network device on the VM Host Server.

Example 13.3: Isolated Network

This configuration provides a completely isolated private network. The guests can talk to each other, and to VM Host Server, but cannot reach any other machines on the LAN, as the <forward> element is missing in the XML description. 

<network>
        <name>vnet_isolated</name>
        <bridge name="virbr3" />
        <ip address="192.168.152.1" netmask="255.255.255.0">
                <dhcp>
                        <range start="192.168.152.2" end="192.168.152.254" />
                </dhcp>
        </ip>
</network>
Example 13.4: Using an Existing Bridge on VM Host Server

This configuration shows how to use an existing VM Host Server's network bridge br0. VM Guests are directly connected to the physical network. Their IP addresses will all be on the subnet of the physical network, and there will be no restrictions on incoming or outgoing connections. 

<network>
        <name>host-bridge</name>
        <forward mode="bridge"/>
        <bridge name="br0"/>
</network>

13.1.2.2 Listing Networks

To list all virtual networks available to libvirt, run 

root # virsh net-list --all

 Name                 State      Autostart     Persistent
----------------------------------------------------------
 crowbar              active     yes           yes
 vnet_nated           active     yes           yes
 vnet_routed          active     yes           yes
 vnet_isolated        inactive   yes           yes

13.1.2.3 Getting Details about a Network

To get detailed informaiton about a network, run 

root # virsh net-info vnet_routed
Name:           vnet_routed
UUID:           756b48ff-d0c6-4c0a-804c-86c4c832a498
Active:         yes
Persistent:     yes
Autostart:      yes
Bridge:         virbr5

13.1.2.4 Starting a Network

To start an inactive network that was already defined, find its name (or unique identifier, UUID) with 

root # virsh net-list --inactive
 Name                 State      Autostart     Persistent
----------------------------------------------------------
 vnet_isolated        inactive   yes           yes

and then run 

root # virsh net-start vnet_isolated
Network vnet_isolated started

13.1.2.5 Stopping a Network

To stop an active network, find its name (or unique identifier, UUID) with 

root # virsh net-list --inactive
 Name                 State      Autostart     Persistent
----------------------------------------------------------
 vnet_isolated        active     yes           yes

and then run 

root # virsh net-destroy vnet_isolated
Network vnet_isolated destroyed

13.1.2.6 Removing a Network

To remove the definition of an inactive network from VM Host Server permanently, run 

root # virsh net-undefine vnet_isolated
Network vnet_isolated has been undefined

13.2 Bridged Networking

A network bridge is used to connect two or more network segments. It behaves like a virtual network switch, and guest machines treat it transparently as a physical network interface. Any physical or virtual device can be connected to the bridge.

If there is a network bridge present on VM Host Server, you can connect VM Guest directly to it. This provides the VM Guest with full incoming and outgoing network access.

13.2.1 Managing Network Bridges with YaST

This section includes procedures to add or remove network bridges with YaST.

13.2.1.1 Adding a Network Bridge

To add a network bridge on VM Host Server, follow these steps:

  1. Start YaST › System › Network Settings.

  2. Activate the Overview tab and click Add.

  3. Select Bridge from the Device Type list and enter the bridge device interface name in the Configuration Name entry. Proceed with Next.

  4. In the Address tab, specify networking details such as DHCP/static IP address, subnet mask or host name.

  5. Activate the Bridged Devices tab and activate the network devices you want to include in the network bridge.

  6. Click Next to return to the Overview tab and confirm with OK. The new network bridge should be active on VM Host Server now.

13.2.1.2 Deleting a Network Bridge

To delete an existing network bridge, follow these steps:

  1. Start YaST › System › Network Settings.

  2. Select the bridge device you want to delete from the list in the Overview tab.

  3. Delete the bridge with Delete and confirm with OK.

13.2.2 Managing Network Bridges with brctl

This section includes procedures to add or remove network bridges with the brctl command line tool.

13.2.2.1 Adding a Network Bridge

To add a new network bridge device on VM Host Server with brctl, follow these steps:

  1. Login as root on the VM Host Server where you want to create a new network bridge.

  2. Choose a name for the new bridge—virbr_test in our example— and run 

    root # brctl addbr virbr_test

  3. Check if the bridge was create on VM Host Server: 

    root # brctl show
bridge name     bridge id           STP enabled     interfaces
br0             8000.e06995ec09e8   no              eth0
virbr0          8000.525400b37ec9   yes             virbr0-nic
virbr_test      8000.000000000000   no

    virbr_test is present, but is not associated with any physical network interface.

  4. Add a network interface to the bridge: 

    root # brctl addif eth1
    Important
    Important

    You can only enslave a network interface that is not yet used by other network bridge.

  5. Optionally, enable STP (see Spanning Tree Protocol: 

    root # brctl stp virbr_test on

13.2.2.2 Deleting a Network Bridge

To delete an existing network bridge device on VM Host Server with brctl, follow these steps:

  1. Login as root on the VM Host Server where you want to delete an existing network bridge.

  2. List existing network bridges to identify the name of the bridge to remove: 

    root # brctl show
bridge name     bridge id           STP enabled     interfaces
br0             8000.e06995ec09e8   no              eth0
virbr0          8000.525400b37ec9   yes             virbr0-nic
virbr_test      8000.000000000000   yes             eth1

  3. Delete the bridge: 

    root # brctl delbr virbr_test
Chapter 14 Configuring Virtual MachinesChapter 12 Managing Storage
Print this page

© 2018 SUSE