Unsolved Help me understand KVM Networking
-
@stacksofplates said in Help me understand KVM Networking:
I’ve never done it through Cockpit. I’ve always used either nmcli or nmtui to create everything. What do your ifcfg files look like for those interfaces?
As I had removed it to test the macvtap, i had to recreate it. I did it with
nmclithis time.jbusch@dt-jared ~]$ ssh 10.254.103.5 Last login: Thu Dec 28 00:05:54 2017 from 10.254.103.200 [jbusch@kvm ~]$ su - Password: [root@kvm ~]# nmcli connection add ifname bridge0 type bridge con-name bridge0 Connection 'bridge0' (0febbbde-8d06-475a-a21b-a88ebdf006d8) successfully added. [root@kvm ~]# nmcli connection add type bridge-slave ifname team0 master bridge0 Connection 'bridge-slave-team0' (d44dd210-92d7-4337-b4dd-66afbd048370) successfully added. [root@kvm ~]# nmcli connection modify bridge0 bridge.stp no [root@kvm ~]# -
Do the guests have network access if you give them a static address?
-
@jaredbusch said in Help me understand KVM Networking:
@stacksofplates said in Help me understand KVM Networking:
I also usually just use macvtap. If I need host to guest communication I just set up a private network for them to communicate on.
Well, I cannot think of a reason to require host to guest communication, except that I may want to connect from a guest to the host to update the ISO store I use occasionally.
Ya that's really the only advantage to a full bridge.
-
@stacksofplates said in Help me understand KVM Networking:
@jaredbusch said in Help me understand KVM Networking:
@stacksofplates said in Help me understand KVM Networking:
I also usually just use macvtap. If I need host to guest communication I just set up a private network for them to communicate on.
Well, I cannot think of a reason to require host to guest communication, except that I may want to connect from a guest to the host to update the ISO store I use occasionally.
Ya that's really the only advantage to a full bridge.
And for my lab, colo, and most clients, I do not see that ever being an issue.
But I do have one specific client that will have a stand alone RHEL 7 box running KVM on a remote site. It will be running a single VM. I will have easy access to the VM, but not the host, because of "reasons" that have nothing to do with IT.
-
[root@kvm ~]# nmcli connection show NAME UUID TYPE DEVICE Wired connection 1 5371d5ee-0c26-3e5a-ae0d-6d3683d7d584 802-3-ethernet enp1s0f0 Wired connection 2 a2977c44-7e0a-3f9d-8ecc-74e222e150a9 802-3-ethernet enp1s0f1 bridge0 0febbbde-8d06-475a-a21b-a88ebdf006d8 bridge bridge0 eno1 3a2e709f-49c8-3ac8-aa99-aab4d616e650 802-3-ethernet eno1 team0 74aa71fe-e149-49e9-94ce-ab4a22a319e4 team team0 virbr0 0df1e6b8-e9e2-4538-a581-0f1c727495c4 bridge virbr0 bridge-slave-team0 d44dd210-92d7-4337-b4dd-66afbd048370 802-3-ethernet -- [root@kvm ~]# -
@stacksofplates said in Help me understand KVM Networking:
Do the guests have network access if you give them a static address?
I will try that.
-
@jaredbusch said in Help me understand KVM Networking:
@stacksofplates said in Help me understand KVM Networking:
@jaredbusch said in Help me understand KVM Networking:
@stacksofplates said in Help me understand KVM Networking:
I also usually just use macvtap. If I need host to guest communication I just set up a private network for them to communicate on.
Well, I cannot think of a reason to require host to guest communication, except that I may want to connect from a guest to the host to update the ISO store I use occasionally.
Ya that's really the only advantage to a full bridge.
And for my lab, colo, and most clients, I do not see that ever being an issue.
But I do have one specific client that will have a stand alone RHEL 7 box running KVM on a remote site. It will be running a single VM. I will have easy access to the VM, but not the host, because of "reasons" that have nothing to do with IT.
Ah ic. I really wish there was an easy way to get ovs installed on RHEL 7/CentOS 7.
-
So working, but lots of packet loss for a while.
It seems solid now.
Nevermind.. while it was trying to communicate out to get the base repo info, the pings failed. Once that timed out, the pings worked. Just tried it a couple times...
-
@stacksofplates said in Help me understand KVM Networking:
I also usually just use macvtap. If I need host to guest communication I just set up a private network for them to communicate on.
So how do you setup a private connection?
I have no issues with using macvtap on the team.
-
@jaredbusch said in Help me understand KVM Networking:
@stacksofplates said in Help me understand KVM Networking:
I also usually just use macvtap. If I need host to guest communication I just set up a private network for them to communicate on.
So how do you setup a private connection?
I have no issues with using macvtap on the team.
You can just create it in Virt-Manager. I'll jump on my laptop and take a screenshot.
-
Just click on your connection and go to edit -> connection details and click on the Virtual Networks tab.
Click the plus
Then run through the wizard.
If you choose NAT instead it will still work but is kind of pointless since you will already have an address through the macvtap.
You can do this through virsh as well. The host uses dnsmasq to configure everything so you can also add reservations and all of the other goodies as well. For reservations you can just add it in after the range line:
<host mac='de:ad:be:ef:ca:fe' name='test-vm' ip='192.168.30.50'/>
-
Works perfectly.
-
Too bad ovs isnt in the repos for RHEL/CentOS. You can set up these private networks and connect them through a VXLAN with ovs. That way you can have something like a separate dev network on the same hosts and they can communicate between hosts.
-
@stacksofplates said in Help me understand KVM Networking:
Too bad ovs isnt in the repos for RHEL/CentOS. You can set up these private networks and connect them through a VXLAN with ovs. That way you can have something like a separate dev network on the same hosts and they can communicate between hosts.
Not available in the epel repo?
-
@black3dynamite said in Help me understand KVM Networking:
@stacksofplates said in Help me understand KVM Networking:
Too bad ovs isnt in the repos for RHEL/CentOS. You can set up these private networks and connect them through a VXLAN with ovs. That way you can have something like a separate dev network on the same hosts and they can communicate between hosts.
Not available in the epel repo?
That is apparently the case unless my google--fu isn't up to snuff
-
@jaredbusch said in Help me understand KVM Networking:
I will have easy access to the VM, but not the host, because of "reasons" that have nothing to do with IT.
You can't access the host externally, as in you will only be able to access the host via one of it's guests? That seems like a weird requirement.
-
@tim_g said in Help me understand KVM Networking:
@jaredbusch said in Help me understand KVM Networking:
I will have easy access to the VM, but not the host, because of "reasons" that have nothing to do with IT.
You can't access the host externally, as in you will only be able to access the host via one of it's guests? That seems like a weird requirement.
Yes it is. Yet, if I drive 5 hours to be on site, I can have all the local console I want.
As I stated, not IT related reasoning.
-
@wirestyle22 said in Help me understand KVM Networking:
@black3dynamite said in Help me understand KVM Networking:
@stacksofplates said in Help me understand KVM Networking:
Too bad ovs isnt in the repos for RHEL/CentOS. You can set up these private networks and connect them through a VXLAN with ovs. That way you can have something like a separate dev network on the same hosts and they can communicate between hosts.
Not available in the epel repo?
That is apparently the case unless my google--fu isn't up to snuff
Nope. It is available in Fedora though. If you want to install it you have to manually build the RPMs. While not hard to build it would be a pain to maintain updates.
-
@stacksofplates said in Help me understand KVM Networking:
@wirestyle22 said in Help me understand KVM Networking:
@black3dynamite said in Help me understand KVM Networking:
@stacksofplates said in Help me understand KVM Networking:
Too bad ovs isnt in the repos for RHEL/CentOS. You can set up these private networks and connect them through a VXLAN with ovs. That way you can have something like a separate dev network on the same hosts and they can communicate between hosts.
Not available in the epel repo?
That is apparently the case unless my google--fu isn't up to snuff
Nope. It is available in Fedora though. If you want to install it you have to manually build the RPMs. While not hard to build it would be a pain to maintain updates.
OVS is used by oVirt so maybe the centos ovirt repo has it (or the ovirt stable repo)
-
@matteo-nunziati said in Help me understand KVM Networking:
@stacksofplates said in Help me understand KVM Networking:
@wirestyle22 said in Help me understand KVM Networking:
@black3dynamite said in Help me understand KVM Networking:
@stacksofplates said in Help me understand KVM Networking:
Too bad ovs isnt in the repos for RHEL/CentOS. You can set up these private networks and connect them through a VXLAN with ovs. That way you can have something like a separate dev network on the same hosts and they can communicate between hosts.
Not available in the epel repo?
That is apparently the case unless my google--fu isn't up to snuff
Nope. It is available in Fedora though. If you want to install it you have to manually build the RPMs. While not hard to build it would be a pain to maintain updates.
OVS is used by oVirt so maybe the centos ovirt repo has it (or the ovirt stable repo)
I'm assuming it's just building the RPM since it's not in the normal repo.
