ANN: Qubes arbitrary network topology

21 views
Skip to first unread message

Manuel Amador (Rudd-O)

unread,
Mar 16, 2021, 12:27:06 PM3/16/21
to qubes...@googlegroups.com

Hello, folks!  I'm here to share this:

https://github.com/Rudd-O/qubes-arbitrary-network-topology

This software lets you turn your Qubes OS 4.0 machine into an arbitrary network topology host. It is ideal to create networks of interconnected VMs with arbitrary pathways between them, and minimal effort compared to manually setting everything up using xl attach in your dom0 as root.

How to use

Suppose you have two VMs, which you want to be interconnected via (virtualized) Ethernet. VM F (for frontend) will be attached to VM B (for backend).

With this software, all you have to do is attach a feature attach-network-to onto B, like so:

# Run me on dom0 as your regular Qubes login user.
qvm-features B attach-network-to F
# You can add multiple VMs to attach to, by separating them with newlines like so:
#     [user@dom0]$ qvm-features B attach-network-to 'F
#     G
#     H'

And that's it. As soon as both B and F are running, network interfaces will appear on each one; if you set the feature while the VMs were running, the interfaces will appear instantly. The network interface in F will generally be named eth0 (or eth1 or other name increasing in value). The network interface in B will be named after F. IP networking on none of the network interfaces will be configured by the system.

From this point on, all you have to do is configure the network interfaces — e.g. using NetworkManager — on those two VMs, then adjust the firewall rules on both VMs to permit input from one VM to the other, or even forwarding through them. You could build a bridge, or set IP configuration to your liking.

Here is a sample IP configuration file for NetworkManager (to follow our example, stored in B under /rw/config/NM-system-connections/F.nmconnection):

[connection]
id=B
uuid=bb88cc30-1bcd-40bf-97f2-013626692bd1
type=ethernet
autoconnect-priority=-999
interface-name=F
permissions=

[ethernet]
mac-address-blacklist=

[ipv4]
address1=10.250.9.26/30
dns=10.250.7.2
dns-search=
method=manual
route1=10.250.0.0/20,127.0.0.1,1000
route2=10.250.8.0/24,10.250.9.25,1
route3=0.0.0.0/0,10.250.9.25,101

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
method=disabled

[proxy]

Judicious use of the qvm-features command will allow you to have arbitrarily connected VMs on your system, directly testing a panoply of network topologies.

How it works

A small Qubes extension running under qubesd in dom0 monitors VMs as they start and stop. If a VM starts and it has the attach-network-to feature, all VMs named in the feature will get Xen Ethernet frontends attached, with the backends attached to the VM that just started. The converse is also true — if a VM starts, and it is mentioned in the attach-network-to feature of another VM, the frontend is attached to the VM that just started, and the backend is attached to the VM with the feature.

It's very simple, no magic involved.

How to install

Build the two necessary RPM packages and then install them to the respective VMs:

  1. The qubes-arbitrary-network-topology RPM: use the command make rpm on a VM with the same Fedora version as your TemplateVM. Then install the RPM in the TemplateVM, and power off the Template VM, as well as any other VMs you plan to attach networking to.
  2. The qubes-core-admin-addon-arbitrary-network-topology RPM: use the command make rpm on a VM or a chroot with the same Fedora version as your dom0 (that's Fedora 25 for Qubes 4.0). Then copy the RPM into your dom0, and install the RPM.


You should now be good to go.

Licensing

This software is shared under the GNU GPL v2. You can find the text of the GNU GPL in the COPYING file distributed with the source.

-- 
    Rudd-O
    https://rudd-o.com/
OpenPGP_signature

awokd

unread,
Mar 16, 2021, 5:23:26 PM3/16/21
to qubes...@googlegroups.com
Manuel Amador (Rudd-O):
> Hello, folks!  I'm here to share this:
>
> https://github.com/Rudd-O/qubes-arbitrary-network-topology
> <https://github.com/Rudd-O/qubes-arbitrary-network-topology>
>
> This software lets you turn your Qubes OS 4.0 machine into an arbitrary
> network topology host. It is ideal to create networks of interconnected
> VMs with arbitrary pathways between them, and minimal effort compared to
> manually setting everything up using xl attach in your dom0 as root.

Thank you, Rudd-O. I've had to suggest to some people in the past they
use a different virtualization product like Virtualbox if they needed
more flexible networking, but this might let them continue to use Qubes
instead.

--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots

David Hobach

unread,
Mar 17, 2021, 1:54:47 PM3/17/21
to Manuel Amador (Rudd-O), qubes...@googlegroups.com
On 3/16/21 5:26 PM, Manuel Amador (Rudd-O) wrote:
> Hello, folks!  I'm here to share this:
>
> https://github.com/Rudd-O/qubes-arbitrary-network-topology <https://github.com/Rudd-O/qubes-arbitrary-network-topology>
>
> This software lets you turn your Qubes OS 4.0 machine into an arbitrary network topology host. It is ideal to create networks of interconnected VMs with arbitrary pathways between them, and minimal effort compared to manually setting everything up using xl attach in your dom0 as root.


This looks promising, thanks!

I hope you intend to upstream it in the end or at least go for the qubes-community packaging.

Reply all
Reply to author
Forward
0 new messages