KubeVirt Default Networking Question

[Greg Waines]

A question about the default networking with KubeVirt VMs.

Scenario 1:

I create a VirtualMachine (using ubuntu cloud image),
WITHOUT specifying anything for "domain:devices:interfaces" or "domain:networks".

and

the VM comes up with the CNI interface on my K8S cluster's cluster-pod-subnet (172.16.103.159/32)

e.g.

cumulus@wrcp-lab-test:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 16:20:1d:97:db:c5 brd ff:ff:ff:ff:ff:ff
    inet 172.16.103.159/32 metric 100 scope global dynamic enp1s0
       valid_lft 86310303sec preferred_lft 86310303sec
    inet6 fe80::1420:1dff:fe97:dbc5/64 scope link
       valid_lft forever preferred_lft forever

... this seems understandable ... and all the networking works fine.

Scenario 2:

I create a VirtualMachine (using ubuntu cloud image),

and specify

      domain:
        devices:
          ...
          interfaces:
          - masquerade: {}
            name: default
      ...
      networks:
      - name: default
        pod: {}

and in this scenario, 

it comes up with what I think is the basic CNI interface but with a 10.0.2.2/24 subnet IP Address.

e.g.

cumulus@wrcp-lab-test-default-network:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:9f:82:72 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.2/24 metric 100 brd 10.0.2.255 scope global dynamic enp1s0
       valid_lft 86313438sec preferred_lft 86313438sec
    inet6 fe80::5054:ff:fe9f:8272/64 scope link
       valid_lft forever preferred_lft forever

...

... and again the networking all works.

But I don't understand what this 10.0.2.2/24 subnet is ?

Is it on the same virtual L2 Network as the cluster-pod-subnet ?  and managed by my CNI ?

Greg.

[Edward Haas]

Quoting from the documentation [1]:
> In masquerade mode, KubeVirt allocates internal IP addresses to virtual machines and hides them behind NAT.

> All the traffic exiting virtual machines is "NAT'ed" using pod IP addresses.

[1] http://kubevirt.io/user-guide/virtual_machines/interfaces_and_networks/#masquerade

Kubevirt does this in order to support migrations of the VM.

Internally, the IP does not change while externally the IP of the new pod is exposed.

Hope this helps.

Greg.

--
You received this message because you are subscribed to the Google Groups "kubevirt-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to kubevirt-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/kubevirt-dev/fcf86234-6cd6-4f7b-a2af-30c3b4da60ffn%40googlegroups.com.

[Greg Waines]

Thanks … that makes sense. 

Greg

Sent from my iPhone

On Jul 15, 2022, at 2:59 PM, Edward Haas <edw...@redhat.com> wrote: