Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Create virtual ethernet devices on Debian 9 stretch ?
23 views
Skip to first unread message
Zenaan Harkness
Aug 28, 2017, 1:00:06 AM8/28/17
to
Riffing on the recent thread, here's the one I thought that was, and
wanted it to be. Alas, twas not so, and thus the inordinately
difficult and challanging task of creating a new thread is weighty
upon my shoulders. So this is it :)
Have done quite a bit of research over the last couple months,
there's a -lot- of tech, plenty of it "fairly new" too.
Some years back, I ran openvpn to connect a few computers "securely"
(for wild "I hope this works as I cross my fingers" values of
"securely"). I have some vague recollection of creating tap and tun
devices.
"Right now" my aim is to run virt-manager or qemu, with kvm
underneath, with a host-only virtual network to which I shall connect
two virtual machines, and the host machine, and run some nfs or samba
thing to share folders between all 3.
My requisite is to have a sense of full control over my virtual
networking - this means setup and tear down primarily via
/etc/network/interfaces unless some other mechanism were more highly
recommended
- this means not relying on say the virt-manager gui
However, I'd also like to learn how to use the virt-manager gui to
create a single "host-only virtual network" instance for a virtual
machine (or two :)
The reason I want to learn how to do this virtual host-only network
with virt-manager gui, is so I can teach others, most of whom are
really only comfortable with a gui.
The reason I must learn how to do this virtual host-only network via
/e/n/i is for skills transfer - so that when I must manage a remote
host or VM in the future, I can readily do what I need to do via an
SSH cmd line (i.e. text only) interface.
Here are the examples/ snippets I've gleaned in the last few months:
## temporary ssh vpn:
iface tun0 inet static
pre-up sleep 3
address 10.3.3.1
netmask 255.255.255.255
pointopoint 10.3.3.3
#up arp -sD 10.3.3.3 eth0 pub # perhaps just do NAT, eg, on
server:
up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
up echo "1" /proc/sys/net/ipv4/ip_forward
down iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
down echo "0" /proc/sys/net/ipv4/ip_forward
# alternative routing:
#up ip route add 10.3.3.0/24 dev tun0 # this happens
automatically
up ip route add 10.1.1.0/24 dev tun0
up ip route add 10.1.2.0/24 dev tun0
down ip route del 10.1.1.0/24
down ip route del 10.1.2.0/24
# Simple case; man bridge-utils-interfaces(5)
# Bridge interface to make VMs bridge to specific networks
auto br0
iface br0 inet dhcp
bridge-ports eth0
bridge-ports ve0
bridge-ports all # WARNING, bridges all ethernet interfaces!
# Not so simple; virtual switch with host as gateway
# See http://debian-handbook.info/browse/stable/sect.virtualization.html
# Virtual interface
auto tap0
iface tap0 inet manual
vde2-switch -t tap0
# Bridge for containers
auto br0
iface br0 inet static
bridge-ports tap0
address 10.0.0.1
netmask 255.255.255.0
# See http://wiki.debian.org/QEMU#Host_and_guests_on_same_network
auto br0
iface br0 inet dhcp
pre-up ip tuntap add dev tap0 mode tap user <username>
pre-up ip link set tap0 up
bridge_ports all tap0
bridge_stp off
bridge_maxwait 0
bridge_fd 0
post-down ip link set tap0 down
post-down ip tuntap del dev tap0 mode tap
# qemu/kvm host only or private/ internal network:
# - it's a form of "bridge" network - apt-get install bridge-utils
# - ho0 is the (random) name chosen for this bridge device,
# e.g. "hostonly0" might be a better memory jog
# - 10.13.13.1 is the (random) host address for this network
auto ho0
iface ho0 inet static
address 10.13.13.1
netmask 255.255.255.0
pre-up brctl addbr ho0
post-down brctl delbr ho0
See also attached snippets file, with links and my initial notes
regarding differences of different virt networking systems.
AIUI I don't need any exotic networking to try to extract the last
few cycles of CPU performance, just functional, flexible, cmd-line/
text config style virtual networking to link a few virtual machines,
with an eye to remote admin of a host and/ or a few VMs.
Given so many options, and so many variations, I feel completely lost
at this point in time :(
Any suggestions as to which pathway/ program etc would be a
reasonably balanced pathway to follow, would be greatly appreciated.
TIA,
Zenaan
wanted it to be. Alas, twas not so, and thus the inordinately
difficult and challanging task of creating a new thread is weighty
upon my shoulders. So this is it :)
Have done quite a bit of research over the last couple months,
there's a -lot- of tech, plenty of it "fairly new" too.
Some years back, I ran openvpn to connect a few computers "securely"
(for wild "I hope this works as I cross my fingers" values of
"securely"). I have some vague recollection of creating tap and tun
devices.
"Right now" my aim is to run virt-manager or qemu, with kvm
underneath, with a host-only virtual network to which I shall connect
two virtual machines, and the host machine, and run some nfs or samba
thing to share folders between all 3.
My requisite is to have a sense of full control over my virtual
networking - this means setup and tear down primarily via
/etc/network/interfaces unless some other mechanism were more highly
recommended
- this means not relying on say the virt-manager gui
However, I'd also like to learn how to use the virt-manager gui to
create a single "host-only virtual network" instance for a virtual
machine (or two :)
The reason I want to learn how to do this virtual host-only network
with virt-manager gui, is so I can teach others, most of whom are
really only comfortable with a gui.
The reason I must learn how to do this virtual host-only network via
/e/n/i is for skills transfer - so that when I must manage a remote
host or VM in the future, I can readily do what I need to do via an
SSH cmd line (i.e. text only) interface.
Here are the examples/ snippets I've gleaned in the last few months:
## temporary ssh vpn:
iface tun0 inet static
pre-up sleep 3
address 10.3.3.1
netmask 255.255.255.255
pointopoint 10.3.3.3
#up arp -sD 10.3.3.3 eth0 pub # perhaps just do NAT, eg, on
server:
up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
up echo "1" /proc/sys/net/ipv4/ip_forward
down iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
down echo "0" /proc/sys/net/ipv4/ip_forward
# alternative routing:
#up ip route add 10.3.3.0/24 dev tun0 # this happens
automatically
up ip route add 10.1.1.0/24 dev tun0
up ip route add 10.1.2.0/24 dev tun0
down ip route del 10.1.1.0/24
down ip route del 10.1.2.0/24
# Simple case; man bridge-utils-interfaces(5)
# Bridge interface to make VMs bridge to specific networks
auto br0
iface br0 inet dhcp
bridge-ports eth0
bridge-ports ve0
bridge-ports all # WARNING, bridges all ethernet interfaces!
# Not so simple; virtual switch with host as gateway
# See http://debian-handbook.info/browse/stable/sect.virtualization.html
# Virtual interface
auto tap0
iface tap0 inet manual
vde2-switch -t tap0
# Bridge for containers
auto br0
iface br0 inet static
bridge-ports tap0
address 10.0.0.1
netmask 255.255.255.0
# See http://wiki.debian.org/QEMU#Host_and_guests_on_same_network
auto br0
iface br0 inet dhcp
pre-up ip tuntap add dev tap0 mode tap user <username>
pre-up ip link set tap0 up
bridge_ports all tap0
bridge_stp off
bridge_maxwait 0
bridge_fd 0
post-down ip link set tap0 down
post-down ip tuntap del dev tap0 mode tap
# qemu/kvm host only or private/ internal network:
# - it's a form of "bridge" network - apt-get install bridge-utils
# - ho0 is the (random) name chosen for this bridge device,
# e.g. "hostonly0" might be a better memory jog
# - 10.13.13.1 is the (random) host address for this network
auto ho0
iface ho0 inet static
address 10.13.13.1
netmask 255.255.255.0
pre-up brctl addbr ho0
post-down brctl delbr ho0
See also attached snippets file, with links and my initial notes
regarding differences of different virt networking systems.
AIUI I don't need any exotic networking to try to extract the last
few cycles of CPU performance, just functional, flexible, cmd-line/
text config style virtual networking to link a few virtual machines,
with an eye to remote admin of a host and/ or a few VMs.
Given so many options, and so many variations, I feel completely lost
at this point in time :(
Any suggestions as to which pathway/ program etc would be a
reasonably balanced pathway to follow, would be greatly appreciated.
TIA,
Zenaan
Reco
Aug 28, 2017, 9:20:07 AM8/28/17
to
Hi.
On Mon, Aug 28, 2017 at 02:52:48PM +1000, Zenaan Harkness wrote:
> "Right now" my aim is to run virt-manager or qemu, with kvm
> underneath, with a host-only virtual network to which I shall connect
> two virtual machines, and the host machine, and run some nfs or samba
> thing to share folders between all 3.
This is doable. Not 'simple' as libvirt (the thing underneath
virt-manager) is trying to do too much at once, but 'doable'.
> My requisite is to have a sense of full control over my virtual
> networking - this means setup and tear down primarily via
> /etc/network/interfaces unless some other mechanism were more highly
> recommended
> - this means not relying on say the virt-manager gui
In e/n/i lingua you need something like this (bridge-utils package is
required):
auto br0
iface br0 inet static
address …
netmask …
bridge_ports regex vnet[0-9]+
bridge_stp off
bridge_maxwait 0
Meaning that:
1) You setup a conventional Linux brigde interface which *must* include
libvirt-created network interfaces only (provided they exist on upping
the bridge).
2) Said bridge is configured with static IP address for simplicity.
3) The bridge has STP disabled as it's highly unlikely you'll need to
connect two such bridges on two hosts.
4) Finally, there's no need to wait for slave interfaces to appear in
such bridge.
What you *do not* need to do when using libvirt is to muck with iptables
(host-only network does not require it) or create tap/tun interfaces
manually. You only need to explain each 'virtual domain' (aka 'virtual
machine') that they should use br0 as a 'bridge' interface, not a
'network' one.
> However, I'd also like to learn how to use the virt-manager gui to
> create a single "host-only virtual network" instance for a virtual
> machine (or two :)
You'll need to feed libvirt XML that's similar to the following (note
that 'forward' is absent), which I took directly from
libvirt-daemon-system package:
<network>
<name>default</name>
<bridge name="virbr0"/>
<ip address="192.168.122.1" netmask="255.255.255.0">
<dhcp>
<range start="192.168.122.2" end="192.168.122.254"/>
</dhcp>
</ip>
</network>
Not only libvirt will create a bridge called virbr0, but it also will
start dnsmasq on it (to serve DNS and DHCP requests) and it will throw
in some iptables rules on the top of heap.
While I can easily write how to feed such XML to libvirt by virsh, I'm
feeling difficulty to describe which buttons should be pressed in
virt-manager to achieve the same result ☺.
It should be straightforward and userfriendly, at least that's what
upstream is promising us.
> Here are the examples/ snippets I've gleaned in the last few months:
>
> ## temporary ssh vpn:
> iface tun0 inet static
> …
Unsuitable for host-only network, neat idea though
> # Simple case; man bridge-utils-interfaces(5)
> # Bridge interface to make VMs bridge to specific networks
> auto br0
> iface br0 inet dhcp
> …
See above.
> # Not so simple; virtual switch with host as gateway
> # See http://debian-handbook.info/browse/stable/sect.virtualization.html
> # Virtual interface
> auto tap0
> iface tap0 inet manual
> vde2-switch -t tap0
> …
libvirt did not support vde2 last time I checked.
> # Bridge for containers
> auto br0
> iface br0 inet static
> bridge-ports tap0
> address 10.0.0.1
> netmask 255.255.255.0
> …
Almost hit it, but libvirt likes to call network interfaces 'vnet' not
'tap'.
> # See http://wiki.debian.org/QEMU#Host_and_guests_on_same_network
> auto br0
> iface br0 inet dhcp
> pre-up ip tuntap add dev tap0 mode tap user <username>
> …
Neat, but redundant with libvirt.
> # qemu/kvm host only or private/ internal network:
> # - it's a form of "bridge" network - apt-get install bridge-utils
> # - ho0 is the (random) name chosen for this bridge device,
> # e.g. "hostonly0" might be a better memory jog
> # - 10.13.13.1 is the (random) host address for this network
> auto ho0
> iface ho0 inet static
> address 10.13.13.1
> netmask 255.255.255.0
> pre-up brctl addbr ho0
> post-down brctl delbr ho0
Ditto.
Reco
On Mon, Aug 28, 2017 at 02:52:48PM +1000, Zenaan Harkness wrote:
> "Right now" my aim is to run virt-manager or qemu, with kvm
> underneath, with a host-only virtual network to which I shall connect
> two virtual machines, and the host machine, and run some nfs or samba
> thing to share folders between all 3.
virt-manager) is trying to do too much at once, but 'doable'.
> My requisite is to have a sense of full control over my virtual
> networking - this means setup and tear down primarily via
> /etc/network/interfaces unless some other mechanism were more highly
> recommended
> - this means not relying on say the virt-manager gui
required):
auto br0
iface br0 inet static
netmask …
bridge_ports regex vnet[0-9]+
bridge_stp off
bridge_maxwait 0
Meaning that:
1) You setup a conventional Linux brigde interface which *must* include
libvirt-created network interfaces only (provided they exist on upping
the bridge).
2) Said bridge is configured with static IP address for simplicity.
3) The bridge has STP disabled as it's highly unlikely you'll need to
connect two such bridges on two hosts.
4) Finally, there's no need to wait for slave interfaces to appear in
such bridge.
What you *do not* need to do when using libvirt is to muck with iptables
(host-only network does not require it) or create tap/tun interfaces
manually. You only need to explain each 'virtual domain' (aka 'virtual
machine') that they should use br0 as a 'bridge' interface, not a
'network' one.
> However, I'd also like to learn how to use the virt-manager gui to
> create a single "host-only virtual network" instance for a virtual
> machine (or two :)
that 'forward' is absent), which I took directly from
libvirt-daemon-system package:
<network>
<name>default</name>
<bridge name="virbr0"/>
<ip address="192.168.122.1" netmask="255.255.255.0">
<dhcp>
<range start="192.168.122.2" end="192.168.122.254"/>
</dhcp>
</ip>
</network>
Not only libvirt will create a bridge called virbr0, but it also will
start dnsmasq on it (to serve DNS and DHCP requests) and it will throw
in some iptables rules on the top of heap.
While I can easily write how to feed such XML to libvirt by virsh, I'm
feeling difficulty to describe which buttons should be pressed in
virt-manager to achieve the same result ☺.
It should be straightforward and userfriendly, at least that's what
upstream is promising us.
> Here are the examples/ snippets I've gleaned in the last few months:
>
> ## temporary ssh vpn:
> iface tun0 inet static
Unsuitable for host-only network, neat idea though
> # Simple case; man bridge-utils-interfaces(5)
> # Bridge interface to make VMs bridge to specific networks
> auto br0
> iface br0 inet dhcp
See above.
> # Not so simple; virtual switch with host as gateway
> # See http://debian-handbook.info/browse/stable/sect.virtualization.html
> # Virtual interface
> auto tap0
> iface tap0 inet manual
> vde2-switch -t tap0
libvirt did not support vde2 last time I checked.
> # Bridge for containers
> auto br0
> iface br0 inet static
> bridge-ports tap0
> address 10.0.0.1
> netmask 255.255.255.0
Almost hit it, but libvirt likes to call network interfaces 'vnet' not
'tap'.
> # See http://wiki.debian.org/QEMU#Host_and_guests_on_same_network
> auto br0
> iface br0 inet dhcp
> pre-up ip tuntap add dev tap0 mode tap user <username>
Neat, but redundant with libvirt.
> # qemu/kvm host only or private/ internal network:
> # - it's a form of "bridge" network - apt-get install bridge-utils
> # - ho0 is the (random) name chosen for this bridge device,
> # e.g. "hostonly0" might be a better memory jog
> # - 10.13.13.1 is the (random) host address for this network
> auto ho0
> iface ho0 inet static
> address 10.13.13.1
> netmask 255.255.255.0
> pre-up brctl addbr ho0
> post-down brctl delbr ho0
Reco
0 new messages