KVM guest networking user-mode difficulties

Cotun · 04-23-2010, 03:36 PM

Hi everybody

I've been trying to setup a Debian Lenny virtual machine inside KVM and I'm having significant trouble with the bridging mode of networking when KVM is run as a user. There are no problems when KVM is run as root, so clearly this is some kind of permissions issue. However, I can't figure out where it is and hoped somebody here might know. I've done this before without difficulty, so I can't understand why it no longer works.

I've been following this as a guide using the "public bridging" method. I'm running Debian Lenny on the host too with the 2.6.30 kernel. The guest virtual machine must be accessible from the local network.

http://www.linux-kvm.org/page/Networking

The tun kernel module is loaded and seems to works properly. I've set the group permission of the /dev/net/tun device to "tun" and added that group to my user account. The permissions are 660, although 666 also doesn't work. The /etc/qemu-ifup script I've used is the same as shown in the above guide and is executable for all users. I've confirmed that /sbin/ip, /usr/sbin/brctl and /usr/sbin/tunctl are all installed and seem to be working. I've also added sudo introductions for each of these to run under the current user account, although it doesn't even ask for a password to access them. The contents of my /etc/network/interfaces is:

Code:

auto br0
iface br0 inet static
        address 192.168.0.2
        network 192.168.0.0
        netmask 255.255.255.0
        broadcast 192.168.0.255
        gateway 192.168.0.50
        bridge_ports eth1
        bridge_fd 1
        bridge_hello 1
        bridge_stp off

br0 does have an IP address and eth1 does not. The bridge has been working properly for some time.

No matter what I do permissions-wise, I cannot get rid of this problem.

Code:

#kvm -net nic -net tap,script=/etc/qemu-ifup
warning: could not configure /dev/net/tun: no virtual network emulation

Does anybody know what I could be missing?

Thanks

Cotun

Chuck56 · 04-24-2010, 11:03 AM

I usually identify the specific tap interface:

Code:

-net tap,ifname=tap0,script=/etc/qemu-ifup

Cotun · 04-25-2010, 11:57 AM

Yes, I tried that originally, it has no effect. I can't understand what the problem is.

HasC · 04-28-2010, 01:02 PM

What about doing everything by hand?

Code:

root# brctl addbr switch0
root# for IFACE in $(seq 10 15); do
    >    tunctl -t tap"$IFACE" -u $(id -u youruser)
    >    brctl addif switch0 tap"$IFACE"
    >    ifconfig tap"$IFACE"promisc up
    > done
root# brctl addif switch0 eth1
root# ifconfig eth1 promisc up
root# ifconfig switch0 192.168.0.2 up

There you have your virtual networking, with some TAPs to play with.

EDIT: Later, when you start your VMs, use:

Code:

qemu -net tap,ifname=tapX,script=no,downscript=no

Don't use /etc/qemu-ifup

Cotun · 05-01-2010, 04:50 PM

Thanks for your response. It's amazing how you never think of the obvious until it's suggested to you

Setting it up manually worked fine. Although the TUN/TAP networking seems horribly slow for some reason, at about 10% of the real network capacity. It doesn't appear to be bottlenecked by CPU or disk throughput.

For the benefit of others reading this thread, I didn't have to follow all the stages suggested by others as I already had a bridge setup configured. So I basically did the following to configure one tap interface.

Code:

root# tunctl -t tap0 -u <username>
root# brctl addif br0 tap0
root# ifconfig tap0 up

I added this to my rc.local file and now it configures it on every boot-up. I removed the promisc parameter from the ifconfig line as I found it wasn't needed and made no difference to performance. I also can't be sure of this, but I think using the promisc flag may introduce a security implication as the guest virtual machine may receive transmissions meant for the real host, i.e allowing packet sniffing on the virtual machine. But I have no idea if this is really a possible scenario or not.

For running KVM, I used this

Code:

kvm -net nic,macaddr=<address> -net tap,ifname=tap0,script=no,downscript=no

Thanks to both of you for your help

gezley · 05-01-2010, 06:52 PM

Quote:

Originally Posted by Cotun

Setting it up manually worked fine. Although the TUN/TAP networking seems horribly slow for some reason, at about 10% of the real network capacity. It doesn't appear to be bottlenecked by CPU or disk throughput.

Try setting the following for improved network speed:

kvm -net nic,macaddr=<address>,model=e1000

HasC · 05-02-2010, 09:37 AM

Quote:

Originally Posted by gezley

Try setting the following for improved network speed:

kvm -net nic,macaddr=<address>,model=e1000

Or model=virtio, if the guests' are Linux

Cotun · 05-03-2010, 05:22 PM

Thanks to both of you for your network model suggestions, I had no idea that existed. The performance has now picked up nicely