LinuxQuestions.org - qemu-kvm bridge connectivity similar to virtual box

- Slackware (http://www.linuxquestions.org/questions/slackware-14/)

- - qemu-kvm bridge connectivity similar to virtual box (http://www.linuxquestions.org/questions/slackware-14/qemu-kvm-bridge-connectivity-similar-to-virtual-box-4175431859/)

mlpa	10-12-2012 09:30 AM

qemu-kvm bridge connectivity similar to virtual box

Hello I am dropping Virtual Box for qemu-kvm.
My main activity is to mount servers and services.
So I would like o know how can I have bridge connectivity similar to Virtual Box.

I already tried bridge-utils and it was rather complex. I am now trying vde, using the vde2 slackbuild and alien bob tutorial, here.

My guest debian boots without problem and has a eth0. However the interface do not get any IP.

Can some one help me with this?

Alien Bob

10-12-2012 10:08 AM

If you are running Slackware 14 you can setup a bridge in /etc/rc.d/rc.inet1.conf ; here is an example of what my KVM server has configured for a bridge with eth0 in it:

Code:

# Config information for eth0:

#IPADDR[0]=""

#NETMASK[0]=""

#USE_DHCP[0]=""

#DHCP_HOSTNAME[0]=""



# Config information for br0:

IFNAME[1]="br0"

BRNICS[1]="eth0"

IPADDR[1]="192.168.1.1"

NETMASK[1]="255.255.255.0"

USE_DHCP[1]=""

DHCP_HOSTNAME[1]=""

If you are still on Slackware 13.37 or older, you can get the bridge scripts and the .diff file to add it to your current rc.inet1 script here: http://slackware.com/~alien/rc_scripts/bridging/ . This diff is what got added to Slackware 14.

Then, what you need to do is connect the VM's to that bridge.
If you are using my vde package, then that is very easy: copy the rc.vdenetwork script to /etc/rc.d/ , make it executable and start it from /etc/rc.d/rc.local :

Code:

# Start the VDE network layer:

if [ -x /etc/rc.d/rc.vdenetwork ]; then

  echo "Starting VDE:  /etc/rc.d/rc.vdenetwork start"

  /etc/rc.d/rc.vdenetwork start

fi

Then, edit rc.vdenetwork to suit your needs, for instance these are important lines:

Code:

NETWORKTYPE="bridge"

BR_DEV=br0

TAP_DEV=kvm0

If you configured NETWORKTYPE="bridge" then the rc.vdenetwork script will bring up the tap interface, start the vde_switch (the virtual network switch to which all your virtual machines will connect) and finally add the tap interface to the host computer's network bridge.

If you start a virtual machine, you need to have the following parameters in your KVM commandline so that the VM connects to the vde_switch:

Code:

qemu-system-x86_64 -net vde,sock=/var/run/kvm0.ctl,vlan=0 -net nic,model=e1000,vlan=0

The choice of nic model is up to you of course, but e1000 works well for me.

When you do it like this, your virtual machines will be bridged and will be able to get their network configuration from the DHCP server in your LAN.

Eric

mlpa	10-12-2012 10:18 AM

Thanks Eric, I will try this in the weekend.
the script that com with vde is the following:

Quote:

#!/bin/sh

#=========================== EDIT THE FOLLOWING VARIABLES ==========================
# _________________________________________________________________________________
# | |
# | Interface name to use for the TAP device |
# | |
TAP_IF="tap0"
# |_________________________________________________________________________________|
# | |
# | IP Address/Subnet in CIDR Notation for the Virtual Network |
# | |
TAP_NET="10.10.10.1/24"
# |_________________________________________________________________________________|
#
#=========================== DO NOT EDIT BELOW THIS LINE ============================

start(){
echo -n "Starting VDE Switch..."

# Load tun module
modprobe tun || { echo "Error, cannot load 'tun' module. Exiting..." ; exit 1 ; }
sleep 1

# Start tap switch
vde_switch -tap ${TAP_IF} -daemon || { echo "Error, cannot assign IP to ${TAP_IF}. Exiting..." ; exit 1 ; }

# Bring tap interface up
ip addr add ${TAP_NET} dev ${TAP_IF}
ip link set ${TAP_IF} up

#chmod 666 /tmp/vde.ctl
chmod -R a+rwx /var/run/vde.ctl

# Apply workaround
echo 1024 > /proc/sys/dev/rtc/max-user-freq
echo
}

stop(){
echo -n "Stopping VDE Switch..."

# Bring tap interface down
ip addr flush dev ${TAP_IF}
ip link set ${TAP_IF} down

# Kill VDE switch
kill $(pgrep vde_switch)
sleep 1

# Remove tun module
modprobe -r tun
echo
}

case "$1" in
start)
start
;;

stop)
stop
;;

restart)
stop
start
;;
*)
echo "Usage: $0 {start|stop|restart}"
;;
esac

Your version has a lot more things.
By the way, after reading it i think my problem was the lack of bridge interface.
I thought that vde take cared of that.
This bridge will be visible in my local network? Similar to bridge in virtual box?
Is there any problem if my network devices are controlled through Network Manger?

Alien Bob

10-12-2012 02:31 PM

Networkmanager and bridges do not play well together from what I hear. But you can attempt the following hybrid solution.

I did not try this, but the flow of rc.inet1 should allow for it:
- Define a bridge in rc.inet1.conf , using eth0 as one of the bridge's interfaces, but do not assign an IP address to it.
- Configure NetworkManager to use the bridge interface (br0 if you used that name in rc.inet1) and let NM handle it from there on.
- Let rc.vdenetwork add the tap interface to the bridge
- Virtual machines should be able to use the bridge and act as if they were actual computers on your LAN.

Please note that bridges do not like DHCP very much. Having a static IP address for a bridge is very recommended. Bridges and wireless interfaces will probably be an even bigger challenge.

Eric

allend

10-12-2012 09:12 PM

If you only want to setup networking when you use a VM, then running this little script as root works for me.

Code:

#!/bin/sh



#Script to setup a bridge interface for use with qemu



tunctl -u <username> -g kvm



ifconfig eth0 0.0.0.0

ifconfig tap0 0.0.0.0

brctl addbr br0

brctl addif br0 eth0

brctl addif br0 tap0

dhcpcd br0



# Load firewall rules when using br0

/etc/rc.d/rc.firewall_br0



# Load the kernel module needed by qemu

modprobe kvm-intel

To use the bridge interface I include these parameters to qemu-kvm when starting the VM

Code:

-net tap,ifname=tap0,script=no,downscript=no -net nic,model=virtio

(The choice of nic model is yours).

To bring the bridge down after using the VM I use

Code:

#!/bin/sh



# Script to bring down bridge after use by qemu



ifconfig tap0 down

brctl delif br0 tap0

tunctl -d tap0

ifconfig eth0 down

brctl delif br0 eth0

ifconfig br0 down

brctl delbr br0



# Restart networking

ifconfig eth0 up

dhcpcd eth0



# Reload firewall rules when using eth0

/etc/rc.d/rc.firewall

You need to install the tunctl package from SlackBuilds.org for this to work, and ensure that the user is a member of the kvm group.

mlpa	10-17-2012 06:47 PM

Hi allend I tried to combine you solution with alien bob.
I added a bridge interface in rc.inet1.conf and set the NetworkManager to only manage my wlan0 interface.

After that I tried to use your scripts to set up a bridge connection.
My script is this

Quote:

#!/bin/bash

### VM config
MEMORY=512

### Set a bridge interface
IF="eth0"
BR="br0"
TAP=$(tunctl -u $(whoami) -b)

brctl addif $BR $TAP
ifconfig $TAP up

### Launch VM

sudo qemu-kvm -m $MEMORY \
-localtime \
-hda debian.qcow2 \
-net "nic,vlan=0,model=e1000" \
-net "tap,vlan=0,ifname=$TAP,script=no,downscript=no" \
-smp "2"
1>debian.log 2>debian.err

### Tear down bridge

ifconfig $TAP down
brctl delif $BR $TAP
tunctl -d $TAP

The VM starts normally but do not get any ip from DHCP.
It is necessary to add some rule to iptables? I saw several websites that mention forwarding rules.
Am i doing something wrong?

allend

10-18-2012 06:01 AM

I do have these lines in my /etc/rc.d/rc.firewall_br0 so that the VM can get an IP address from my modem/router.

Code:

# DHCP uses UDP from server port 67 to  port 68 - Needed for qemu virtual machine

$IPTABLES -A INPUT -i $EXTIF -p udp --sport 67 --dport 68 -j ACCEPT

# Allow outgoing DHCP broadcast

$IPTABLES -A INPUT -i tap0 -p udp --sport 68 --dport 67 -j ACCEPT

# Initialise the FORWARD chain for use by virtual machines

$IPTABLES -A FORWARD -i $EXTIF -o $EXTIF -j ACCEPT

Alien Bob

10-18-2012 06:52 AM

Quote:

Originally Posted by mlpa (Post 4808581)

Code:

### Launch VM



sudo qemu-kvm -m $MEMORY \

...

The elegance of my VDE powered solution is that you do not have to run your qemu as root. With VDE, the qemu that is started under your normal user account will connect to the tnu/tap interface managed by the vde-switch (which is started as root, preferably on boot, in rc.local).
I advise you to think twice if running qemu as root is really something you want to do...

Eric

mlpa	10-19-2012 03:18 AM

Quote:

Originally Posted by Alien Bob (Post 4809011)

Even without using tap interfaces, i had to run qemu-kvm as root because of the acceleration modules.
I saw in the slackbuilds a file with udev rules to put in the /ect/udev/rules.d but still asked for root.

Did i make a mistake?

Alien Bob

10-19-2012 04:31 AM

Quote:

Originally Posted by mlpa (Post 4809735)

If youwere using my SlackBuild then you must create a group called "kvm" and add your account to it:

Code:

# groupadd kvm

# gpasswd -a mlpa kvm

Then logout, login again and you should be able to use the KVM acceleration without being root.

Eric

mlpa	10-20-2012 06:09 AM

Quote:

Originally Posted by Alien Bob (Post 4809775)

If youwere using my SlackBuild then you must create a group called "kvm" and add your account to it:

Code:

# groupadd kvm

# gpasswd -a mlpa kvm

Then logout, login again and you should be able to use the KVM acceleration without being root.

Eric

I am using the slackbuild provided by slackbuild.org

Finally my bridge start to work, the problem was iptables.
The default rule for forward was drop :)

Another questions, before marking the post as solved.
Can the host discover the IP address of the guest virtual machine?

I mainly work with server so I do not need graphics just connect to the machine using ssh.

Alien Bob

10-20-2012 06:34 AM

Quote:

Originally Posted by mlpa (Post 4810597)

Can the host discover the IP address of the guest virtual machine?
I mainly work with server so I do not need graphics just connect to the machine using ssh.

If you mean, can you just start a ssh session with the virtual machine? Yes, you will b able to do that from any computer in your LAN, not just on the host. That is the nice thing about using a bridged network - your virtual machines are accessible on your LAN just like any "real" computer you may have.

Eric

allend

10-20-2012 07:29 AM

Quote:

Finally my bridge start to work, the problem was iptables.
The default rule for forward was drop

I beg your pardon. I missed that in my /etc/rc.d/rc.firewall_br0.
I have edited my post #7 to show the forward chain.

Glad you have got it working!

mlpa	10-20-2012 08:55 PM

Quote:

Originally Posted by allend (Post 4808975)

I do have these lines in my /etc/rc.d/rc.firewall_br0 so that the VM can get an IP address from my modem/router.

Code:

# DHCP uses UDP from server port 67 to  port 68 - Needed for qemu virtual machine

$IPTABLES -A INPUT -i $EXTIF -p udp --sport 67 --dport 68 -j ACCEPT

# Allow outgoing DHCP broadcast

$IPTABLES -A INPUT -i tap0 -p udp --sport 68 --dport 67 -j ACCEPT

# Initialise the FORWARD chain for use by virtual machines

$IPTABLES -A FORWARD -i $EXTIF -o $EXTIF -j ACCEPT

$EXTIF is the physical interface or the bridge interface?

allend

10-20-2012 10:04 PM

It is the bridge interface

Code:

EXTIF="br0"

All times are GMT -5. The time now is 02:00 AM.