[SOLVED] Virtual networks, bridges, and routing, oh my.

vminthesky · 01-15-2013, 01:14 AM

I'm having a little trouble visualizing all of the steps that I need to take to get the desired network topology. Any help would be appreciated.

My desired topology is as follows:

Code:

                   vm-host
      ______________________________
    wlan0                           |
LAN---|            vm-mon           |
      |           ________          |
     eth0        veth0  veth1  vms  |
LAN---|-----br0---|-------|---{VLAN}|
      |           |_______|         |
      |_____________________________|

so we have a physical machine, vm-host, with two physical interfaces, wlan0 and eth0. wlan0 supplies a connection directly to vm-host, whereas eth0 is forwarded directly through br0 to vm-mon a virtual machine that monitors traffic as it proceeds to the virtual lan of virtual machines.

So the main points of discussion (assuming I am approaching it properly) are:

configure br0 to forward all traffic between eth0 and veth0
configure vm-mon to pass traffic between veth0 and veth1, after analyzing/filtering it (IDPS style)
configuring a virtual lan for additional virtual machines. preferably on the same subnet as the physical lan

Thanks in advance for any and all comments.

vminthesky · 01-19-2013, 10:39 PM

Dig enough, and you will get your answers, posting a response with the results, since no one posted a response to me.

Used a bridge on the host with a tap device to connect to the ethernet of vm-mon

vm-mon has a bridge between its ethernet and a tap. It has a vde_switch attached to that tap.

Host has a vde_switch connected to each qemu vm using -net vde

The two vde_switches are remotely connected to one another using dpipe, giving the setup described in the first post.

There might be a more elegant solution, but that's what I came up with.