mirror of
https://github.com/cloud-hypervisor/cloud-hypervisor.git
synced 2024-12-23 22:25:18 +00:00
176 lines
7.0 KiB
Markdown
176 lines
7.0 KiB
Markdown
|
# How to use networking
|
||
|
|
||
|
cloud-hypervisor can emulate one or more virtual network interfaces, represented at the hypervisor host by [tap devices](https://www.kernel.org/doc/Documentation/networking/tuntap.txt"). This guide briefly describes, in a manual and distribution neutral way, how to setup and use networking with cloud-hypevisor.
|
||
|
|
||
|
## Start cloud-hypervisor with net devices
|
||
|
|
||
|
Use one `--net` command-line argument from cloud-hypervisor to specify the emulation of one or more virtual NIC's. The example below instructs cloud-hypervisor to emulate for instance 2 virtual NIC's:
|
||
|
|
||
|
```bash
|
||
|
./cloud-hypervisor \
|
||
|
--cpus 4 \
|
||
|
--memory "size=512M" \
|
||
|
--disk my-root-disk.img \
|
||
|
--kernel my-vmlinux.bin \
|
||
|
--cmdline "console=ttyS0 reboot=k panic=1 nomodules root=/dev/vda3" \
|
||
|
--net tap=ich0,mac=a4:a1:c2:00:00:01,ip=192.168.4.2,mask=255.255.255.0 \
|
||
|
tap=ich1,mac=a4:a1:c2:00:00:02,ip=10.0.1.2,mask=255.255.255.0
|
||
|
```
|
||
|
|
||
|
The `--net` argument takes 1 or more space-separated strings of key value pairs containing the following 4 keys or fields:
|
||
|
|
||
|
| Name | Purpose | Optional |
|
||
|
| -------- |----------------------------| ----------|
|
||
|
| tap | tap device name | Yes |
|
||
|
| mac | vNIC mac address | Yes |
|
||
|
| ip | tap IP IP address | yes |
|
||
|
| mask | tap IP netmask | Yes |
|
||
|
|
||
|
## Configure the tap devices
|
||
|
|
||
|
After starting cloud-hypervisor as shown above, 2 tap devices with state down will become available at the host:
|
||
|
|
||
|
```bash
|
||
|
root@host:~# ip link show ich0
|
||
|
78: ich0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
|
||
|
link/ether 72:54:12:ff:ce:6f brd ff:ff:ff:ff:ff:ff
|
||
|
root@host:~# ip link show ich1
|
||
|
79: ich1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
|
||
|
link/ether 06:7a:fc:1b:9a:67 brd ff:ff:ff:ff:ff:ff
|
||
|
```
|
||
|
|
||
|
Set the tap devices to up state:
|
||
|
|
||
|
```bash
|
||
|
root@host:~# ip link set up ich0
|
||
|
root@host:~# ip link set up ich1
|
||
|
|
||
|
root@host:~# ip link show ich0
|
||
|
78: ich0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000
|
||
|
link/ether 72:54:12:ff:ce:6f brd ff:ff:ff:ff:ff:ff
|
||
|
root@host:~# ip link show ich1
|
||
|
79: ich1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000
|
||
|
link/ether 06:7a:fc:1b:9a:67 brd ff:ff:ff:ff:ff:ff
|
||
|
```
|
||
|
|
||
|
## Connect tap devices
|
||
|
|
||
|
Different networking models can be used to provide external connectivity. In this example we will
|
||
|
use 2 linux bridges emulating 2 different networks. The integration bridge (ich-int) in this example will also be used
|
||
|
for external connectivity.
|
||
|
|
||
|
Create the bridges and connect the cloud-hypervisor tap devices to the bridges:
|
||
|
|
||
|
```bash
|
||
|
root@host:~# brctl addbr ich-int
|
||
|
root@host:~# brctl addbr ich-dpl
|
||
|
root@host:~# ip link set up ich-int
|
||
|
root@host:~# ip link set up ich-dpl
|
||
|
root@host:~# brctl addif ich-int ich0
|
||
|
root@host:~# brctl addif ich-dpl ich1
|
||
|
root@host:~# brctl show
|
||
|
bridge name bridge id STP enabled interfaces
|
||
|
ich-dpl 8000.067afc1b9a67 no ich1
|
||
|
ich-int 8000.725412ffce6f no ich0
|
||
|
```
|
||
|
This completes the layer 2 wiring: The cloud-hypervisor is now connected to the hypervisor host via the 2 linux bridges.
|
||
|
|
||
|
## IP (Layer 3) provisioning
|
||
|
|
||
|
### Hypervisor host
|
||
|
|
||
|
On the hypervisor host add the network gateway IP address of each network to the 2 linux bridges:
|
||
|
|
||
|
```bash
|
||
|
root@host:~# ip addr add 192.168.4.1/24 dev ich-int
|
||
|
root@host:~# ip addr add 10.0.1.1/24 dev ich-dpl
|
||
|
```
|
||
|
The routing table of the hypervisor host should now also have corresponding routing entries:
|
||
|
|
||
|
```bash
|
||
|
root@host:~# route -n
|
||
|
Kernel IP routing table
|
||
|
Destination Gateway Genmask Flags Metric Ref Use Iface
|
||
|
0.0.0.0 192.168.178.1 0.0.0.0 UG 600 0 0 wlan1
|
||
|
10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ich-dpl
|
||
|
192.168.4.0 0.0.0.0 255.255.255.0 U 0 0 0 ich-int
|
||
|
192.168.178.0 0.0.0.0 255.255.255.0 U 600 0 0 wlan1
|
||
|
```
|
||
|
### Virtual Machine
|
||
|
|
||
|
Within the virtual machine set the vNIC's to up state and provision the corresponding IP addresses on the 2 vNIC's. The steps outlined below use the ip command as an example. Alternative distribution specific procedures can also apply.
|
||
|
|
||
|
```bash
|
||
|
root@guest:~# ip link set up enp0s2
|
||
|
root@guest:~# ip link set up enp0s3
|
||
|
root@guest:~# ip addr add 192.168.4.2/24 dev enp0s2
|
||
|
root@guest:~# ip addr add 10.0.1.2/24 dev enp0s3
|
||
|
```
|
||
|
|
||
|
IP connectivity between the virtual machine and the hypervisor-host can be verified by sending
|
||
|
ICMP requests to the hypervisor-host for the gateway IP address from within the virtual machine:
|
||
|
|
||
|
```bash
|
||
|
root@guest:~# ping 192.168.4.1
|
||
|
PING 192.168.4.1 (192.168.4.1) 56(84) bytes of data.
|
||
|
64 bytes from 192.168.4.1: icmp_seq=1 ttl=64 time=0.456 ms
|
||
|
64 bytes from 192.168.4.1: icmp_seq=2 ttl=64 time=0.226 ms
|
||
|
root@guest:~# ping 10.0.1.1
|
||
|
PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data.
|
||
|
64 bytes from 10.0.1.1: icmp_seq=1 ttl=64 time=0.449 ms
|
||
|
64 bytes from 10.0.1.1: icmp_seq=2 ttl=64 time=0.393 ms
|
||
|
```
|
||
|
|
||
|
The connection can now be used for instance to log into the virtual machine with
|
||
|
ssh under the precondition that the machine has an ssh daemon provisioned:
|
||
|
|
||
|
```bash
|
||
|
root@host:~# ssh root@192.168.4.2
|
||
|
The authenticity of host '192.168.4.2 (192.168.4.2)' can't be established.
|
||
|
ECDSA key fingerprint is SHA256:qNAUmTtDMW9pNuZARkpLQhfw+Yc1tqUDBrQp7aZGSjw.
|
||
|
Are you sure you want to continue connecting (yes/no)? yes
|
||
|
Warning: Permanently added '192.168.4.2' (ECDSA) to the list of known hosts.
|
||
|
root@192.168.4.2's password:
|
||
|
Linux cloud-hypervisor 5.2.0 #2 SMP Thu Jul 11 08:08:16 CEST 2019 x86_64
|
||
|
|
||
|
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
|
||
|
permitted by applicable law.
|
||
|
|
||
|
|
||
|
Last login: Fri Jul 12 13:27:56 2019 from 192.168.4.1
|
||
|
root@guest:~#
|
||
|
```
|
||
|
|
||
|
## Internet connectivity
|
||
|
|
||
|
To enable internet connectivity a default gw and a nameserver has to be set within
|
||
|
the virtual machine:
|
||
|
|
||
|
```bash
|
||
|
root@guest:~# ip route add default via 192.168.4.1
|
||
|
root@guest:~# cat /etc/resolv.conf
|
||
|
options timeout:2
|
||
|
domain vallis.nl
|
||
|
search vallis.nl
|
||
|
nameserver 192.168.178.1
|
||
|
```
|
||
|
|
||
|
make sure that the default gateway of the hypervisor host (in this example host 192.168.178.1 which is an adsl router) has an entry in the routing table for the 192.168.4.0/24 network otherwise IP connectivity will not work.
|
||
|
|
||
|
```bash
|
||
|
root@guest:~# nslookup ftp.nl.debian.org
|
||
|
Server: 192.168.178.1
|
||
|
Address: 192.168.178.1#53
|
||
|
|
||
|
Non-authoritative answer:
|
||
|
cdn-fastly.deb.debian.org canonical name = prod.debian.map.fastly.net.
|
||
|
Name: prod.debian.map.fastly.net
|
||
|
Address: 151.101.36.204
|
||
|
|
||
|
root@guest:~# apt-get update
|
||
|
Ign:1 http://cdn-fastly.deb.debian.org/debian stretch InRelease
|
||
|
Get:2 http://cdn-fastly.deb.debian.org/debian stretch Release [118 kB]
|
||
|
Get:3 http://cdn-fastly.deb.debian.org/debian stretch Release.gpg [2434 B]
|
||
|
Fetched 120 kB in 1s (110 kB/s)
|
||
|
```
|