KVM的網絡Networking-qemu-kvm和openvswitch原型環境部署和基本測試 (3)

KVM的網絡Networking

本文分為以下幾個部分：

1. 用戶網絡User Networking
2. 私有虛擬網橋Private Virtual Bridge
3. 公有網橋Public Bridge

參考文檔：http://www.linux-kvm.org/page/Networking

從http://www.linux-kvm.org/page/HOWTO找到的該網頁。

---

KVM的backend network 分為多個類型，是由-netdev參數指定。

1. 用戶網絡User Networking

-netdev user,

僅與宿主host相連，與其它任何vm和外部網絡都不通，屬於宿主host和qemu內部的網絡通道。

啟動虛擬機的命令，重點看-netdev：

/usr/libexec/qemu-kvm
-name centos6 -smp 2,cores=2 -m 1024 
-drive file=/home/kvmdisk/qcow2.rhel64.2.img,media=disk,format=qcow2,if=none,id=systemdisk 
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x04,drive=systemdisk,id=systemdiskvirtio,bootindex=0 
-netdev user,id=dogu.0,hostfwd=tcp::5555-:22 
-device e1000,netdev=dogu.0 
-vnc 10.60.0.45:6 
-boot c

這樣設置后的效果為：

• 宿主host的5555監聽端口映射為vm的22監聽端口
• 從宿主host上，使用ssh 127.0.0.1 -p 5555即可訪問vm
• 在vm上，自動配置ip、dns、gw等信息，從vm上訪問外部網絡相當於在宿主host上訪問。
• 但是User Networking不支持某些網絡特性，例如ICMP報文，因此在vm中不能使用ping命令。

2. 私有虛擬網橋Private Virtual Bridge

Linux Bridge或者Open vSwitch都可以

准備好qemu-ifup和qemu-ifdown腳本，用來生成宿主host的tap接口（自己寫即可，后面有模板）

准備好generate_mac腳本，用來生成mac地址（自己寫即可，后面有模板）

啟動虛擬機的命令，重點看-netdev：

/usr/libexec/qemu-kvm -name centos6 
-smp 2,cores=2 -m 1024 
-drive file=/home/kvmdisk/qcow2.rhel64.2.img,media=disk,format=qcow2,if=none,id=systemdisk 
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x04,drive=systemdisk,id=systemdiskvirtio,bootindex=0 
-netdev tap,id=dogu.0,script=/home/kvmsh/ovs-ifup,downscript=/home/kvmsh/ovs-ifdown 
-device e1000,netdev=dogu.0,mac=`generate_mac` 
-vnc 10.60.0.45:6 
-boot c

這樣設置后的效果為：

• 啟動的多個vm之間網絡是通的，只要在vm中設置好不同的ip，則互相之間可以連通。

generate_mac腳本

printf 'DE:AD:BE:EF:%02X:%02X\n' $((RANDOM%256)) $((RANDOM%256))

qemu-ifup/qemu-ifdown腳本就不寫了

3. 公有網橋Public Bridge

與私有虛擬網橋的步驟基本相同，唯一區別是把宿主host的網卡加入到Bridge中。

Linux Bridge或者Open vSwitch都可以

Open vSwitch:

ovs-vsctl add-port br000 eth0

而對於eth0的持久性配置文件/etc/sysconfig/networking-script/ifcfg-eth0而言，需要把IPADDR/NETMASK/GATEWAY去掉，BOOTPROTO也注釋掉，或者設置為NONE。

Linux Bridge:

兩個配置文件：

ifcfg-eth0文件：

注釋掉BOOTPROTO
增加BRIDGE=br0

ifcfg-br0文件：

DEVICE=br0
ONBOOT=yes
TYPE=Bridge
BOOTPROTO=dhcp/static均可。

准備好qemu-ifup和qemu-ifdown腳本，用來生成宿主host的tap接口。

准備好generate_mac腳本，用來生成mac地址。

啟動虛擬機命令與私有虛擬網橋相同。

4. 其它問題

mac地址的問題

使用qemu-kvm啟動虛擬機時，如果不指定-net nic,macaddr=xx:xx:xx，即MAC地址，那么第一個kvm虛擬機mac沒問題，啟動第二個虛擬機時也會使用第一個的mac地址，這樣肯定不會ping通，所以必須手工指定mac。

virsh/virt-manager這些高級命令自動加了mac地址，呵呵呵

-net和-netdev的區別

來源於 ! http://wiki.qemu.org/Documentation/Networking

The legacy -net option

QEMU previously used the -net nic option instead of -device DEVNAME and -net TYPE instead of -netdev TYPE. This is considered obsolete since QEMU 0.12, although it continues to work.
The legacy syntax to create virtual network devices is:
-net nic,model=MODEL
You can use -net nic,model=? to get a list of valid network devices that you can pass to the -net nic option. Note that these model names are different from the -device ? names and are therefore only useful if you are using the -net nic,model=MODEL syntax. [If you'd like to know all of the virtual network devices that are currently provided in QEMU, a search for "NetClientInfo" in the source code may be useful.]

There's another, old and obsolete syntax of specifying network for virtual machines. Above examples uses -netdev..-device model, old way used -net..-net pairs. For example,
-netdev tap,id=net0 -device e1000,netdev=net0,mac=52:54:00:12:34:56
is about the same as old
-net tap,vlan=0 -net nic,vlan=0,model=e1000,macaddr=52:54:00:12:34:56
(note mac => macaddr parameter change as well; vlan=0 is the default).
Old way used the notion of "VLANs" - these are QEMU VLANS, which has nothing to do with 802.1q VLANs. Qemu VLANs are numbered starting with 0, and it's possible to connect one or more devices (either host side, like -net tap, or guest side, like -net nic) to each VLAN, and, in particular, it's possible to connect more than 2 devices to a VLAN. Each device in a VLAN gets all traffic received by every device in it. This model was very confusing for the user (especially when a guest has more than one NIC).
In new model, each host side correspond to just one guest side, forming a pair of devices based on -netdev id= and -device netdev= parameters. It is less confusing, it is faster (because it's always 1:1 pair), and it supports more parameters than old -net..-net way.

網卡驅動類型

-device e1000, 全虛擬化網卡驅動

-device virtio-net-pci, 半虛擬化網卡驅動

virtio性能優於e1000.

關於vhost

把virtio-net和vhost結合起來，提升網卡速度和吞吐率。

查看官方文檔，vhostnet，內核最低要求
You need the at least qemu-kvm-0.13.0

但是本次測試使用的qemu-kvm-0.12.0也可以使用。

關於netdev和device

-netdev和-device的關系

-netdev, a network backend

-device, a virtual network device

There are a number of network backends to choose from depending on your environment. Create a network backend like this:
-netdev TYPE,id=NAME,...
The id option gives the name by which the virtual network device and the network backend are associated with each other. If you want multiple virtual network devices inside the guest they each need their own network backend. The name is used to distinguish backends from each other and must be used even when only one backend is specified.