KVM的网络Networking-qemu-kvm和openvswitch原型环境部署和基本测试 (3)

KVM的网络Networking

本文分为以下几个部分：

1. 用户网络User Networking
2. 私有虚拟网桥Private Virtual Bridge
3. 公有网桥Public Bridge

参考文档：http://www.linux-kvm.org/page/Networking

从http://www.linux-kvm.org/page/HOWTO找到的该网页。

---

KVM的backend network 分为多个类型，是由-netdev参数指定。

1. 用户网络User Networking

-netdev user,

仅与宿主host相连，与其它任何vm和外部网络都不通，属于宿主host和qemu内部的网络通道。

启动虚拟机的命令，重点看-netdev：

/usr/libexec/qemu-kvm
-name centos6 -smp 2,cores=2 -m 1024 
-drive file=/home/kvmdisk/qcow2.rhel64.2.img,media=disk,format=qcow2,if=none,id=systemdisk 
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x04,drive=systemdisk,id=systemdiskvirtio,bootindex=0 
-netdev user,id=dogu.0,hostfwd=tcp::5555-:22 
-device e1000,netdev=dogu.0 
-vnc 10.60.0.45:6 
-boot c

这样设置后的效果为：

• 宿主host的5555监听端口映射为vm的22监听端口
• 从宿主host上，使用ssh 127.0.0.1 -p 5555即可访问vm
• 在vm上，自动配置ip、dns、gw等信息，从vm上访问外部网络相当于在宿主host上访问。
• 但是User Networking不支持某些网络特性，例如ICMP报文，因此在vm中不能使用ping命令。

2. 私有虚拟网桥Private Virtual Bridge

Linux Bridge或者Open vSwitch都可以

准备好qemu-ifup和qemu-ifdown脚本，用来生成宿主host的tap接口（自己写即可，后面有模板）

准备好generate_mac脚本，用来生成mac地址（自己写即可，后面有模板）

启动虚拟机的命令，重点看-netdev：

/usr/libexec/qemu-kvm -name centos6 
-smp 2,cores=2 -m 1024 
-drive file=/home/kvmdisk/qcow2.rhel64.2.img,media=disk,format=qcow2,if=none,id=systemdisk 
-device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x04,drive=systemdisk,id=systemdiskvirtio,bootindex=0 
-netdev tap,id=dogu.0,script=/home/kvmsh/ovs-ifup,downscript=/home/kvmsh/ovs-ifdown 
-device e1000,netdev=dogu.0,mac=`generate_mac` 
-vnc 10.60.0.45:6 
-boot c

这样设置后的效果为：

• 启动的多个vm之间网络是通的，只要在vm中设置好不同的ip，则互相之间可以连通。

generate_mac脚本

printf 'DE:AD:BE:EF:%02X:%02X ' $((RANDOM%256)) $((RANDOM%256))

qemu-ifup/qemu-ifdown脚本就不写了

3. 公有网桥Public Bridge

与私有虚拟网桥的步骤基本相同，唯一区别是把宿主host的网卡加入到Bridge中。

Linux Bridge或者Open vSwitch都可以

Open vSwitch:

ovs-vsctl add-port br000 eth0

而对于eth0的持久性配置文件/etc/sysconfig/networking-script/ifcfg-eth0而言，需要把IPADDR/NETMASK/GATEWAY去掉，BOOTPROTO也注释掉，或者设置为NONE。

Linux Bridge:

两个配置文件：

ifcfg-eth0文件：

注释掉BOOTPROTO
增加BRIDGE=br0

ifcfg-br0文件：

DEVICE=br0
ONBOOT=yes
TYPE=Bridge
BOOTPROTO=dhcp/static均可。

准备好qemu-ifup和qemu-ifdown脚本，用来生成宿主host的tap接口。

准备好generate_mac脚本，用来生成mac地址。

启动虚拟机命令与私有虚拟网桥相同。

4. 其它问题

mac地址的问题

使用qemu-kvm启动虚拟机时，如果不指定-net nic,macaddr=xx:xx:xx，即MAC地址，那么第一个kvm虚拟机mac没问题，启动第二个虚拟机时也会使用第一个的mac地址，这样肯定不会ping通，所以必须手工指定mac。

virsh/virt-manager这些高级命令自动加了mac地址，呵呵呵

-net和-netdev的区别

来源于 ! http://wiki.qemu.org/Documentation/Networking

The legacy -net option

QEMU previously used the -net nic option instead of -device DEVNAME and -net TYPE instead of -netdev TYPE. This is considered obsolete since QEMU 0.12, although it continues to work.
The legacy syntax to create virtual network devices is:
-net nic,model=MODEL
You can use -net nic,model=? to get a list of valid network devices that you can pass to the -net nic option. Note that these model names are different from the -device ? names and are therefore only useful if you are using the -net nic,model=MODEL syntax. [If you'd like to know all of the virtual network devices that are currently provided in QEMU, a search for "NetClientInfo" in the source code may be useful.]

There's another, old and obsolete syntax of specifying network for virtual machines. Above examples uses -netdev..-device model, old way used -net..-net pairs. For example,
-netdev tap,id=net0 -device e1000,netdev=net0,mac=52:54:00:12:34:56
is about the same as old
-net tap,vlan=0 -net nic,vlan=0,model=e1000,macaddr=52:54:00:12:34:56
(note mac => macaddr parameter change as well; vlan=0 is the default).
Old way used the notion of "VLANs" - these are QEMU VLANS, which has nothing to do with 802.1q VLANs. Qemu VLANs are numbered starting with 0, and it's possible to connect one or more devices (either host side, like -net tap, or guest side, like -net nic) to each VLAN, and, in particular, it's possible to connect more than 2 devices to a VLAN. Each device in a VLAN gets all traffic received by every device in it. This model was very confusing for the user (especially when a guest has more than one NIC).
In new model, each host side correspond to just one guest side, forming a pair of devices based on -netdev id= and -device netdev= parameters. It is less confusing, it is faster (because it's always 1:1 pair), and it supports more parameters than old -net..-net way.

网卡驱动类型

-device e1000, 全虚拟化网卡驱动

-device virtio-net-pci, 半虚拟化网卡驱动

virtio性能优于e1000.

关于vhost

把virtio-net和vhost结合起来，提升网卡速度和吞吐率。

查看官方文档，vhostnet，内核最低要求
You need the at least qemu-kvm-0.13.0

但是本次测试使用的qemu-kvm-0.12.0也可以使用。

关于netdev和device

-netdev和-device的关系

-netdev, a network backend

-device, a virtual network device

There are a number of network backends to choose from depending on your environment. Create a network backend like this:
-netdev TYPE,id=NAME,...
The id option gives the name by which the virtual network device and the network backend are associated with each other. If you want multiple virtual network devices inside the guest they each need their own network backend. The name is used to distinguish backends from each other and must be used even when only one backend is specified.