为KVM虚拟机配置虚拟网桥

转自IBM网站

Configuring the network
You can use the default network setup, or set up a network bridge in the host. The default network allows only outbound communication from the KVM guests. If the KVM guests need full network access, including communication to and from an external host, set up a Linux bridge in the host.

Before you begin
Verify that the default virtual network is available. This default virtual network comes with an isolated virtual bridge device, virbr0, which is set to the 192.168.122.x subnet by default. The host is assigned the 192.168.122.1 address. To verify the availability of the virtual bridge:
Run the ifconfig virbr0 command.
Verify that the output is similar to the following example:
virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:57 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:10962 (10.7 KiB)Parent topic: Quick Start Guide for installing and running KVM
Using the default network setup
About this task
You can use the default network setup if both of the following statements are true:
You will only access the guest from the KVM host.
You will access the outside network from the guests.
If you are using the default network setup, continue to Creating a KVM guest and preparing to install an operating system.

If you are not using the default network setup, continue to Setting up a network bridge in the host.

Setting up a network bridge in the host
Before you begin
Ensure that the network card that you want to use for the bridge is providing the network connection you want for your KVM modules and that the network card is working. This card should be set up to provide the same networking capability that you want your guest KVM to have. The following example shows a card that has already been configured for external access. In this example, eth0 is the network card used.
# ifconfig
eth0 Link encap:Ethernet HWaddr 00:14:5E:C2:1E:40
inet addr:10.10.1.152 Bcast:10.10.1.255 Mask:255.255.255.0
inet6 addr: fe80::214:5eff:fec2:1e40/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:664 errors:0 dropped:526 overruns:0 frame:0
TX packets:163 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:69635 (68.0 KiB) TX bytes:25091 (24.5 KiB)
Interrupt:74 Memory:da000000-da012800
................If your network card is not yet set up, create a network script for the card and save it in the /etc/sysconfig/network-scripts/ directory. For more information about setting up a network card, see the Red Hat Enterprise Linux Deployment Guide (http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html-single/Deployment_Guide/index.html).

Note: If you are accessing the host machine using the same network card you are configuring for the bridge, any discrepancy might cause you to lose your network connection.
About this task
If the KVM guests need full network access, including communication to and from an external host, set up a Linux bridge in the host. Bridged networking allows you to link two Ethernet network segments using packet forwarding technology. Follow these steps to create a public bridge in the host system.
Restriction: The Linux bridge configuration does not work in a wireless host environment.
Procedure
Back up the corresponding network script file at a different location for future reference and for network recovery. Issue the following command to back up the network script for the ifcfg-eth0 network card to the /root directory:
# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /root/.Note: Do not copy this file to the same network script directory or any of its subdirectories.
Navigate to the /etc/sysconfig/network-scripts/ directory using the following command:
cd /etc/sysconfig/network-scripts/Create another copy of the network script for defining a Linux bridge associated with the network card to a new file called /etc/sysconfig/network-scripts/ifcfg-br0, where br0 is the name of the bridge, using the following command:
cp ifcfg-eth0 ifcfg-br0 The complete content of the Linux bridge's configuration file will be based on what is already in the working script of your network card.
Edit the script file to direct packets through the bridge. Your network card most likely is configured with a static IP address (BOOTPROTO=static) or is configured to get an IP address from a DHCP server (BOOTPROTO=dhcp).
If your network card is configured with a static IP address, your original network script file should look similar to the following example:
DEVICE=eth0
BOOTPROTO=static
HWADDR=00:14:5E:C2:1E:40
IPADDR=10.10.1.152
NETMASK=255.255.255.0
ONBOOT=yes The following table shows the contents of the network configuration scripts for eth0 and br0. Edit your scripts as shown in the following example.

Table 1. Bridging network files comparison /etc/sysconfig/network-scripts/ifcfg-eth0 etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=eth0
TYPE=Ethernet
HWADDR=00:14:5E:C2:1E:40
ONBOOT=yes
NM_CONTROLLED=no
BRIDGE=br0 DEVICE=br0
TYPE=Bridge
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=10.10.1.152
NETMASK=255.255.255.0
ONBOOT=yes

In the left column is the network script file for network card (eth0). The pre-existing information about this network card stays the same, but three items are added:
TYPE
The device type.
NM_CONTROLLED=no
Specifies that the card is not controlled by the Network Manager. In order for the bridge to work, only one device can be controlled by the Network Manager.
BRIDGE=br0
Associates this card with the bridge.
In the right column is the network script for the bridge (br0). The following changes are reflected:
DEVICE
The device name.
TYPE
The device type. Bridge is case-sensitive and must be added exactly as represented here with an upper case 'B' and lower case 'ridge'.
NM_CONTROLLED=no
Specifies that the bridge is not controlled by the Network Manager. In order for the bridge to work, only one device can be controlled by the Network Manager.
The other settings are retained from the network card configuration file.
Note: There should not be a hardware address in this file. These values set up the bridge to behave like the network card: the ifcfg-br0 file acting as an extension of the ifcfg-eth0 file where the BRIDGE=br0 is pointing to the ifcfg-br0 file.
If your network card is configured with a dynamic IP address, your original network script file should look similar to the following example:
DEVICE=eth0
BOOTPROTO=dhcp
HWADDR=00:14:5E:C2:1E:40
ONBOOT=yes The following table shows the contents of the configuration scripts for eth0 and br0. Edit your scripts as shown in the following example.

Table 2. Bridging network files comparison /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=eth0
TYPE=Ethernet
HWADDR=00:14:5E:C2:1E:40
ONBOOT=yes
NM_CONTROLLED=no
BRIDGE=br0 DEVICE=br0
TYPE=Bridge
NM_CONTROLLED=no
BOOTPROTO=dhcp
ONBOOT=yes

In the left column is the network script file for network card (eth0), which is the same as the example for the static IP address scenario. The pre-existing information about this network card stays the same, but three items are added:
TYPE
Specifies the device type.
NM_CONTROLLED=no
Specifies that the card is not controlled by the Network Manager. In order for the bridge to work, only one device can be controlled by the Network Manager.
BRIDGE=br0
Associates this card with the bridge.
In the right column is the network script for the bridge (br0). The following changes are reflected:
DEVICE
The device name.
TYPE
The device type. Bridge is case-sensitive and must be added exactly as represented here with an upper case 'B' and lower case 'ridge'.
NM_CONTROLLED=no
Specifies that the bridge is not controlled by the Network Manager. In order for the bridge to work, only one device can be controlled by the Network Manager.
Note: There should not be a hardware address in this file. These values set up the bridge to behave like the network card: the ifcfg-br0 file acting as an extension of the ifcfg-eth0 file where the BRIDGE=br0 is pointing to the ifcfg-br0 file.
Restart the network to verify that the configuration works.
If you configured the network incorrectly, the network connection might drop and you might lose access to your machine. If that happens, check the scripts, and then restart the network by running the following command:
# service network restartDisable Netfilter processing in the bridged traffic by appending the following lines to the /etc/sysctl.conf file:
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

Note: For more information about why disabling Netfilter processing is a good security measure, see the "Network isolation options" section of Securing KVM guests and the host system at http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/topic/liaai/kvmsec/kvmsecstart.htm.
Reload the kernel parameters with the sysctl command:
# sysctl -p
net.ipv4.ip_forward = 0
...
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0Verify that your network behaves the same way it did before you made the bridging changes, with one exception: the ifconfig command returns different output. The following example shows the first two entries of ifconfig in the test environment. Note that the bridge, br0, now acts for eth0:
br0 Link encap:Ethernet HWaddr 00:14:5E:C2:1E:40
inet addr:10.10.1.152 Bcast:10.10.1.255 Mask:255.255.255.0
inet6 addr: fe80::214:5eff:fec2:1e40/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:125 errors:0 dropped:0 overruns:0 frame:0
TX packets:81 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:16078 (15.7 KiB) TX bytes:18542 (18.1 KiB)
eth0 Link encap:Ethernet HWaddr 00:14:5E:C2:1E:40
inet6 addr: fe80::214:5eff:fec2:1e40/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:206 errors:0 dropped:0 overruns:0 frame:0
TX packets:58 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:27308 (26.6 KiB) TX bytes:13881 (13.5 KiB)
Interrupt:74 Memory:da000000-da012800You can also see this bridge by running the following command:

brctl show
bridge name bridge id STP enabled interfaces
virbr0 8000.000000000000 yes
br0 8000.000e0cb30550 no eth0Results
Your Linux bridge is configured and ready to use.

---------------------------------------------------------------------------

发送反馈

--------------------------------------------------------------------------------

_vcc_freeselect_bottom_

你可能感兴趣的:(虚拟机)