Scenario: You have one host [ hoster ] running KVM on UBUNTU with 1 network interface accessing to internet.
You want to have 2 debian etch virtual servers [ guest ] ( debian01 and debian02 ) running on your hoster with network access between them and hoster in a local LAN. In this case virtual servers will not be able to access to internet, but later I will explain how to do it.
hoster part
Do it!: First, you need VDE pkg for emulate a switch on host hoster. vde is in debian testing version.
VDE will create a virtual interface tap0 which will be the gateway of your guests.
# sudo vde_switch -tap tap0 -daemon
Verify new interface:
# ifconfig tap0
tap0 Link encap:Ethernet direcciónHW 00:ff:1b:e7:76:46
DIFUSIÓN MULTICAST MTU:1500 Métrica:1
RX packets:1 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
colisiones:0 txqueuelen:500
RX bytes:53 (53.0 B) TX bytes:0 (0.0 B)
Then you give an ip to tap0. This ip will be the gateway of your LAN.
# ifconfig tap0 192.168.254.254 netmask 255.255.255.0
Now 192.168.254.254 will be the gateway of every virtual server which has configured his network into this LAN (192.168.254.0/255)
guest part
Start guest servers and configure network interface (eth0)
# cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug eth0
#iface eth0 inet dhcp
iface eth0 inet static
address 192.168.254.1
netmask 255.255.255.0
network 192.168.254.0
broadcast 192.168.254.255
gateway 192.168.254.254
(Make the same with both guests but different ips)
- guest01 -> 192.168.254.1
- guest02 -> 192.168.254.2
In order to avoid all guest servers have the same network MAC (which will give you some headaches) you have to install a simple pkg:
# aptitude install macchanger
Create this script in /etc/network/if-pre-up.d/
# cat /etc/network/if-pre-up.d/macchange
#!/bin/sh
if [ ! -x /usr/bin/macchanger ]; then
exit 0
fi
/usr/bin/macchanger -a eth0
Now your guests servers are ready. Shutdown both guests servers and start them again with this command:
#sudo /usr/bin/vdeq /usr/bin/kvm $IMAGE -m 512 -localtime -k es
Now hoster and guest servers can comunicate between then on LAN.
Internet access
If you want guest servers have internet access too, you have to make your hoster server act as a switch and route traffic from guests to internet making NAT.
Make this on your hoster server:
Verify your hoster server has ip forwarding enable:
# sysctl net.ipv4.ip_forward
1 enable, 0 disable.
If it is disable change it in /etc/sysctl.conf
net.ipv4.ip_forward = 1
Configure iptables for allowing NAT in your interface:
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
NOTE: This iptables rules must be set after create and configure your tap interface.
Links
More simple
I have write a simple bash script which set all vde environment any time I want to start a virtual server. Feel free to use it and modify it. Use it after install all software needed.
#!/bin/bash
# start_vm.sh
#
# @params: $image [it must match image file name in $KVMIMAGES]
# execute as root!
# It creates virtual interfaces tap0, it gives 192.168.254.254 ip and configure
# nat service.
# Later launch de virtual server with name image
# author: [email protected] 22/10/2008#
# CONFIG PARAMS
#
KVMIMAGES=’/path/to/your/KVM/repository/’
EXECUTABLES=’vde_switch iptables kvm vdeq’
for executable in $EXECUTABLES
do
if ! which $executable >2&
then
echo ‘Is ‘$executable’ installed?’
exit 1
fi
done#
# GET PASSTHROUGH PARAMS
#
if [ -z $1 ]
then
echo $1
echo ‘usage:sudo ‘$0′ qemuimaganame (without .img end in name)’
exit 1
else
if [ -f $KVMIMAGES$1.img ]
then
IMAGE=$KVMIMAGES$1.img
else
echo $1′ does not exist. These are available.’
ls -1 $KVMIMAGES
exit 1
fi
fi#
# FUNTIONS
#
function set_vde_env {
INTERFACE=’tap0′
GW=’192.168.254.254′
# starting vde and tap0 interface
if pid=`/usr/bin/pgrep vde_switch`
then
echo ‘vde_switch is properly running [‘$pid’].’
# return 3
else
echo ‘Creating virtual interface ‘$INTERFACE
/usr/bin/vde_switch -tap $INTERFACE -daemon
sleep 4
fi
# configuring tap interface
if /sbin/ifconfig $INTERFACE 1>/dev/null
then
echo $INTERFACE’ interface created.’
if /sbin/ifconfig $INTERFACE $GW netmask 255.255.255.0
then
echo ‘Gateway for your virtual servers deployed:’
echo ‘gw: ‘$GW
echo ‘netmask:255.255.255.0’
/sbin/ifconfig $INTERFACE
if /sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE 1>/dev/null
then
echo ‘NAT enabled.’
echo ‘VDE configured successfully.’
return 0
else
echo ‘Imposible cofigure NAT [iptables]’
return 1
fi
else
echo ‘Some error giving ip to tap interface.’
return 1
fi
else
echo $INTERFACE’ not created. vde_switch failed.’
return 1
fi
}#
# SCRIPT
#
set_vde_env
result=$?
if [ “$result” -eq 1 ]
then
echo ‘Imposible set VDE. Exit now.’
exit 1
else
/usr/bin/vdeq /usr/bin/kvm $IMAGE -m 512 -localtime -k es
fi
doesn’t KVM support this by default? Why do you need VDE?
AFAIK, if you don’t use VDE, must prepare one tap device for each guest
for example:
debian01 -> tap0
debian02 -> tap1
.
.
.