KVM桥接网络无法正常工作

初赛

以下内容对我适用于Ubuntu 12.04。在测试时，应禁用计算机的防火墙，以免受到干扰。

/ etc / default / qemu-kvm文件应与最初安装的文件相同。

您将需要安装bridge-utils qemu-kvm和libvirt-bin。任何使用虚拟机的用户都应添加到libvirtd组中。

似乎不再需要添加CAP_NET_ADMIN功能。

网络设置

默认的网络模式是用户模式，也称为SLIRP。它使用预定义的virbr0桥，该桥被NAT路由到来宾计算机。NAT路由使用内核的ip_forwarding功能和iptables。桥接模式使用来宾中的虚拟桥接器（未编号的以太网接口）连接到该桥接器，并且主机和来宾都具有其网络接口。

下图可能使区别更加清楚：

您可以看到如何通过以下方式定义默认的用户网络：

virsh net-dumpxml default

我可以使用以下方法设置桥接模式：

在/ etc / network / interfaces中（从您在问题中提到的帖子的桥接部分开始）：

auto lo
iface lo inet loopback
#auto eth0
#iface eth0 inet dhcp
auto eth0
iface eth0 inet manual
auto br0
iface br0 inet dhcp
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0
    bridge_maxwait 0

Reboot; and make sure that wireless networking isn't active. Check the default IP route with ip route. It must be using the br0 interface.

N.B. If your Ethernet isn't hooked up when this change is made you need to have your Ethernet cable plugged in and getting a carrier or the boot will hang for two minutes and you won't have network capability That's because the eth0 interface, by being in this file, must come up before the boot can proceed normally.

N.B. Generally you can't use a wireless network instead of eth0 because of their inability to use multiple MAC addresses (I infer that they need a second one for the bridge).

As an alternative you can disable the use of Ethernet and make sure that it does not have an IP address, and that there isn't a default route set up with ip route. Then:

 sudo ifconfig eth0 0.0.0.0 up
 sudo brctl addbr br0
 sudo brctl addif br0 eth0
 sudo ifconfig br0 up
 sudo dhclient br0 &

You could also supply a static IP address here, as well as defining the default route and DNS address. For this example dhclient does this.

Here's my route table:

$ip route list
default via 192.168.1.1 dev br0  metric 100 
169.254.0.0/16 dev br0  scope link  metric 1000 
192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.45 
192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1

Using kvm

I can then boot a bridged kvm machine with:

 $ sudo kvm -name Quantal -m 1024 -hda foo.qcow2 --soundhw ac97 -device virtio-net,netdev=tunnel -netdev tap,id=tunnel,ifname=vnet0

The -netdev tap parameter makes sudo a requirement. As the VM is started qemu-kvm runs the following commands:

ifconfig vnet0 0.0.0.0 up
brctl addif brctl addif br0 vnet0

This is done by /etc/qemu-ifup

The VM's vnet0 interface is added to the br0 bridge because the default route above uses that bridge interface. If it weren't there the tap interface instead would be added to the virbr0 interface. Since that's not connected to the Internet, NAT would be used to connect the guest to the host and the Internet, in my experiments. You can direct the vnet0 to a particular bridge in /etc/default/qemu-kvm. Using virt-manager below you can explicitly direct which bridge to connect to.

Because of the above commands issued by qemu-kvm, and the -netdev tap,id=tunnel,ifname=vnet0 parameter, the vm virtual machine is connected to the vnet0 tunnel, and the tunnel is connected to the br0 bridge.

I can now directly ssh into this guest VM from another computer on my network.

My host ifconfig (note the vnet0 interface that appears on my network when the VM is running):

$ifconfig
br0       Link encap:Ethernet  HWaddr 00:1e:33:88:07:e5  
          inet addr:192.168.1.45  Bcast:255.255.255.255  Mask:255.255.255.0
          inet6 addr: fe80::21e:33ff:fe88:7e5/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6526 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7543 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2712940 (2.7 MB)  TX bytes:1071835 (1.0 MB)

eth0      Link encap:Ethernet  HWaddr 00:1e:33:88:07:e5  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7181 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7740 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:2974585 (2.9 MB)  TX bytes:1096580 (1.0 MB)
          Interrupt:43 Base address:0x6000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:10 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:664 (664.0 B)  TX bytes:664 (664.0 B)

vnet0      Link encap:Ethernet  HWaddr ca:0c:73:c3:bc:45  
          inet6 addr: fe80::c80c:73ff:fec3:bc45/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:226 errors:0 dropped:0 overruns:0 frame:0
          TX packets:429 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:26919 (26.9 KB)  TX bytes:58929 (58.9 KB)

virbr0    Link encap:Ethernet  HWaddr d6:18:22:db:ff:93  
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

My bridge configuration while running the VM:

$brctl show
bridge name bridge id       STP enabled interfaces
br0             8000.001e338807e5       no              eth0
                                                        vnet0
virbr0          8000.000000000000       yes

Note that both the virtual machine's vnet0 interface and the eth0 interface are connected to the br0 bridge.

And the MAC's on the br0 interface:

$brctl showmacs br0
port no mac addr        is local?   ageing timer
  1 00:05:5d:cf:64:61   no         2.54
  1 00:19:d2:42:5d:3f   no        36.76
  1 00:19:df:da:af:7c   no         2.86
  1 00:1e:33:88:07:e5   yes        0.00
  1 00:60:0f:e4:17:d6   no         0.79
  2 52:54:00:12:34:56   no         0.80
  1 58:6d:8f:17:5b:c0   no         5.91
  1 c8:aa:21:be:8d:16   no       167.69
  2 ca:0c:73:c3:bc:45   yes        0.00

Note that the br0 interface connects my host computer to the same bridge being used by the guest.

You can check that you are bridged rather than NAT routed to your own network by using traceroute 8.8.8.8. If the first node is your network's router rather than the guest's ip address your network should be working correctly.

See this documentation.

virt-manager

Be sure that you have installed virt-manager and hal. The hal package is a suggested dependency for virt-manager and is used to determine the network configuration of your system when creating or editing guests.

While having the br0 bridge defined as above I created a virtual machine with virt-manager as follows:

I was able to go directly to the rest of my home network and to the Internet from this guest. I was also able to ssh into it from the other (non-host, non-guest) Ubuntu computer on my home network.

Here's the very long kvm command run by virt-manager (for comparison with EApubs or anyone else having trouble with this):

/usr/bin/kvm -S -M pc-1.0 -enable-kvm -m 1024 -smp 1,sockets=1,cores=1,threads=1 -name precise -uuid f057a729-eda6-4b85-84dc-f100c9ae3789 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/precise.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -drive file=/media/natty/home/gruber/ubuntu-kvm/tmpW8gSGB.qcow2,if=none,id=drive-ide0-0-0,format=qcow2 -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -netdev tap,fd=18,id=hostnet0 -device rtl8139,netdev=hostnet0,id=net0,mac=52:54:00:0e:da:9b,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -usb -vnc 127.0.0.1:0 -vga cirrus -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5

Here's the network portion of the virtual machine description in /etc/libvirt/qemu/quantal.xml

    <interface type='bridge'>
      <mac address='52:54:00:b0:8e:aa'/>
      <source bridge='br0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>

According to this link, for performance and reliability, it may be best to set the network device model to virtio, you can do this by in the virt-viewer by pressing the i button, going to the NIC setting, and setting the "Device model" to virtio. You could also add this to the XML above by adding the line:

      <model type='virtio'/>

In Summary

All this took on 12.04 was:

1. Installing virt-manager, bridge-utils, qemu-kvm, and related packages
2. Make sure each user wishing to use kvm are in the libvirtd group.
3. Defining /etc/network/interfaces as above (which match the quoted article)
4. Reboot, making sure Ethernet is plugged in and wireless (if any) is off.
5. Either run kvm against an image directly with, e.g. -device e1000,netdev=tunnel -netdev tap,id=tunnel,ifname=vnet0, or create a virtual machine with virt-manager, specifying network Bridge br0 under the Step 4->Advanced Options panel.

No further changes were needed to networking, capabilities, templates, or configurations.

To expose a service in your new guest to the Internet you should:

1. Prepare and configure any firewall service you will need.
2. Either assign a static address in your guest configuration or in your DHCP service.
3. If you are using a NAT router open a port for the service you are implementing directing it to the guest's IP address.

Remember to test and re-enable the firewall service for your host computer. It may need any entry to forward traffic to the guest.

见https://help.ubuntu.com/community/KVM/Installation，https://help.ubuntu.com/community/KVM/Networking和https://help.ubuntu.com/12.04/serverguide/libvirt。 html。