Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[HOWTO] kvm with vde instead of bridging
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
jbryner
n00b
n00b


Joined: 03 Sep 2004
Posts: 47
Location: pdx

PostPosted: Thu Apr 30, 2009 10:26 pm    Post subject: [HOWTO] kvm with vde instead of bridging Reply with quote

Couldn't find this for gentoo, so here's a how to get gentoo kvm up with using vde for networking instead of using bridging. Using vde gives you virtual switches where you can tightly control who talks to who, etc using iptables, etc.

Assuming you've already got kvm and vde and you are root on your box:

First kernel modules you'll need
Code:

grep -i config_tun /usr/src/linux/.config         
CONFIG_TUN=m

grep -i conntrack /usr/src/linux/.config
CONFIG_NF_CONNTRACK=m

grep -i iptables /usr/src/linux/.config
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP6_NF_IPTABLES=m

grep NF_NAT /usr/src/linux/.config
CONFIG_NF_NAT=m
CONFIG_NF_NAT_NEEDED=y


Load up your modules
Code:

   modprobe kvm
   modprobe kvm-intel
   modprobe tun


make yourself a virtual hub
Code:

vde_switch --numports 4 --hub --mod 777 --group users --tap tap0


configure your tap interface
Code:

   ifconfig tap0 10.1.1.1 broadcast 10.1.1.255 netmask 255.255.255.0
   ifconfig tap0 up


If these vms should talk to the outside world then you'll be forwarding packets:
Code:

echo "1" > /proc/sys/net/ipv4/ip_forward


and you'll need iptables NAT:
Code:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


I'll assume you want to control IP space on your switch with dnsmasq:

Code:

emerge -av dnsmasq
dnsmasq --log-queries --dhcp-range=10.1.1.1,10.1.1.20,255.255.255.0,2h --interface=tap0 --domain=kvm.lan


Last, but not least, start up a bootable CD in your new virtual ethernet environment:

Code:

kvm -net vde,ifname=tap0,vlan=0 -net nic,vlan=0,macaddr=52:54:00:00:EE:03,script=no,downscript=no -m 256 -localtime -cdrom SomeCDrom.iso


You can spy on the hub/switch in a new session with tcpdump
Code:

 tcpdump -ni tap0


If you can ping something, then your NAT and routes are working:
Code:

ping gentoo.org


wiki version of this same cruft: http://en.gentoo-wiki.com/wiki/KVMwithVDE
Back to top
View user's profile Send private message
vaxbrat
l33t
l33t


Joined: 05 Oct 2005
Posts: 612
Location: DC Burbs

PostPosted: Fri May 01, 2009 4:03 am    Post subject: We must be in sync somehow Reply with quote

I just updated the kvm secton on the gentoo wiki with a writeup on using transparent tuntap bridging to provide a "virtual hub". :D
Back to top
View user's profile Send private message
jbryner
n00b
n00b


Joined: 03 Sep 2004
Posts: 47
Location: pdx

PostPosted: Fri May 01, 2009 5:23 pm    Post subject: great minds Reply with quote

Apparently great minds think alike!
Back to top
View user's profile Send private message
opotonil
l33t
l33t


Joined: 17 Jun 2005
Posts: 791
Location: 127.0.0.1

PostPosted: Sat Jan 16, 2010 1:10 pm    Post subject: Reply with quote

Example VDE bridge with VLANs. Host with only one interface on VLAN0 (untagged).

Network configuration (/etc/conf.d/net)
Code:

config_eth0=( "null" )

tuntap_tap0="tap"
config_tap0=( "null" )

RC_NEED_br0="net.eth0 net.tap0"
bridge_br0="eth0 tap0"
config_br0=( "192.168.100.2/24 brd 192.168.100.255")
routes_br0=( "default via 192.168.100.1" )


VDE configuration (/etc/conf.d/vde):
Code:

VDE_MODPROBE_TUN="no"
VDE_TAP="tap0"
VDE_SOCK_CHMOD="770"
VDE_SOCK_CHOWN=":kvm"


VDE switch configuration, port 2 on VLAN0, ports 3, 4, 5 and 6 on VLAN1 (tagged). When "/etc/init.d/vde start" load this config (/etc/vde2/vde_switch.rc):
Code:

vlan/create 1
vlan/addport 1 1
port/create 2
port/allocatable 2 1
port/create 3
port/allocatable 3 1
port/setvlan 3 1
port/create 4
port/allocatable 4 1
port/setvlan 4 1
port/create 5
port/allocatable 5 1
port/setvlan 5 1
port/create 6
port/allocatable 6 1
port/setvlan 6 1


iptables forwarding:
Code:

iptables -P FORWARD DROP

iptables -A FORWARD -m state --state INVALID -j DROP
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -o lo -j ACCEPT
iptables -A FORWARD -i br0 -o br0 -j ACCEPT


KVM init VM on port 3 VLAN1:
Code:

#!/bin/bash

qemu -name base -daemonize -vnc 192.168.100.2:1 \
     -monitor unix:/var/run/kvm/base.sock,server,nowait \
     -m 1024 -localtime -k es -usb -usbdevice tablet \
     -drive file=/dev/mapper/vg-kvm--base,index=0,media=disk,if=virtio,boot=on \
     -net nic,macaddr=52:54:10:09:34:58,model=virtio \
     -net vde,sock=/var/run/vde.ctl,port=3


Sorry for my english, bye.
Back to top
View user's profile Send private message
disperato
Tux's lil' helper
Tux's lil' helper


Joined: 27 Apr 2004
Posts: 116

PostPosted: Wed Feb 17, 2010 12:18 am    Post subject: Re: [HOWTO] kvm with vde instead of bridging Reply with quote

sorry for resuming an old thread, but this action is meant not to pollute the forum with same questions on known topics.

Well, I need a virtual switch (oops... hub) to make my kvm machines connect to the internet but when I do this command:

Code:

vde_switch --numports 4 --hub --mod 777 --group users --tap tap0


it stays there indefinitely until I press Ctrl+C. Obviously I followed the steps before. Any hint? Is this behaviour normal?

Not only that:

Code:

clark@pc ~ $ kvm -net vde,ifname=tap0,vlan=0 -net nic,vlan=0,macaddr=52:54:00:00:EE:03,script=no,downscript=no -m 256 -localtime -cdrom myvm/iso_images/systemrescuecd-x86-1.3.1.iso

Invalid -net type 'vde'


Please help, I'm lost. 8O
Back to top
View user's profile Send private message
disperato
Tux's lil' helper
Tux's lil' helper


Joined: 27 Apr 2004
Posts: 116

PostPosted: Wed Feb 17, 2010 1:16 am    Post subject: Reply with quote

ok, my fault

I have realized that app-emulation/qemu-kvm had to be emerged with vde use flag while dnsmasq was advisable to compile with dhcp use flag.
Back to top
View user's profile Send private message
guid0
Apprentice
Apprentice


Joined: 06 Jul 2003
Posts: 280
Location: The Netherlands / Nederland

PostPosted: Thu Sep 08, 2011 9:15 am    Post subject: Reply with quote

Hi, this seems like good thread for a KVM - VDE - VLAN question.

I have KVM working nicely and virtual machines are booting fine. However for some reason the VDE switch is not picking up VLAN config

Below is my config:
/etc/conf.d/vde
Code:

# load the tun module
VDE_MODPROBE_TUN="no"
# virtual tap networking device to be used for vde
VDE_TAP="tap0"
# mode and group for the socket
VDE_SOCK_CHMOD="770"
VDE_SOCK_CHOWN=":kvm"

# This is the actual options string passed to VDE.  Change this at your own risk.
VDE_OPTS="--numports 40 --group kvm -tap ${VDE_TAP} -mgmt /var/run/vde.ctl/ctl.mgmt -daemon"



/etc/vde2/vde_switch.rc
Code:

vlan/create 1
vlan/create 2
vlan/create 3
vlan/create 4
vlan/create 5

port/create 1
vlan/addport 1 1
port/setvlan 1 1

port/create 2
port/setvlan 2 1
port/create 3
port/setvlan 3 1
port/create 4
port/setvlan 4 1
port/create 5
port/setvlan 5 1
port/create 6
port/setvlan 6 1
port/create 7
port/setvlan 7 1
port/create 8
port/setvlan 8 1
port/create 9
port/setvlan 9 1
port/create 10
port/setvlan 10 1
port/create 11
port/setvlan 11 1
port/create 12
port/setvlan 12 1
port/create 13
port/setvlan 13 1
port/create 14
port/setvlan 14 1
port/create 15
port/setvlan 15 1
port/create 16
port/setvlan 16 1

port/create 17
port/setvlan 17 2
port/create 18
port/setvlan 18 2
port/create 19
port/setvlan 19 2
port/create 20
port/setvlan 20 2

port/create 21
port/setvlan 21 3
port/create 22
port/setvlan 22 3
port/create 23
port/setvlan 23 3
port/create 24
port/setvlan 24 3

port/create 25
port/setvlan 25 4
port/create 26
port/setvlan 26 4

port/create 27
port/setvlan 27 5
port/sethub 27 0
port/create 28
port/setvlan 28 5
port/sethub 28 0
port/create 29
port/setvlan 29 5
port/sethub 29 0


I start my virtual machines in the following way:

Code:
cd /var/virtual/guests/zb1 && kvm -smp 1 -net vde,vlan=5 -net nic,vlan=5,model=e1000,macaddr=0b:ad:c0:ff:ee:71 zb1.img -m 384 -cdrom /var/virtual/iso/SL.56.061711.DVD.x86_64.disc1.iso -boot c -vnc :71,password -monitor stdio


where I expect this machine to bind its nic to vlan #5.

However this does not seem to be the case... as VDE just generates a new port (#30) and assigns it to vlan #0 :cry:

Code:
unixterm /var/run/vde.ctl/ctl.mgmt

VDE switch V.2.3.1
(C) Virtual Square Team (coord. R. Davoli) 2005,2006,2007 - GPLv2

vde$ vlan/allprint
0000 DATA END WITH '.'
VLAN 0000
 -- Port 0030 tagged=0 active=1 status=Forwarding
VLAN 0001
 -- Port 0001 tagged=0 active=1 status=Forwarding
 -- Port 0002 tagged=0 active=0 status=Learning
 -- Port 0003 tagged=0 active=0 status=Learning
 -- Port 0004 tagged=0 active=0 status=Learning
 -- Port 0005 tagged=0 active=0 status=Learning
 -- Port 0006 tagged=0 active=0 status=Learning
 -- Port 0007 tagged=0 active=0 status=Learning
 -- Port 0008 tagged=0 active=0 status=Learning
 -- Port 0009 tagged=0 active=0 status=Learning
 -- Port 0010 tagged=0 active=0 status=Learning
 -- Port 0011 tagged=0 active=0 status=Learning
 -- Port 0012 tagged=0 active=0 status=Learning
 -- Port 0013 tagged=0 active=0 status=Learning
 -- Port 0014 tagged=0 active=0 status=Learning
 -- Port 0015 tagged=0 active=0 status=Learning
 -- Port 0016 tagged=0 active=0 status=Learning
VLAN 0002
 -- Port 0017 tagged=0 active=0 status=Learning
 -- Port 0018 tagged=0 active=0 status=Learning
 -- Port 0019 tagged=0 active=0 status=Learning
 -- Port 0020 tagged=0 active=0 status=Learning
VLAN 0003
 -- Port 0021 tagged=0 active=0 status=Learning
 -- Port 0022 tagged=0 active=0 status=Learning
 -- Port 0023 tagged=0 active=0 status=Learning
 -- Port 0024 tagged=0 active=0 status=Learning
VLAN 0004
 -- Port 0025 tagged=0 active=0 status=Learning
 -- Port 0026 tagged=0 active=0 status=Learning
VLAN 0005
 -- Port 0027 tagged=0 active=0 status=Learning
 -- Port 0028 tagged=0 active=0 status=Learning
 -- Port 0029 tagged=0 active=0 status=Learning
.
1000 Success


If someone can shed some light on what I might be doing wrong here that would be great.

Tnx,
guid0
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum