Next: , Up: Virtuella maskiner   [Contents][Index]


5.1 Nätverksbrygga för QEMU

By default, QEMU uses a so-called “user mode” host network back-end, which is convenient as it does not require any configuration. Unfortunately, it is also quite limited. In this mode, the guest VM (virtual machine) can access the network the same way the host would, but it cannot be reached from the host. Additionally, since the QEMU user networking mode relies on ICMP, ICMP-based networking tools such as ping do not work in this mode. Thus, it is often desirable to configure a network bridge, which enables the guest to fully participate in the network. This is necessary, for example, when the guest is to be used as a server.

5.1.1 Creating a network bridge interface

There are many ways to create a network bridge. The following command shows how to use NetworkManager and its nmcli command line interface (CLI) tool, which should already be available if your operating system declaration is based on one of the desktop templates:

# nmcli con add type bridge con-name br0 ifname br0

To have this bridge be part of your network, you must associate your network bridge with the Ethernet interface used to connect with the network. Assuming your interface is named ‘enp2s0’, the following command can be used to do so:

# nmcli con add type bridge-slave ifname enp2s0 master br0

Important: Only Ethernet interfaces can be added to a bridge. For wireless interfaces, consider the routed network approach detailed in See Routed network for libvirt.

By default, the network bridge will allow your guests to obtain their IP address via DHCP, if available on your local network. For simplicity, this is what we will use here. To easily find the guests, they can be configured to advertise their host names via mDNS.

5.1.2 Configuring the QEMU bridge helper script

QEMU comes with a helper program to conveniently make use of a network bridge interface as an unprivileged user see Network options in QEMU Documentation. The binary must be made setuid root for proper operation; this can be achieved by adding it to the privileged-programs field of your (host) operating-system definition, as shown below:

(privileged-programs
 (cons (privileged-program
         (program (file-append qemu "/libexec/qemu-bridge-helper"))
         (setuid? #t))
       %default-privileged-programs))

The file /etc/qemu/bridge.conf must also be made to allow the bridge interface, as the default is to deny all. Add the following to your list of services to do so:

(extra-special-file "/etc/qemu/host.conf" "allow br0\n")

5.1.3 Invoking QEMU with the right command line options

When invoking QEMU, the following options should be provided so that the network bridge is used, after having selected a unique MAC address for the guest.

Important: By default, a single MAC address is used for all guests, unless provided. Failing to provide different MAC addresses to each virtual machine making use of the bridge would cause networking issues.

$ qemu-system-x86_64 [...] \
    -device virtio-net-pci,netdev=user0,mac=XX:XX:XX:XX:XX:XX \
    -netdev bridge,id=user0,br=br0 \
    [...]

To generate MAC addresses that have the QEMU registered prefix, the following snippet can be employed:

mac_address="52:54:00:$(dd if=/dev/urandom bs=512 count=1 2>/dev/null \
                           | md5sum \
                           | sed -E 's/^(..)(..)(..).*$/\1:\2:\3/')"
echo $mac_address

5.1.4 Networking issues caused by Docker

If you use Docker on your machine, you may experience connectivity issues when attempting to use a network bridge, which are caused by Docker also relying on network bridges and configuring its own routing rules. The solution is add the following iptables snippet to your operating-system declaration:

(service iptables-service-type
             (iptables-configuration
              (ipv4-rules (plain-file "iptables.rules" "\
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -i br0 -o br0 -j ACCEPT
COMMIT
"))

Next: Routed network for libvirt, Up: Virtuella maskiner   [Contents][Index]