Virtual Networking in Linux
Introducing virt-manager
The virt-manager application is a Python-based desktop user interface for managing virtual machines through libvirt. virt-manager displays a summary view of running VMs, supplying their performance and resource utilization statistic.
Let’s start the Virtual Machine Manager by executing the virt-manager command or by pressing Alt + F2 and it will then display the dialog box of virt-manager .
Once virt-manager is opened, go to Edit | Connection Details to access the options to configure network and storage:
The Virtual Networks tab allows us to configure various types of virtual network and monitor their status:
Using the Virtual Networks tab you will be able to configure the following types of virtual network:
- NATed
- Routed
- Isolated
Virtual Networking
Bridge
The main component of libvirt/virtual networking is the virtual network switch, also known as the bridge. You can imagine a bridge as a physical switch. In a real switch, there are a limited number of physical ports to attach to your servers. Here, on the Linux bridge, there are unlimited numbers of virtual ports to which the interfaces to virtual machines are attached. Similar to a physical switch, bridge learns the MAC addresses from the packets it receives and stores those MAC addresses in the MAC table. The packet (frames) forwarding decisions are taken based on the MAC addresses that it learned and stored in the MAC table.
TAP Device
These interfaces attached to the ports of bridge are special network devices called TAP devices. If you try to imagine this in physical network terms, consider TAP devices as the network cable that carries the Ethernet frames between your virtual machine and bridge. This TAP device is a part of TUN/ TAP implementation available within the Linux kernel.
Note that TUN stands for “tunnel”, simulate a network later device and it operates at OSI reference model’s later 3. TAP (network tap) simulates a link layer device operates at layer 2. TUN is used with routing, while TAP is used to create a network bridge
Creating a bridge/TAP device
Before you begin, make sure the bridge module is loaded into the kernel.
If you find red colored word bridge in output that means the bridge module has been loaded into the kernal. If it is not loaded, use the command below
1) Creating a bridge
Using a brctl command provided by the package bridge-utlils, you can create a bridge named mybridge as :
Let’s see if the bridge is created:
Linux bridge will also be shown as network device. To see this bridge, use the ip command
You can also use ifconfig command
2) Creating a TAP device
First check if the TUN/TAP device module is loaded into the kernel.
Now run the following command to create a tap device named vm-vnic:
3) Adding TAP device to bridge
You can see that vm-vnic is an interface added to the bridge mybridge. Now vm-vnic can act as the interface between your virtual machine and the bridge tester, which in turn enables the virtual machine to communicate with other virtual machines added to this bridge:
4) Removing TAP device from bridge
5) Removing TAP device
Once the vm-vnic is removed from the bridge, remove the tap device using
the ip command:
5) Removing bridge
Finally, remove the tester bridge:
Virtual networking using libvirt
Isolated virtual network
As the name implies, this provides a private network between the hypervisor and the virtual machines. In this configuration, only the virtual machines which are added to this network can
communicate with each other:
1) Create a isolated virtual network (virt-manager)
Navigate to virt-manager | Edit | Connection details | Virtual Networks.
Click on the + sign.
Configure the network as shown below and click finish button:
Check the details of Isolated Network
Check the details of isolated network in XML format
2) Working with virsh API
Once the network is defined, you can list all the available networks using the net-list command:
When a virtual network is create, an associated configuration XML file is also created for the same. you can see where file is located and see the content of file:
You can also show the content of XML file on terminal as:
Here, you can see that libvirt added a few additional parameters.
<uuid> : A unique ID of your bridge.
<bridge> : Used for defining the bridge details. Here, the name of the bridge is virbr1 , with STP ON and DELAY 0.
<mac> : The MAC address of the bridge to be assigned at the time of the creation.
Check the available networks and you can see both networks are currently active:
Now we will stop the isolated virtual network from virt-manager GU’s stop button and we will see the results from terminal using virsh API.
Now the status is inactive; it can be activated again using virsh net-start command:
3) Adding virtual hardware to VM
In order to use the preceding virtual network, right-click on your virtual machine | Open | Virtual Hardware details (the bulb icon) | Add Hardware | Network. Select Network source as isolated; the MAC address will be generated by libvirt and Device model as virtio. Click on Finish.
In this case, I am adding virtual NIC to Windows10 VM:
I have three VM are installed in QEMU/KVM 1) centos7.0 2) kali and 3) win10. I have added virtual NIC to win10 using GUI, now I will add virtual NIC to other VM using terminal i.e virsh API. To check the recently added virtual NIC from terminal we can issue following command:
You will see vnet0 interface when VM will be in running state.
Adding another virtual NIC to win10 but using virsh API this time. Note that VM is running so we need to issue a command that attach NIC to live/running VM.
Now we have two interfaces attached to win10.
— config : This will make the change persistent in the next startup of the VM.
— live : This will inform libvirt that you are attaching the NIC to a live virtual machine. Remove — live if the virtual machine is not running.
If you just wanted to attach a virtual network interface temporarily to a virtual machine, just use — live and ignore — config.
Another option that might be useful for some is — mac . This can be used to add a custom MAC address.
Check the interfaces attached to other VM:
Now both VMs are in running/live state:
As you can see we have two virtual bridges i.e virbr0 and virbr1 for default and isolated virtual network respectively. In this example, we are isolated network which means we are working on virbr1. It can also be seen the 4 interfaces(vnet0…3) created explicitly either manually or by virsh API and 1 default interface named virbr1-nic.
vnet0 and vnet1 are named as Ethernet 2 and Ethernet 3 respectively on win10 VM.
vnet2 and vnet3 are named as eth0 and eth1 respectively on kali VM.
4) Assigning IP to Interfaces of both VM
Assigning IP address to all interfaces:
Show interface brief using ip addr command:
Now host (linux) can ping all the interfaces
Assign IP to kali VM:
Assign IP to win10 VM:
Now win10 can ping kali VM which shows the connectivity between the two virtual machine in isolated network: