Differences

This shows you the differences between two versions of the page.

--- ubuntu:kvm:install_and_configure_kvm [2020/08/10 22:48] – 192.168.1.1
+++ ubuntu:kvm:install_and_configure_kvm [2020/08/10 23:33] (current) – 192.168.1.1
@@ Line 26: / Line 26: @@
 </code>
-returns
+returns:
 <code bash>
@@ Line 59: / Line 59: @@
 ----
+===== Setup Bridge networking with KVM =====
+A bridged network shares the real network interface of the host computer with other VMs to connect to the outside network.  Therefore each VM can bind directly to any available IPv4 or IPv6 addresses, just like a physical computer.
+By default KVM setups a private virtual bridge, so that all VMs can communicate with one another, within the host computer.  It provides its own subnet and DHCP to configure the guest’s network and uses NAT to access the host network.
+Have a look at the IP address of the KVM default virtual interfaces using the **ip** command:
+<code bash>
+ip a
+</code>
+returns:
+<code bash>
+: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
+    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+    inet 127.0.0.1/8 scope host lo
+       valid_lft forever preferred_lft forever
+    inet6 ::1/128 scope host
+       valid_lft forever preferred_lft forever
+: enp4s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
+    link/ether b4:2e:99:3e:e5:20 brd ff:ff:ff:ff:ff:ff
+: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
+    link/ether b4:2e:99:3e:e5:22 brd ff:ff:ff:ff:ff:ff
+: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
+    link/ether b4:2e:99:3e:e5:22 brd ff:ff:ff:ff:ff:ff
+    inet 192.168.1.69/24 brd 192.168.1.255 scope global br0
+       valid_lft forever preferred_lft forever
+    inet6 fe80::b62e:99ff:fe3e:e522/64 scope link
+       valid_lft forever preferred_lft forever
+: wlp5s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
+    link/ether d0:ab:d5:91:98:3f brd ff:ff:ff:ff:ff:ff
+: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
+    link/ether 52:54:00:99:38:bc brd ff:ff:ff:ff:ff:ff
+    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
+       valid_lft forever preferred_lft forever
+: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
+    link/ether 52:54:00:99:38:bc brd ff:ff:ff:ff:ff:ff
+</code>
+**NOTE:**  Check the bottom 2 results.
+The KVM default network **virbr0** uses 192.168.122.1/24 IP address.  All the VMs will use an IP address in the 192.168.122.0/24 IP range and the host OS will be reachable at 192.168.122.1.  You should be able to ssh into the host OS (at 192.168.122.1) from inside the guest OS and use scp to copy files back and forth.
+This is OK if you only access the VMs inside from the host itself.  However we can't access the VMs from other remote systems in the network.  Because they use different IP range i.e. 192.168.1.0/24 in my case.  In order to access the VMs from other remote hosts, we must setup a public bridge that runs on the host network and uses whatever external DHCP server is on the host network.  To put this in layman terms, we are going to make all VMs to use the same IP series used by the host system.
 ----
+===== Disable Netfilter (optional) =====
+You could disable Netfilter for performance and security reasons.  Netfilter is currently enabled on bridges by default.
+To disable netfilter, create a file called **/etc/sysctl.d/bridge.conf**:
 <code bash>
+sudo vi /etc/sysctl.d/bridge.conf
 </code>
+Add the following lines:
+<file bash /etc/sysctl.d/bridge.conf>
+net.bridge.bridge-nf-call-ip6tables=0
+net.bridge.bridge-nf-call-iptables=0
+net.bridge.bridge-nf-call-arptables=0
+</file>
+Save and close the file.
+Then create another file called **/etc/udev/rules.d/99-bridge.rules** :
+<code bash>
+sudo vi /etc/udev/rules.d/99-bridge.rules
+</code>
+Add the following line:
+<file bash /etc/udev/rules.d/99-bridge.rules>
+ACTION=="add", SUBSYSTEM=="module", KERNEL=="br_netfilter", RUN+="/sbin/sysctl -p /etc/sysctl.d/bridge.conf"
+</file>
+This will set the necessary flags to disable netfilter on bridges at the appropriate place in system start-up. Save and close the file.
+Reboot your system to take effect these changes.
+----
+===== Disable the default networking that KVM installed for itself =====
+Find the name of KVM default network interfaces using **ip link** command:
+<code bash>
+ip link
+</code>
+returns:
+<code bash>
+: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
+    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+: enp4s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
+    link/ether b4:2e:99:3e:e5:20 brd ff:ff:ff:ff:ff:ff
+: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP mode DEFAULT group default qlen 1000
+    link/ether b4:2e:99:3e:e5:22 brd ff:ff:ff:ff:ff:ff
+: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
+    link/ether b4:2e:99:3e:e5:22 brd ff:ff:ff:ff:ff:ff
+: wlp5s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DORMANT group default qlen 1000
+    link/ether d0:ab:d5:91:98:3f brd ff:ff:ff:ff:ff:ff
+: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
+    link/ether 52:54:00:99:38:bc brd ff:ff:ff:ff:ff:ff
+: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN mode DEFAULT group default qlen 1000
+    link/ether 52:54:00:99:38:bc brd ff:ff:ff:ff:ff:ff
+</code>
+<WRAP info>
+**NOTE:**  The entries **virbr0** and **virbr0-nic** are the KVM networks.
+</WRAP>
+----
+===== Remove the default KVM network =====
+<code bash>
+virsh net-destroy default
+</code>
+returns:
+<code bash>
+Network default destroyed
+</code>
+----
+===== Undefine the default network =====
+<code bash>
+virsh net-undefine default
+</code>
+returns:
+<code bash>
+Network default has been undefined
+</code>
+<WRAP info>
+**NOTE:**  If the above commands do not work for any reason, you can use these commands to disable and undefine KVM default network:
+<code bash>
+sudo ip link delete virbr0 type bridge
+sudo ip link delete virbr0-nic
+</code>
+</WRAP>
+----
+===== Verify that the virbr0 and virbr0-nic interfaces are actually deleted =====
+<code bash>
+ip link
+</code>
+returns:
+<code bash>
+: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
+    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+: enp4s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
+    link/ether b4:2e:99:3e:e5:20 brd ff:ff:ff:ff:ff:ff
+: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP mode DEFAULT group default qlen 1000
+    link/ether b4:2e:99:3e:e5:22 brd ff:ff:ff:ff:ff:ff
+: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
+    link/ether b4:2e:99:3e:e5:22 brd ff:ff:ff:ff:ff:ff
+: wlp5s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DORMANT group default qlen 1000
+    link/ether d0:ab:d5:91:98:3f brd ff:ff:ff:ff:ff:ff
+</code>
+<WRAP info>
+**NOTE:**  The KVM default networks should be gone.
+</WRAP>
+----
+===== Setup the KVM public bridge to use when creating a new VM =====
+<WRAP important>
+**WARNING:**  Do not use wireless network interface cards for bridges.
+Most wireless interlaces do not support bridging.
+Always use wired network interfaces for seamless connectivity!
+</WRAP>
+To create a network bridge in host, edit **01-network-manager-all.yaml** file and add the bridge details.
+<WRAP info>
+**NOTE:** Before editing this file, back it up.
+<code bash>
+sudo cp /etc/netplan/01-network-manager-all.yaml{,.backup}
+</code>
+</WRAP>
+Now edit similar to the following.
+<file bash 01-network-manager-all.yaml>
+ Let NetworkManager manage all devices on this system
+#network:
+#  version: 2
+#  renderer: NetworkManager
+# Let NetworkManager manage all devices on this system
+network:
+  version: 2
+  #renderer: NetworkManager
+  renderer: networkd
+  ethernets:
+    enp3s0:
+      dhcp4: no
+      # disable existing configuration for ethernet
+      #addresses: [192.168.1.69/24]
+      #gateway4: 192.168.1.1
+      #nameservers:
+        #addresses: [192.168.1.1]
+      dhcp6: no
+  # add configuration for bridge interface
+  bridges:
+    br0:
+      interfaces: [enp3s0]
+      dhcp4: no
+      addresses: [192.168.1.69/24]
+      gateway4: 192.168.1.1
+      nameservers:
+        addresses: [192.168.1.1,192.168.1.25]
+      parameters:
+        # stp: false
+        stp: true
+        forward-delay: 4
+      dhcp6: no
+</file>
+After modifying the network config file, save and close it.
+Apply the changes by running the following command:
+<code bash>
+sudo netplan --debug  apply
+</code>
+Now check if the IP address has been assigned to the bridge interface:
+<code bash>
+ip a
+</code>
+returns:
+<code bash>
+: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
+    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
+    inet 127.0.0.1/8 scope host lo
+       valid_lft forever preferred_lft forever
+    inet6 ::1/128 scope host
+       valid_lft forever preferred_lft forever
+: enp4s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
+    link/ether b4:2e:99:3e:e5:20 brd ff:ff:ff:ff:ff:ff
+: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
+    link/ether b4:2e:99:3e:e5:22 brd ff:ff:ff:ff:ff:ff
+: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
+    link/ether b4:2e:99:3e:e5:22 brd ff:ff:ff:ff:ff:ff
+    inet 192.168.1.69/24 brd 192.168.1.255 scope global br0
+       valid_lft forever preferred_lft forever
+    inet6 fe80::b62e:99ff:fe3e:e522/64 scope link
+       valid_lft forever preferred_lft forever
+: wlp5s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
+    link/ether d0:ab:d5:91:98:3f brd ff:ff:ff:ff:ff:ff
+</code>
+<WRAP info>
+**NOTE:**  The bridged network interface **br0** is assigned with IP address 192.168.1.69 and the enp3s0 entry now has an **master br0** entry.  It means that enp3s0 belongs to the bridge.
+</WRAP>
+----
+===== Show the Bridge Status =====
+<code bash>
+brctl show br0
+</code>
+returns:
+<code bash>
+bridge name	bridge id		STP enabled	interfaces
+br0		8000.b42e993ee522	yes		enp3s0
+</code>
+----
+===== Configure KVM to use the bridge =====
+Create a an XML file called **bridge.xml**.
+Add the following lines:
+<file bash bridge.xml>
+<network>
+  <name>br0</name>
+  <forward mode="bridge"/>
+  <bridge name="br0"/>
+</network>
+</file>
+Start the newly created bridge and make it as default bridge for VMs.
+<code bash>
+virsh net-define bridge.xml
+</code>
+returns:
+<code bash>
+Network br0 defined from bridge.xml
+</code>
+Start the bridge.
+<code bash>
+virsh net-start br0
+</code>
+returns:
+<code bash>
+Network br0 started
+</code>
+Configure the bridge to autostart each time the system reboots.
+<code>
+virsh net-autostart br0
+</code>
+returns
+<code bash>
+Network br0 marked as autostarted
+</code>
+----
+===== Verify that the bridge is active and started =====
+<code bash>
+virsh net-list --all
+</code>
+returns:
+<code bash>
+ Name   State    Autostart   Persistent
+-----------------------------------------
+ br0    active   yes         yes
+</code>
+<WRAP info>
+**NOTE:**  Congratulations!  The KVM bridge is active now.
+</WRAP>