【5】KVM | 虚拟机网络配置 | Nat网络

网络模式

【1】Nat网络

【2】Bridge网络

网络模式

Qemu-kvm提供了三种网络模式

1、桥接(bridge)将虚拟机的网卡桥接到宿主机的物理网卡。虚拟机和宿主机处于同一个网络内使用同一个网段。相当于将虚拟机的网卡和宿主机的网卡接在同一台二层交换机上。
2、NAT宿主机需要两块网卡，一块网卡连接物理网络，另一块网卡( 通常是虚拟网卡)和虚拟机网卡做桥接。虚拟机需通过宿主机的NAT功能，转发数据包。(这时宿主机相当一台NAT路由器
3、qemu内部的用户模式，完全由qemu模拟出来的一种网络模式，性能相对较差

【1】Nat网络

NAT方式是kvm安装后的默认方式。它支持主机与虚拟机的互访，同时也支持虚拟机访问互联网，但不支持外界访问虚拟机，default是宿主机安装虚拟机支持模块的时候自动安装的。

看下当前网络

[root@localhost ~]# virsh net-list --allName                 State      Autostart     Persistent
----------------------------------------------------------default              active     yes           yes

查看有几个虚机交换机

[root@localhost ~]# brctl show
bridge name	bridge id		STP enabled	interfaces
virbr0		8000.52540045d60a	yes		virbr0-nicvnet0

查看宿主机的网络，说明virbr0-nic就是虚拟交换机，vnet0是虚拟交换机的管理接口

[root@localhost ~]# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00inet 127.0.0.1/8 scope host lovalid_lft forever preferred_lft foreverinet6 ::1/128 scope host valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000link/ether 00:0c:29:59:fe:78 brd ff:ff:ff:ff:ff:ffinet 192.168.1.147/24 brd 192.168.1.255 scope global noprefixroute ens33valid_lft forever preferred_lft foreverinet6 fe80::408a:6cf2:1f46:9da5/64 scope link noprefixroute valid_lft forever preferred_lft forever
3: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000link/ether 52:54:00:45:d6:0a brd ff:ff:ff:ff:ff:ffinet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0valid_lft forever preferred_lft forever
4: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000link/ether 52:54:00:45:d6:0a brd ff:ff:ff:ff:ff:ff

如果想要自己创建一个nat网络，我们需要复制一个nat网络的配置文件出来然后进行修改

[root@localhost networks]# cp default.xml nat1.xml
[root@localhost networks]# vi nat1.xml <!--
WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:virsh net-edit default
or other application using the libvirt API.
--><network><name>nat1</name><uuid>2033bcb6-aea8-483d-b9c2-de275fdf6f92</uuid><forward mode='nat'/><bridge name='virbr0' stp='on' delay='0'/><mac address='52:54:00:45:d6:0a'/><ip address='192.168.122.1' netmask='255.255.255.0'><dhcp><range start='192.168.122.2' end='192.168.122.254'/></dhcp></ip>
</network>

重启libvirtd

[root@localhost networks]# systemctl restart libvirtd

【2】Bridge网络

虚拟机和宿主机处于同一个网络内使用同一个网段。相当于将虚拟机的网卡和宿主机的网卡接在同一台二层交换机上。

桥接网络（也叫物理设备共享）被用作把一个物理设备复制到一台虚拟机。网桥多用作高级设置，特别是主机多个网络接口的情况。

网桥方式配置步骤

【1】编辑修改网络设备脚本文件，增加网桥设备br0

# vi /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE="br0"
ONBOOT="yes"
TYPE="Bridge"
BOOTPROTO=static
IPADDR=192.168.1.22
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=8.8.8.8
DNS1=114.114.114.114
DEFROUTE=yes

【2】编辑修改网络设备脚本文件，修改网卡设备ens33

（修改之前记得把ens33网卡备份一下）

DEVICE="ens33"
ONBOOT="yes"
BRIDGE="br0"

【3】重启libvirtd服务和重启网络服务

[root@localhost network-scripts]# systemctl restart libvirtd
[root@localhost network-scripts]# systemctl restart network

【4】客户机配置

客户机安装时注意，网络要选择用br0桥接方式。
编辑修改虚拟机配置文件 /etc/libvirt/qemu/v1.xml，增加如下内容

<interface type='bridge'><mac address='52:54:00:da:c3:dc'/><source bridge='br0'/><model type='virtio'/><address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>

【3】isolate网络

我们需要复制一个nat网络的配置文件出来然后进行修改

[root@localhost networks]# cp default.xml isolated.xml
[root@localhost networks]# vi isolated.xml

<!--
WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:virsh net-edit default
or other application using the libvirt API.
--><network><name>isolated</name><uuid>2033bcb6-aea8-483d-b9c2-de273fdf8f92</uuid><bridge name='virbr1' stp='on' delay='0'/><mac address='52:54:00:45:d6:64'/><ip address='192.168.123.1' netmask='255.255.255.0'><dhcp><range start='192.168.123.2' end='192.168.123.254'/></dhcp></ip>
</network>

重启libvirtd并且开启网络，开启自启动

[root@localhost networks]# systemctl restart libvirtd
[root@localhost networks]# virsh net-start isolated
Network isolated started[root@localhost networks]# virsh net-autostart isolated
Network isolated marked as autostarted[root@localhost networks]# virsh net-listName                 State      Autostart     Persistent
----------------------------------------------------------default              active     yes           yesisolated             active     yes           yes

网络相关基本命令
查看一个guest主机的网络接口信息:

# virsh domiflist 虚机名字

[root@localhost networks]# virsh domiflist node4
Interface  Type       Source     Model       MAC
-------------------------------------------------------
-          network    default    e1000       52:54:00:82:de:d5