KVM Virtual Networking Concepts: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
No edit summary
Line 8: Line 8:




A virtual machine guest that connects to an external network uses the software network components of the physical host, which are managed by [[Linux_Virtualization_Concepts#libvirt|libvirt]]'s virtual network configuration. The host acts as a [[Virtualization_Concepts#Virtual_Network_Switch|virtual network switch]]. By default, all guests on a single host are connected to the same virtual network, named "default". Guests have default direct IP connectivity to all other guests and to the host. [[Linux_Virtualization_Concepts#Network_Filtering_Rules|libvirt network filtering]] and guest operating system iptables rules apply. Guests have external outbound access via [[Virtualization_Concepts#Network_Address_Translation|NAT]], subject to the host system's firewall rules. From the point of view of the guest operating system, a virtual network connection is the same as a normal physical network connection.
A virtual machine guest that connects to an external network uses the software network components of the physical host, which are managed by [[Linux_Virtualization_Concepts#libvirt|libvirt]]'s virtual network configuration. The host acts as a [[Virtualization_Concepts#Virtual_Network_Switch|virtual network switch]]. By default, all guests on a single host are connected to the same virtual network, named "default". Guests have default direct IP connectivity to all other guests and to the host. [[#libvirt_Network_Filtering_Rules|libvirt network filtering]] and guest operating system iptables rules apply. Guests have external outbound access via [[Virtualization_Concepts#Network_Address_Translation|NAT]], subject to the host system's firewall rules. From the point of view of the guest operating system, a virtual network connection is the same as a normal physical network connection.


The guest network interfaces can be set to one of the following modes:
The guest network interfaces can be set to one of the following modes:
Line 18: Line 18:


{{Internal|Open vSwitch|Open vSwitch}}
{{Internal|Open vSwitch|Open vSwitch}}
==libvirt Network Filtering Rules==

Revision as of 14:00, 27 June 2017

External

Internal

Organizatorium

A virtual machine guest that connects to an external network uses the software network components of the physical host, which are managed by libvirt's virtual network configuration. The host acts as a virtual network switch. By default, all guests on a single host are connected to the same virtual network, named "default". Guests have default direct IP connectivity to all other guests and to the host. libvirt network filtering and guest operating system iptables rules apply. Guests have external outbound access via NAT, subject to the host system's firewall rules. From the point of view of the guest operating system, a virtual network connection is the same as a normal physical network connection.

The guest network interfaces can be set to one of the following modes:

  • isolated mode - the network won't allow any traffic beyond the virtualization host.
  • routed mode - the network will route traffic between the guest and external hosts without performing any NAT. This enables incoming connections but requires extra routing table entries for the systems on the external network.
  • bridged mode - the guests are connected to a bridge device that is also connected directly to a physical ethernet device connected to the local ethernet. This makes the quests directly visible on the physical network, and thus enables incoming connections, but does not require any extra routing table entries.

Open vSwitch

Open vSwitch

libvirt Network Filtering Rules