qemu/kvm bridge and NAT networking

Abstract programmer

16 Apr 202112:06

Summary

TLDRThis tutorial introduces networking in KVM (Kernel-based Virtual Machine), explaining the differences between NAT (Network Address Translation) and bridged connections. NAT allows virtual machines to access the internet while keeping them isolated from the local network, whereas a bridged connection enables virtual machines to communicate directly with the local network. The video walks through setting up NAT and bridge networks, discussing the role of virtual routers, switches, and network interfaces. It also provides a step-by-step guide on configuring these connections in virt-manager using an ethernet cable for bridge networks.

Takeaways

🌐 Bridged connections allow virtual machines (VMs) to access the local network, unlike the default NAT (Network Address Translation) option.
🔄 NAT works by replacing the source IP of the host with the router's public IP, making the packet appear to come from the router, not the specific host.
🖧 The default network setup in KVM uses a virtual router and switch, with VMs getting IP addresses from the DHCP service of the virtual router.
🖥️ VMs connected to the default network can communicate with each other but cannot directly interact with the host machine or vice versa.
🚪 The 'virbr0' virtual bridge connects VMs to the virtual network, and each VM adds a 'vnet' entry representing its virtual NIC.
❌ Virtual machines in separate NAT networks can be isolated from each other to prevent communication between them.
🔁 A bridged network setup allows VMs to access both the host machine and other devices on the physical network, requiring an Ethernet connection for the host.
🛠️ A bridge network replaces the virtual router with a virtual switch, and the physical network interface card (NIC) is attached as a slave to this switch.
⚙️ Network configuration for bridged connections is done using 'nmtui' (Network Manager Text User Interface), allowing the creation and management of bridge interfaces.
🚀 Once a VM is switched to a bridged network, it will obtain an IP address from the physical router and can communicate with the host and other physical network devices.

Q & A

What is the primary difference between NAT and bridged networks in KVM?
-The main difference is that a NAT network uses a virtual router and hides the virtual machine's IP behind it, allowing internet access but not local network exposure. In contrast, a bridged network connects the VM directly to the local network, enabling it to interact with other devices on that network.
How does NAT work in the context of virtual machines?
-In NAT, the virtual machine's local IP is replaced by the host’s public IP when sending packets to the internet. The virtual machine's local IP is hidden behind the virtual router, and the router handles communication between the VM and external networks.
What devices are created when installing qEmu and KVM for networking purposes?
-Installing qEmu and KVM creates two virtual hardware devices: a virtual router and a virtual switch. These allow the virtual machines to connect to a virtual network.
What happens when two virtual machines are connected to the default NAT network?
-When two VMs are connected to the default NAT network, they are on the same local virtual network and can communicate with each other (e.g., ping each other), but they cannot interact with the physical host or other devices outside the virtual network.
Why is it difficult to set up a bridged network with Wi-Fi in KVM?
-A bridged network requires the host to be connected via an Ethernet cable, as bridging with Wi-Fi generally doesn't work in KVM. A workaround for users without Ethernet ports is to use a USB-to-Ethernet adapter.
What command can be used to check defined bridges in KVM?
-The command 'bridge control show' can be used to view a list of the bridges currently defined and their interfaces, including any virtual NICs attached to the bridge.
What is the role of the virtual bridge (virbr0) in KVM?
-The virtual bridge (virbr0) acts as a switch that connects virtual machines to the virtual router. It also serves as the gateway for VMs, managing their IP addresses within the virtual network.
How can you create a new bridged network in KVM?
-To create a new bridged network, use the 'nmtui' tool to configure a new bridge device and add the Ethernet interface as a slave. The host and the virtual machines will then share the same network and receive their IP addresses from the physical router.
Why might someone choose to use VirtualBox instead of KVM for bridged networking?
-VirtualBox allows bridged connections with Wi-Fi, making it a better option for users who cannot connect their host system to an Ethernet cable and still want to use bridged networking.
What is the purpose of the 'virbr0-nic' device in KVM?
-'Virbr0-nic' is a dummy network interface used to provide a network device for the virtual bridge (virbr0). It doesn't have a direct role in data communication and can generally be ignored.