qemu-discuss
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Connection of a qemu guest to the 'net.

From: peter
Subject: Re: Connection of a qemu guest to the 'net.
Date: Tue, 16 Mar 2021 09:30:27 -0700 
Hello Berto,

Thanks for the reply.

In the following, joule is the qemu host.

From: Berto Furth
Date:   Tue, 16 Mar 2021 21:18:08 +1100
> I'm assuming you're also using dynamically created "tap" interfaces in your 
> setup. 

tap0 is created in the qemu host when it boots, by a line in 
/etc/crontab. I don't do anything to remove tap0.  Therefore tap0 
will exist until something catastrophic happens or the system shuts down.

peter@joule:/home/peter$ grep tap0 /etc/crontab
@reboot root ip tuntap add mode tap tap0

> That is, when QEMU starts it's creating a tap interface to funnel 
> Ethernet traffic to and from the guest...so a command line something like
>
> -netdev 
> type=tap,id=testnet,script="./qemu-tap-up",downscript="./qemu-tap-down"

There is no file "./qemu-tap-up" or similar.  There is no script 
option in the qemu command.  /etc/network/interfaces has a stanza for 
tap0.  tap0 exists and has an ip address.

peter@joule:/home/peter$ ip addr show tap0
6: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP gr
oup default qlen 1000
    link/ether 56:06:3e:f1:4e:13 brd ff:ff:ff:ff:ff:ff
    inet 172.23.6.1/24 brd 172.23.6.255 scope global tap0
       valid_lft forever preferred_lft forever
    inet6 fe80::5406:3eff:fef1:4e13/64 scope link
       valid_lft forever preferred_lft forever

> You can do routing, but you would still need to use a bridge interface for 
> the 
> dynamically created "tap" interface to connect to!! 

Accepted.  Thanks.

Incidental note.
I have a LAN with a Linux router machine and a machine on a subnet.  
The router has Shorewall and dnsmasq.  Routing from the subnetted 
machine to the router host and to the Internet works.  No bridge is 
required for that.

> It's just that rather than setting up the bridge interface to do 
> bridging between the tap and the "real" ethernet of the host, you'd 
> set up the bridge interface to be a separate routed interface on your 
> host.

I don't really understand that distinction.  According to 
https://en.wikipedia.org/wiki/Network_bridge "A network bridge is a 
computer networking device that creates a single, aggregate network 
from multiple communication networks or network segments. This 
function is called network bridging."

Apparently qemu requires a bridge to connect the guest.  Communication 
can not be routed between guest and host without a bridge.  (?)

br0 is created in the qemu host by another line in /etc/crontab.

peter@joule:/home/peter$ grep br0 /etc/crontab
@reboot root ip link add name br0 type bridge

br0 exists analogous to tap0 but does not have an IP address.

peter@joule:/home/peter$ ip addr show br0
7: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 
1000
    link/ether 76:da:52:dd:52:45 brd ff:ff:ff:ff:ff:ff

> Routing is a bit more difficult to setup than simple bridging because 
> you have to first make sure your host is configured for routing (most 
> aren't by default) and then you have to make sure your "real" 
> networking infrastructure knows about the new QEMU guest subnet and 
> how to route to it (via your host).
> 
> See the following URL for an example script to run when your QEMU tap 
> interface is created that allows routing and you'll see how much extra 
> effort it is to get routing (in this case with NAT) working compared 
> to simple bridging.
> 
> https://wiki.qemu.org/Documentation/Networking/NAT

This linux router has shorewall which has a configuration file 
/etc/shorewall/snat containing this line.
MASQUERADE  172.23.6.0/24  $NET_IF

Other subnets work that way.

If tap0 is configured with address 172.23.6.2 in 
/etc/network/interfaces, SNAT should work for the qemu guest.

> If you just want QEMU to do simple NAT between the guest and the 
> "real" network then just use "SLIRP" as per
> 
> https://wiki.qemu.org/Documentation/Networking#User_Networking_.28SLIRP.29

Will use SLIRP if necessary.  Not sure it's necessary.

> (I haven't tested it...I always use tap and bridging)

I want to do that also.  From the above you see that tap0 and br0 
exists in the qemu host here. dnsmasq provides DNS.  Shorewall 
provides SNAT.  The qemu command has this option.

-nic tap,model=ne2k_pci

Nevertheless no connection.

peter@joule:/home/peter$ ping 172.23.6.1
PING 172.23.6.1 (172.23.6.1) 56(84) bytes of data.
64 bytes from 172.23.6.1: icmp_seq=1 ttl=64 time=0.043 ms

--- 172.23.6.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.043/0.043/0.043/0.000 ms

peter@joule:/home/peter$ ping 172.23.6.2
PING 172.23.6.2 (172.23.6.2) 56(84) bytes of data.
>From 172.23.6.1 icmp_seq=1 Destination Host Unreachable

--- 172.23.6.2 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms

At least one ingredient is missing.  

br0 needs a configuration?  

tap0 needs to relate to br0?  How?

Ideas welcome.

Thanks,                             ... P.

-- 
cell: +1 236 464 1479            Bcc: peter at easthope. ca
VoIP: +1 604 670 0140
reply via email to
[Prev in Thread] Current Thread [Next in Thread]