qemu-discuss
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Way to mirror a NIC from a guest to present it to another guest

From: Frantisek Rysanek
Subject: Re: Way to mirror a NIC from a guest to present it to another guest
Date: Fri, 18 Oct 2024 15:17:36 +0200 
> To clarify,
> 
> In the real world, this would be two physical machines with different
> NICs plugged into different ports on a managed switch, with said
> switch set to mirror traffic onto the second machine (see the
> WireShark website for hints on how to do so for various brands of real
> switches) .
> 
> So what is needed is to do the same with a virtual switch, such as the
> Linux kernel "bridge" device or some version of the "VDE" user mode
> virtual switch device.
>

On the host = hypervisor instance, set up a soft-bridge and prevent 
it from learning. Thus, it becomes a "hub" in the sense that it 
replicates all traffic to all ports (except for a loopback to the 
same port).

On the host = hypervisor, the guests' inner virtual LAN interfaces 
end up as TAP devices (or at least it's one of your configurable 
options). You then need to bridge those TAP devices together. And, 
you can probably tcpdump or tshark on the virtual device br0 or 
whatever it gets called.

# Create the bridge and add its two interfaces
brctl addbr br0
# This script was originally used with physical Eth interfaces.
# The following is possibly done by QEMU automatically,
# if you tell it the bridge interface to use:
brctl addif br0 tap0
brctl addif br0 tap1
# Qemu equivalent:
# qemu_system_* ... -netdev tap,id=tap0,br=br0
# qemu_system_* ... -netdev tap,id=tap1,br=br0
# or (br0 = default)
# qemu_system_* ... -netdev bridge,id=tap0[,br=br0]
# qemu_system_* ... -netdev bridge,id=tap1[,br=br0]

# Turn off STP
brctl stp br0 off
# Turn off address learning - make the bridge act almost like a hub 
#   (make it broadcast everything on all ports)
brctl setageing br0 0
# set shortest possible hello time and forwarding delay.
# Those are STP parameters, but curiously they get applied
# even if STP is off.
brctl setfd br0 0
brctl sethello br0 1
# Bring it all up
#  the tap interfaces do not need an explicit "ifconfig up"
#ifconfig eth0 up
#ifconfig eth1 up
ifconfig br0 192.168.10.122/24 up
echo 0 > /sys/devices/virtual/net/br0/bridge/multicast_snooping

Note that ifconfig and brctl have been considered old and deprecated 
for ages. But, both are still available :-)
You can certainly do the same using the "ip" tool, to steer the "ip 
addr" and "ip link" side of things, as well as the bridge .

There are probably other ways to interconnect two VM's by a direct 
interconnect. To be honest, I'd love to hear other people's 
suggestions - specifically, on my part, with a focus on the lowest 
possible latency.

Frank
reply via email to
[Prev in Thread] Current Thread [Next in Thread]