Hello CentOS gurus, and a belated Happy New Year (or an early Happy Chinese New Year).
I'm in the process of building a CentOS-6 KVM host machine whose only function will be to run four independent 'm0n0wall' firewall guest instances. I have a couple of quad-port Intel NICs to provide four WAN-side and four LAN-side ports, which will not be shared with any other guests. Remote access to the host CentOS is via a separate on-board NIC, so the Intel ports are free to assign.
I've Googled until I'm blue in the face, but haven't found a clear explanation of how I can assign each ethX device directly to the guest OS rather than going thru the usual bridge configuration. I need to allow the m0n0wall OS to assign the LAN and WAN IP addresses, if that's possible without using a bridge.
Using the Virtual Machine Manager GUI to create the VM guests (which boot up and run nicely), the drop-down list shows all of the ethX devices greyed out. Do I need to somehow start the NICs without assigning IP addresses, so that they show up in 'ifconfig'?
Can anyone provide a clear, easy-to-understand procedure for doing this? If necessary, I don't mind using the command-line to create the VMs but the docs aren’t totally clear (to me, at least) regarding NIC assignment.
Thanking you in advance for your suggestions, Chuck
I've Googled until I'm blue in the face, but haven't found a clear explanation of how I can assign each ethX device directly to the guest OS rather than going thru the usual bridge configuration. I need to allow the m0n0wall OS to assign the LAN and WAN IP addresses, if that's possible without using a bridge.
I would think that it is a little easier to setup a bridge but not assign an IP address for it on the CentOS host.
eg.
/etc/sysconfig/network-scripts/ifcfg-br0
DEVICE="br0" TYPE="Bridge" BOOTPROTO="none" ONBOOT="yes" NM_CONTROLLED="no"
/etc/sysconfig/network-scripts/ifcfg-ethX (where X is the interface number of one of your intel ports and the HWADDR is the MAC address)
DEVICE="ethX" ONBOOT="yes" BRIDGE="br0" HWADDR="xx:xx:xx:xx:xx:xx" NM_CONTROLLED="no"
Restart the network service, then run brctl show - the new bridges should show up.
Create the 8 bridges that you need and go from there, you should be able to assign them in Virtual Machine Manager to the VMs.
Then in your VM guests you should be able to assign the IPs that you want.
On 01/18/2012 05:49 PM, Tait Clarridge wrote:
Create the 8 bridges that you need and go from there, you should be able to assign them in Virtual Machine Manager to the VMs.
Hello Tait,
I'm learning about ethernet bridges and how it is applied to virtual networking. It seems that, in the past, after you created the virtual bridge (br0, br1 etc) you had to create the taps with tunctl and THEN you assigned those taps to your VMs. And now it appears that virt-manager doesn't need these taps and you can simply point the VM to the proper bridge. My question is: are the taps being used behind the scenes (is it something libvirt does for us) or are the tap interfaces obsolete now?
Thanks, Jorge
My question is: are the taps being used behind the scenes (is it something libvirt does for us) or are the tap interfaces obsolete now?
Thanks, Jorge
Yes, as far as I know in Xen/KVM the tap devices are connected behind the scenes to the bridge you specify in the config.
-
Chuck Munro -
Jorge Fábregas -
Tait Clarridge