作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
一.KVM虚拟机的NAT网络类型
1.KVM虚拟机的NAT网络类型工作原理
KVM默认的虚拟机网络是NAT模式,网段为"192.168.122.0/24"。
KVM虚拟机访问外网的流程如上图所示。
实操案例输出:
[root@yinzhengjie-kvm189 ~]# virsh list
Id Name State
----------------------------------------------------
37 yinzhengjie-k8s running
42 c1 running
[root@yinzhengjie-kvm189 ~]#
[root@yinzhengjie-kvm189 ~]# brctl show
bridge name bridge id STP enabled interfaces
virbr0 8000.525400abb36e yes virbr0-nic
vnet0
vnet1
[root@yinzhengjie-kvm189 ~]#
[root@yinzhengjie-kvm189 ~]# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
RETURN all -- 192.168.122.0/24 224.0.0.0/24
RETURN all -- 192.168.122.0/24 255.255.255.255
MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
[root@yinzhengjie-kvm189 ~]#
2.查看默认的网络类型
[root@yinzhengjie-kvm189 ~]# virsh net-list
Name State Autostart Persistent
----------------------------------------------------------
default active yes yes
[root@yinzhengjie-kvm189 ~]#
[root@yinzhengjie-kvm189 ~]# cat /etc/libvirt/qemu/networks/default.xml
<!--
WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:
virsh net-edit default
or other application using the libvirt API.
-->
<network>
<name>default</name>
<uuid>87bc919c-68c0-4fd8-8c8b-30ff51794935</uuid>
<forward mode='nat'/>
<bridge name='virbr0' stp='on' delay='0'/>
<mac address='52:54:00:ab:b3:6e'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254'/>
</dhcp>
</ip>
</network>
[root@yinzhengjie-kvm189 ~]#
[root@yinzhengjie-kvm189 ~]# ifconfig virbr0
virbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:ab:b3:6e txqueuelen 1000 (Ethernet)
RX packets 3598 bytes 714219 (697.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2872 bytes 180487 (176.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@yinzhengjie-kvm189 ~]#
二.KVM虚拟机的桥接网络类型
1.KVM虚拟机的桥接网络类型工作原理
如上图所示,KVM虚拟机的桥接网卡会接管宿主机的网卡IP地址。此时宿主机的网卡充当了交换机功能,数据通过br0网卡访问外网。
2.创建桥接网卡
1.关掉NetworkMnagaer,firewalld服务,否则可能会出现断网的情况
[root@yinzhengjie-kvm189 ~]# systemctl disable --now NetworkManager firewalld
2.禁用selinux
[root@yinzhengjie-kvm189 ~]# sed -i '/SELINUX=/s#enforcing#disabled#g' /etc/selinux/config
[root@yinzhengjie-kvm189 ~]#
[root@yinzhengjie-kvm189 ~]# setenforce 0
[root@yinzhengjie-kvm189 ~]#
[root@yinzhengjie-kvm189 ~]# getenforce
Permissive
[root@yinzhengjie-kvm189 ~]#
3.修改网卡的配置文件,配置好静态IP
[root@yinzhengjie-kvm189 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.0.0.189
NETMASK=255.255.255.0
GATEWAY=10.0.0.254
DNS1=223.5.5.5
DNS2=223.6.6.6
[root@yinzhengjie-kvm189 ~]#
[root@yinzhengjie-kvm189 ~]#
[root@yinzhengjie-kvm189 ~]# systemctl restart network
[root@yinzhengjie-kvm189 ~]#
4.创建桥接网卡
[root@yinzhengjie-kvm189 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.189 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::20c:29ff:feaa:4063 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:aa:40:63 txqueuelen 1000 (Ethernet)
RX packets 831 bytes 65414 (63.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 526 bytes 70060 (68.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 48 bytes 4080 (3.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 48 bytes 4080 (3.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:ab:b3:6e txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@yinzhengjie-kvm189 ~]#
[root@yinzhengjie-kvm189 ~]#
[root@yinzhengjie-kvm189 ~]# virsh iface-bridge eth0 br0 # 创建桥接前观察eth0的网卡地址。
Created bridge br0 with attached device eth0
Bridge interface br0 started
[root@yinzhengjie-kvm189 ~]#
[root@yinzhengjie-kvm189 ~]# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.000c29aa4063 yes eth0
virbr0 8000.525400abb36e yes virbr0-nic
[root@yinzhengjie-kvm189 ~]#
5.桥接成功后多出了br0网卡且eth0网卡的IP地址转移到br0上去了
[root@yinzhengjie-kvm189 ~]# ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.189 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::20c:29ff:feaa:4063 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:aa:40:63 txqueuelen 1000 (Ethernet)
RX packets 10 bytes 596 (596.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 33 bytes 4837 (4.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 00:0c:29:aa:40:63 txqueuelen 1000 (Ethernet)
RX packets 859 bytes 67412 (65.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 577 bytes 78059 (76.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 48 bytes 4080 (3.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 48 bytes 4080 (3.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:ab:b3:6e txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@yinzhengjie-kvm189 ~]#
3.新建虚拟机使用桥接模式
1.使用桥接模式
virt-install --virt-type kvm \
--os-type=linux \
--os-variant rhel7 \
--name yinzhengjie-kvm02 \
--memory 2048 \
--vcpus 2 \
--disk /opt/yinzhengjie-kvm02.qcow2,format=qcow2,size=30 \
--cdrom /opt/CentOS-7-x86_64-DVD-2009.iso \
--network bridge=br0 \
--graphics vnc,listen=0.0.0.0 \
--noautoconsole
2.使用NAT模式
virt-install --virt-type kvm \
--os-type=linux \
--os-variant rhel7 \
--name yinzhengjie-kvm03 \
--memory 2048 \
--vcpus 2 \
--disk /opt/yinzhengjie-kvm03.qcow2,format=qcow2,size=30 \
--cdrom /opt/CentOS-7-x86_64-DVD-2009.iso \
--network network=default \
--graphics vnc,listen=0.0.0.0 \
--noautoconsole
温馨提示:
使用"--network bridge=br0"表示使用br0进行桥接网络配置。
4.将已有的虚拟网络修改为桥接模式
1.关闭虚拟机,如果虚拟机开机修改网络模式可能不会生效
[root@yinzhengjie-kvm189 ~]# virsh list --all
Id Name State
----------------------------------------------------
1 yinzhengjie-kvm02 running
2 yinzhengjie-kvm01 running
[root@yinzhengjie-kvm189 ~]#
[root@yinzhengjie-kvm189 ~]# virsh shutdown yinzhengjie-kvm01
Domain yinzhengjie-kvm01 is being shutdown
[root@yinzhengjie-kvm189 ~]#
[root@yinzhengjie-kvm189 ~]# virsh list --all
Id Name State
----------------------------------------------------
1 yinzhengjie-kvm02 running
- yinzhengjie-kvm01 shut off
[root@yinzhengjie-kvm189 ~]#
2.修改虚拟机的配置文件
[root@yinzhengjie-kvm189 ~]# virsh edit yinzhengjie-kvm01
<domain type='kvm'>
...(大概在69行左右,进行修改,原有的配置如下)
69 <interface type='network'>
70 <mac address='52:54:00:d1:32:de'/>
71 <source network='default'/>
72 <model type='virtio'/>
73 <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
74 </interface>
...(我们对接口进行修改后的内容如下,其实仅需要修改69和71这两行即可!!!)
69 <interface type='bridge'>
70 <mac address='52:54:00:d1:32:de'/>
71 <source bridge='br0'/>
72 <model type='virtio'/>
73 <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
74 </interface>
3.启动虚拟机并验证是否生效
[root@yinzhengjie-kvm189 ~]# virsh list --all
Id Name State
----------------------------------------------------
1 yinzhengjie-kvm02 running
- yinzhengjie-kvm01 shut off
[root@yinzhengjie-kvm189 ~]#
[root@yinzhengjie-kvm189 ~]# virsh start yinzhengjie-kvm01
Domain yinzhengjie-kvm01 started
[root@yinzhengjie-kvm189 ~]#
[root@yinzhengjie-kvm189 ~]# virsh console yinzhengjie-kvm01
Connected to domain yinzhengjie-kvm01
Escape character is ^]
CentOS Linux 7 (Core)
Kernel 3.10.0-1160.el7.x86_64 on an x86_64
yinzhengjie-kvm01 login: root
Password:
Last login: Tue Apr 9 01:48:36 on tty1
[root@yinzhengjie-kvm01 ~]#
[root@yinzhengjie-kvm01 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:d1:32:de brd ff:ff:ff:ff:ff:ff
inet 10.0.0.134/24 brd 10.0.0.255 scope global noprefixroute dynamic eth0
valid_lft 1677sec preferred_lft 1677sec
inet6 fe80::ae66:b680:585a:e5c2/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@yinzhengjie-kvm01 ~]#
5.取消桥接模式
[root@yinzhengjie-kvm189 ~]# ifconfig
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.189 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::20c:29ff:feaa:4063 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:aa:40:63 txqueuelen 1000 (Ethernet)
RX packets 2437 bytes 142193 (138.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1673 bytes 177747 (173.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 00:0c:29:aa:40:63 txqueuelen 1000 (Ethernet)
RX packets 3766 bytes 289851 (283.0 KiB)
RX errors 0 dropped 1 overruns 0 frame 0
TX packets 3140 bytes 339865 (331.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 48 bytes 4080 (3.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 48 bytes 4080 (3.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:ab:b3:6e txqueuelen 1000 (Ethernet)
RX packets 18 bytes 1350 (1.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5 bytes 607 (607.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@yinzhengjie-kvm189 ~]#
[root@yinzhengjie-kvm189 ~]# virsh iface-unbridge br0
Device eth0 un-attached from bridge br0
Interface eth0 started
[root@yinzhengjie-kvm189 ~]#
[root@yinzhengjie-kvm189 ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.0.189 netmask 255.255.255.0 broadcast 10.0.0.255
inet6 fe80::20c:29ff:feaa:4063 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:aa:40:63 txqueuelen 1000 (Ethernet)
RX packets 3916 bytes 302829 (295.7 KiB)
RX errors 0 dropped 1 overruns 0 frame 0
TX packets 3253 bytes 354609 (346.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 48 bytes 4080 (3.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 48 bytes 4080 (3.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:ab:b3:6e txqueuelen 1000 (Ethernet)
RX packets 18 bytes 1350 (1.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 5 bytes 607 (607.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@yinzhengjie-kvm189 ~]#
