kvm 创建网桥
kvm 网络模式
基于NAT(Network Addresss Translation)的虚拟网络,此为virt-install的默认模式,相当于vmware中的NAT模式
基于自定义网桥(Bridge)的虚拟网络,支持虚拟机和宿主机的网卡桥接在一个网桥,从而实现外部网络访问虚拟机
用户自定义的隔离的虚拟网络,相当于Vmware中的仅主机模式
直接分配物理网络设备(包括VT-d和SR-IOV),即桥接到宿主机的网卡,类似于Vmware中的桥接模式,性能最好kvm 默认网络模式 NAT
default.xml
cat /etc/libvirt/qemu/networks/default.xml<!--
WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:
virsh net-edit default
or other application using the libvirt API.
-->
<network>
<name>default</name>
<uuid>aa2867b1-6805-4c44-82d8-66c027f314d9</uuid>
<forward mode='nat'/>
<bridge name='virbr0' stp='on' delay='0'/>
<mac address='52:54:00:92:dc:c3'/>
<ip address='192.168.122.1' netmask='255.255.255.0'> # 按需修改
<dhcp>
<range start='192.168.122.2' end='192.168.122.254'/> # 按需修改
</dhcp>
</ip>
</network>dnsmasq
cat /var/lib/libvirt/dnsmasq/default.conf##WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
##OVERWRITTEN AND LOST. Changes to this configuration should be made using:
## virsh net-edit default
## or other application using the libvirt API.
##
## dnsmasq conf file created by libvirt
strict-order
pid-file=/run/libvirt/network/default.pid
except-interface=lo
bind-dynamic
interface=virbr0
dhcp-range=192.168.124.2,192.168.124.254,255.255.255.0
dhcp-no-override
dhcp-authoritative
dhcp-lease-max=253
dhcp-hostsfile=/var/lib/libvirt/dnsmasq/default.hostsfile
addn-hosts=/var/lib/libvirt/dnsmasq/default.addnhostscentos系统命令行创建网桥
查看宿主机网卡信息
ens160: 外网网卡
ens192: 内网网卡ip a1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:2f:c1:1a brd ff:ff:ff:ff:ff:ff
inet 192.168.174.123/24 brd 192.168.174.255 scope global dynamic noprefixroute ens160
valid_lft 1614sec preferred_lft 1614sec
inet6 fe80::ac98:c3b4:178a:4196/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:2f:c1:24 brd ff:ff:ff:ff:ff:ff
inet 192.168.80.137/24 brd 192.168.80.255 scope global dynamic noprefixroute ens192
valid_lft 1531sec preferred_lft 1531sec
inet6 fe80::3011:b315:4a35:b50b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:fe:8d:0f brd ff:ff:ff:ff:ff:ff
inet 192.168.124.1/24 brd 192.168.124.255 scope global virbr0
valid_lft forever preferred_lft forever创建网桥
网桥 CN1
nmcli con add type bridge con-name CN1 ifname CN1Connection 'CN1' (9ca81d26-a7cc-4138-a51e-190246024981) successfully added.网桥 CN2
nmcli con add type bridge con-name CN2 ifname CN2Connection 'CN2' (90b102c3-7646-4b65-86dd-dba5750e1b47) successfully added.命令说明
nmcli: NetworkManager 命令行工具。
con add: 添加新连接。
type bridge: 指定连接类型为桥接。
con-name CN2: 名称为 CN2。
ifname CN2: 指定桥接接口的名称为 CN2网桥配置 ip 地址
网桥 CN1 配置 ens192 地址
nmcli connection modify CN1 ipv4.addresses 192.168.80.137/24 ipv4.method manual网桥 CN2 配置 ens160 地址
nmcli connection modify CN2 ipv4.addresses 192.168.174.123/24 ipv4.method manual查看网卡信息
ip a1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:2f:c1:1a brd ff:ff:ff:ff:ff:ff
inet 192.168.174.123/24 brd 192.168.174.255 scope global dynamic noprefixroute ens160
valid_lft 1197sec preferred_lft 1197sec
inet6 fe80::ac98:c3b4:178a:4196/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:2f:c1:24 brd ff:ff:ff:ff:ff:ff
inet 192.168.80.137/24 brd 192.168.80.255 scope global dynamic noprefixroute ens192
valid_lft 1115sec preferred_lft 1115sec
inet6 fe80::3011:b315:4a35:b50b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:fe:8d:0f brd ff:ff:ff:ff:ff:ff
inet 192.168.124.1/24 brd 192.168.124.255 scope global virbr0
valid_lft forever preferred_lft forever
7: CN2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 66:6c:b9:57:cc:02 brd ff:ff:ff:ff:ff:ff
8: CN1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 1e:ed:ee:95:47:3f brd ff:ff:ff:ff:ff:ff命令说明
nmcli: 这是NetworkManager的命令行工具。
connection modify: 表示要修改一个现有的网络连接。
CN2: 这是您要修改的连接的名字或UUID。您需要替换为您实际的连接名称或UUID。
ipv4.addresses: 这个参数用来设置IPv4地址。192.168.174.123/24表示设置的静态IP地址和子网掩码(在这种情况下是/24,意味着子网掩码是255.255.255.0)。
ipv4.method manual: 这表示您正在手动设置IPv4配置,而不是使用DHCP自动获取IP地址。在这种情况下,网络连接将不会从DHCP服务器获取IP地址,而是使用静态分配的IP地址(即上述的ipv4.addresses中指定的地址)启用网桥
启用网桥 CN1
nmcli con up CN1Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/10)启用网桥 CN2
nmcli con up CN2Connection successfully activated (master waiting for slaves) (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/11)查看网卡信息
ip a1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:2f:c1:1a brd ff:ff:ff:ff:ff:ff
inet 192.168.174.123/24 brd 192.168.174.255 scope global dynamic noprefixroute ens160
valid_lft 1316sec preferred_lft 1316sec
inet6 fe80::ac98:c3b4:178a:4196/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0c:29:2f:c1:24 brd ff:ff:ff:ff:ff:ff
inet 192.168.80.137/24 brd 192.168.80.255 scope global dynamic noprefixroute ens192
valid_lft 1155sec preferred_lft 1155sec
inet6 fe80::3011:b315:4a35:b50b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:fe:8d:0f brd ff:ff:ff:ff:ff:ff
inet 192.168.124.1/24 brd 192.168.124.255 scope global virbr0
valid_lft forever preferred_lft forever
7: CN2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 66:6c:b9:57:cc:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.174.123/24 brd 192.168.174.255 scope global noprefixroute CN2
valid_lft forever preferred_lft forever
8: CN1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 1e:ed:ee:95:47:3f brd ff:ff:ff:ff:ff:ff
inet 192.168.80.137/24 brd 192.168.80.255 scope global noprefixroute CN1
valid_lft forever preferred_lft forever绑定物理网卡
网桥 CN1 绑定 ens192
nmcli con add type bridge-slave con-name CN1-port0 ifname ens192 master CN1Connection 'CN1-port0' (09827225-5c09-47db-b813-76df10bdbf4c) successfully added.网桥 CN2 绑定 ens160
nmcli con add type bridge-slave con-name CN2-port0 ifname ens160 master CN2Connection 'CN2-port0' (099b81bd-af14-45ae-9393-4217768f86d6) successfully added.命令说明
con add: 添加一个新的网络连接配置。
type bridge-slave: 指定新连接的类型为桥接从接口(即这个接口将成为某个桥接的组成部分)。
con-name CN1-port0: 为这个新的桥接从接口设置一个名字,这里命名为 CN1-port0。
ifname ens192: 指定物理网络接口的名称,这里是 ens192。这个接口将成为桥接的一部分。
master CN1: 指定这个桥接从接口将连接到哪个桥接,这里是名为 CN1 的桥接。启用新的连接
启用 CN1-port0
nmcli con up CN1-port0
nmcli con up CN2-port0
nmcli con reload查看网卡信息
ip a1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master CN2 state UP group default qlen 1000
link/ether 00:0c:29:2f:c1:1a brd ff:ff:ff:ff:ff:ff
3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master CN1 state UP group default qlen 1000
link/ether 00:0c:29:2f:c1:24 brd ff:ff:ff:ff:ff:ff
6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:fe:8d:0f brd ff:ff:ff:ff:ff:ff
inet 192.168.124.1/24 brd 192.168.124.255 scope global virbr0
valid_lft forever preferred_lft forever
7: CN2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:0c:29:2f:c1:1a brd ff:ff:ff:ff:ff:ff
inet 192.168.174.123/24 brd 192.168.174.255 scope global noprefixroute CN2
valid_lft forever preferred_lft forever
inet6 fe80::51c3:93b:274:6372/64 scope link noprefixroute
valid_lft forever preferred_lft forever
8: CN1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:0c:29:2f:c1:24 brd ff:ff:ff:ff:ff:ff
inet 192.168.80.137/24 brd 192.168.80.255 scope global noprefixroute CN1
valid_lft forever preferred_lft forever
inet6 fe80::2392:17b5:d36:9ae/64 scope link noprefixroute
valid_lft forever preferred_lft forever查看网桥信息
brctl showbridge name bridge id STP enabled interfaces
CN1 8000.000c292fc124 yes ens192
CN2 8000.000c292fc11a yes ens160
virbr0 8000.525400fe8d0f yes 查看网卡配置文件
网卡配置文件列表
ls /etc/sysconfig/network-scripts/ifcfg-CN1 ifcfg-lo ifdown-isdn ifup ifup-isdn ifup-sit
ifcfg-CN1-port0 ifdown ifdown-post ifup-aliases ifup-plip ifup-tunnel
ifcfg-CN2 ifdown-bnep ifdown-ppp ifup-bnep ifup-plusb ifup-wireless
ifcfg-CN2-port0 ifdown-eth ifdown-routes ifup-eth ifup-post init.ipv6-global
ifcfg-ens160 ifdown-ippp ifdown-sit ifup-ippp ifup-ppp network-functions
ifcfg-ens192 ifdown-ipv6 ifdown-tunnel ifup-ipv6 ifup-routes network-functions-ipv6ifcfg-CN1
STP=yes
BRIDGING_OPTS=priority=32768
TYPE=Bridge
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=CN1
UUID=9ca81d26-a7cc-4138-a51e-190246024981
DEVICE=CN1
ONBOOT=yes
IPADDR=192.168.80.137
PREFIX=24ifcfg-CN1-port0
TYPE=Ethernet
NAME=CN1-port0
UUID=09827225-5c09-47db-b813-76df10bdbf4c
DEVICE=ens192
ONBOOT=yes
BRIDGE=CN1ifcfg-ens192
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens192
UUID=591d8795-7da9-4933-9fbf-ccc2a3b8e992
DEVICE=ens192
ONBOOT=yes删除网桥
nmcli con down CN1
rm -rf /etc/sysconfig/network-scripts/ifcfg-CN1*
nmcli con reload
查看所有网桥和网卡对应信息
bridge link show2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master CN2 state forwarding priority 32 cost 100
3: ens192: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master CN1 state forwarding priority 32 cost 100
43: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master CN1 state forwarding priority 32 cost 100
44: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 master CN2 state forwarding priority 32 cost 100 查看网络接口列表
virsh net-list Name State Autostart Persistent
--------------------------------------------
default active yes yes通过网卡配置文件创建网桥
centos 系统
ifcfg-ens160
TYPE=Ethernet
NAME=ens160
DEVICE=ens160
ONB00T=yes
BRIDGE=CN2ifcfg-CN2
TYPE=Bridge
NAME=CN2
DEVICE=CN2
ONB00T=yes
BOOTPROT0=static
IPADDR=192.168.174.123
#NETMASK=255.255.255.0
PREFIX=24
GATEWAY=192.168.174.2
DNS1=114.114.114.114
DNS2=8.8.8.8加载配置
nmcli con up eth0 CN2
nmcli con reloadubuntu 创建网桥
网卡配置
/etc/netplan/50-cloud-init.yamlnetwork:
version: 2
ethernets:
ens33:
dhcp4: no
ens37:
dhcp4: no
bridges:
CN2:
dhcp4: no
dhcp6: no
addresses: [192.168.174.139/24]
routes:
- to: default
via: 192.168.174.2
nameservers:
addresses: [202.106.0.20]
interfaces:
- ens33
CN1:
dhcp4: no
dhcp6: no
addresses: [192.168.80.151/24]
interfaces:
- ens37应用网卡配置
netplan apply查看网卡信息
ip a1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master CN2 state UP group default qlen 1000
link/ether 00:0c:29:3b:d0:27 brd ff:ff:ff:ff:ff:ff
altname enp2s1
3: ens37: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master CN1 state UP group default qlen 1000
link/ether 00:0c:29:3b:d0:31 brd ff:ff:ff:ff:ff:ff
altname enp2s5
4: CN1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 5e:71:d2:9d:e3:02 brd ff:ff:ff:ff:ff:ff
inet 192.168.80.151/24 brd 192.168.80.255 scope global CN1
valid_lft forever preferred_lft forever
inet6 fe80::5c71:d2ff:fe9d:e302/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
5: CN2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 7e:8c:35:e3:ea:17 brd ff:ff:ff:ff:ff:ff
inet 192.168.174.139/24 brd 192.168.174.255 scope global CN2
valid_lft forever preferred_lft forever
inet6 fe80::7c8c:35ff:fee3:ea17/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever参考文档
https://wiki.libvirt.org/VirtualNetworking.html
浙公网安备 33010602011771号