On this week, I was dealing with problem of VM connection with host servers in libvirt. I have set aside the variant of using VDE, and continued to work on other possible solutions.

One of the solutions was using of MacVTap. What is MacVTap?

MacVTap is used to establish the direct connection of VM to the physical Ethernet adapter as with the host bridge network, the guests will effectively be directly connected to the physical network so their IP addresses will all be on the sub-net of the physical network, and there will be no restrictions on inbound or outbound connections.

Important note is due to a limitation in the implementation of MacVTap, these connections do not allow communication directly between the host and the guests.

Changes in .XML file of VM

In the .XML file of the guest OS I have changed the configuration of the network from the default to the direct, and found out that in guest machine appears an Ethernet connection with sub-net address is similar to our lab internet connection. 192.168.19.XXX

After some ping tests I have noticed that I cannot ping the host and guest machines from each other, while VMs on different hosts can communicate with each other.

In order to keep the connection of the host network and VMs created on one host, I have established the isolated network which allows us direct communication of the host and guest.

From the tutorial:

There is an alternate solution which preserves Network Manager compatibility while allowing guest and host to directly communicate. In short, the solution is use libvirt to create an isolated network, and give each guest a second interface that is connected to this network; host<-->guest communication will then take place over the isolated network.

1) Save the following XML to /tmp/isolated.xml:

isolated

(if the 192.168.254.0/24 network is already in use elsewhere on your network, you can choose a different network).

2) Create the network, set it to auto-start, and start it:

virsh net-define /tmp/isolated.xml virsh net-autostart isolated virsh net-start isolated

3) Edit (using "virsh edit $guestname") the configuration of each guest that uses direct (macvtap) for its network connection and add a new in the section similar to the following:

<-- This line is optional.

4) shutdown, then restart each of these guests.

Finally, I have two new network interfaces one is the etho0, which provides the guest VM with internet connection and another interface which keep the connection of host and guest on the same machine (with own IP address bun pingable).

Here links to the tutorials that I've used:

http://libvirt.org/formatnetwork.html#examplesDirect

http://seravo.fi/2012/virtualized-bridged-networking-with-macvtap

http://wiki.libvirt.org/page/Guest_can_reach_outside_network,but_can't_reach_host(macvtap))

Tested solutions

Firewall

1)I've figured out that possible problem of VMs connection on a different host servers might lie under the settings of Firewall which might block the incoming and outgoing signals. I have disabled it on a both host and guest computers using program called Gufw.

Gufw is an open source graphical user interface (GUI) for Uncomplicated Firewall. However this has not solved my problem. VM still could not communicate with each other.

ICMP protocol

2) I've looked under the ICMP protocols which, was also might filtering the outgoing and incoming signals to ping.

I've tried to change sysctl.conf files in order to setup IPv4 forwarding, and add some rules to the iptables, but it still did not influenced on a general problem.

Comments