Virtual Public Network Setup With Gentoo and KVM

This article will show you how to create a network with 5 virtual machines which have public IP addresses and can be accessed via Internet. Virtual machines will run on Gentoo.

Prerequisites

I assume that you’re using Gentoo on both local computer and the server, run the example commands with an administrative user (e.g. root permissions), and both machines are up and connected to the Internet. For virtualization, we will use Kernel-based Virtual Machine (KVM). KVM can only be used if your CPU supports the Vt-x (Intel) or AMD-V (AMD) extensions. If you want to check if your CPU supports KVM, then run the following command:

1
grep --color -E "vmx|svm" /proc/cpuinfo

As KVM works in kernel space you need to compile the corresponding modules. For detailed kernel configuration of your local computer and the host server, take a look at the article Creating Virtual Networks With KVM on Gentoo.

QEMU / libvirt / virt-manager setup

While The Quick Emulator (QEMU) can work with many virtualization drivers (such as KVM or XEN) or with its own built-in user-space driver, libvirt is a management tool for various virtualization solutions. As we want to use the virtual network capabilities and the QEMU support of libvirt, we need to enable the corresponding USE-flag on a server side.

So, the first step is to install libvirt on your local computer:

1
emerge -v libvirt

After you successfully installed libvirt, you can start it with:

1
/etc/init.d/libvirtd start

If you don’t want to manage your virtual machines from console, then you can install the virt-manager for managing your virtual machines, also on your local computer:

1
emerge -v app-emulation/virt-manager

After your local computer setup is ready, now you can start with setting up the server, where your local machines will be hosted. That’s why, we need to install libvirt on the server as well.

So, enable the qemu USE-flag:

1
echo "app-emulation/libvirt qemu" >> /etc/portage/package.use

After this, you need to start the libvirtd service. The next step is to install the following tools:

  • brctl (net-misc/bridge-utils)
  • tunctl (sys-apps/usermode-utilities)

Network setup

Now we need to set up our virtual network. I assume that you have a subnet of 6 usable addresses (x.x.x.6/29), and that your CPU is Intel. The first thing we need to do is to run the following commands in order to load the necessary modules:

1
2
modprobe tun
modprobe kvm-intel

If the CPU on your server is AMD, then you should run:

1
2
modeprobe tun
modprobe kvm-amd

The next step is to turn on the IP forwarding:

1
echo 1 > /proc/sys/net/ipv4/ip_forward

If you want to keep IP forwarding enabled and after reboot of the system, then you need to edit /etc/sysctl.conf file and in the following line change 0 to 1: net.ipv4.ip_forward = 1

As I already mentioned, we have a subnet of 6 usable public IP addresses. (x.x.x.6/29). Our usable addresses are: x.x.x.7, x.x.x.8, x.x.x.9, x.x.x.10, x.x.x.11, x.x.x.12. So, each KVM virtual machine will receive their own virtual network cards which are combined into a bridge. This bridge serves as gateway.

First, we need to set up the bridge. As this is going to operate as a gateway later on, it receives its own IP address. For this purpose, we will take the first IP from our subnet (x.x.x.7).

Then we add the bridge interface and set it up the IP address and subnet:

1
2
brctl addbr br0
ip address add x.x.x.7/29 dev br0

Next, we need to set up the virtual network interface for the first virtual machine:

1
tunctl -b -u root -t qtap0

Then, we need to add this interface to the bridge:

1
brctl addif br0 qtap0

And finally put the interface into promiscuous mode:

1
ip link set dev qtap0 promisc on

Last three steps need to be repeated for all the virtual machines. However, always increase qtap0, i.e. qtap1, qtap2 etc. The next step is to set up the routes for our virtual machines:

1
ip route add x.x.x.8 dev br0

This step needs to be repeated for all the other virtual machines as well. Make sure that you adjust the appropriate IP address each time. And that’s all you need to do about the network setup at the server side. Now, we need to set up the virtual machines.

Virtual machine setup

On your server, download the latest Gentoo ISO image appropriate for your machine. Then, move the ISO file to /var/lib/libvirt/images

On your local computer, start virt-manager and add a new connection to your server. Then, start a wizard for creating a new virtual machine instance. Select your ISO image, define the resources for new instance, such as amount of RAM, storage space and number of CPUs.

Please note that, on the end of this wizard you make sure that you turn ON the option: Customize configuration before install (this is important, soon you’ll see why).

Also, make sure that for Virt Type you select kvm, and that you select your Host device qtap0 (bridge you have created) under Advanced options. Finish the wizard, and wait for the new window where you can configure your virtual machine. You only need to remove the sound device, and then to click Begin installation.

Possible errors

In this phase, you can get to a few different errors. For example:

  • virt-manager expects qemu to be compiled with ALSA/PulseAudio support, so you should compile qemu with ALSA/PulseAudio support.

  • In order to avoid errors related to USB ports, compile qemu with usb and usbredir USE flags.

  • If you get an error message which is related to “spicevnc”, then you need to reinstall qemu on server with spice USE flag. This will enable Spice - a remote-display system built for virtual environments which allows users to view a computing “desktop” environment, not only on its computer-server machine, but also from anywhere on the Internet and using a wide variety of machine architectures.

Base installation

At this step, you should already have access to the virtual console running Gentoo ISO image. The first thing we need to do is the set up your network connectivity. We need to run the following commands:

1
2
ip address add x.x.x.8/29 dev eth0
ip route add default via x.x.x.7

Also, we need to edit /etc/resolv.conf and add the DNS server. In this case, we add Google Public DNS server:

1
nameserver 8.8.8.8

Now you should be able to ping your gateway (x.x.x.7), ping your own IP, and ping the Internet.

As we are going to install Gentoo on our virtual machines, go to the official Gentoo documentation and see the installation instructions. When you’ll get to kernel configuration, go to Creating Virtual Networks With KVM on Gentoo and follow the kernel setup.

If everything went OK, you now have installed Gentoo on virtual instance which is publicly visible from the Internet, and which can also “see” the Internet.

At this point, you just need to clone this virtual machine as many times as you want, using virt-manager, configure the network settings for all the machines (in our case, we make 4 clones) and you’ll have your network of virtual machines up and running.

The easier way

There is an easier way to set up the virtual network and to configure the virtual machines. In order to do this, you need to follow this guide until QEMU / libvirt / virt-manager setup (including this step as well). Then, come back here and continue.

One of the tools you’ll get, as a part of a libvirt core, is virsh - an interactive shell, and batch scriptable tool for performing management tasks on all libvirt managed domains, networks and storage. Using virsh you can create, delete, run, stop and manage your KVM virtual machines. More information you can find at Virsh Command Reference.

So, we will use virsh to make our virtual network, and configure all the virtual machines with appropriate IP addresses, MAC addresses and hostnames, by creating a simple libvirt XML file. To find out more about how to create these kinds of files, go to XML Format page.

Here’s our file:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
<network>
    <name>Subnet</name>
    <uuid>3e3fce45-4f53-4fa7-bb32-11f34168b82b</uuid>
    <forward dev='eno1' mode='route'>
      <interface dev='eno1'/>
    </forward>
    <bridge name='virbr3' stp='off' delay='0'/>
    <ip address='x.x.x.7' netmask='255.255.255.248'>
      <dhcp>
        <range start='x.x.x.8' end='x.x.x.12'/>
        <host mac='00:00:00:00:00:01' name='vm1' ip='x.x.x.8'/>
        <host mac='00:00:00:00:00:02' name='mv2' ip='x.x.x.9'/>
        <host mac='00:00:00:00:00:03' name='vm3' ip='x.x.x.10'/>
        <host mac='00:00:00:00:00:04' name='vm4' ip='x.x.x.11'/>
        <host mac='00:00:00:00:00:05' name='vm5' ip='x.x.x.12'/>
      </dhcp>
    </ip>
  </network>

We can see from the file that:

  • our virtual network is called Subnet
  • that our virtual network will route all traffic to physical network interface eno1
  • our bridge is called virbr3, with an IP address x.x.x.7
  • first virtual machine with the MAC address 00:00:00:00:00:01 will have hostname vm1 and the IP address x.x.x.8. For more details, take a look at this page.

Just notice that, when we create our virtual machines, it’s important to give them the appropriate MAC address, so they can automatically get the right hostnames and IP addresses.

Before you create an XML file for your virtual network, it’s good to check if there are already some virtual networks:

1
virsh net-list

Also, you should check which virtual interfaces already exist, so you don’t try to use the same in your XML file. You can check this with:

1
ip a

Once when you create this XML file on your server, you need to create your network with:

1
virsh net-define your_file.xml

Then run:

1
virsh net-list --all

and you should see your network, but shown as inactive. Now you just need to activate it with:

1
virsh net-start YourNetworkName

Now, when your new virtual network is active, you need to start virt-manager on your local computer, and add a new connection to your server. Then, start a wizard for creating a new virtual machine instance. Select your ISO image, define the resources for the new virtual machine, such as amount of RAM, storage space and number of CPUs.

On the end of this wizard make sure that you turn ON the option: Customize configuration before install.

Also, make sure that for Virt Type you select kvm, and that you select your virtual network device under Advanced options. It’s really important that you set the appropriate MAC address as well. Option Set a fixed MAC address must be on. In our case, for first virtual machine, we will set the following MAC address: 00:00:00:00:00:01 and it will automatically get the vm1 hostname and x.x.x.8 IP address. Then finish the wizard, and wait for the new window where you can configure your virtual machine. You only need to remove the sound device, and then to click Begin installation.

From this point, you can get back to Possible errors section, and continue with the Base installation section. Of course, you can skip the part with setting up network connectivity for the virtual machine, since this was already configured automatically.

That would be all. Have fun!

References:

Creating Virtual Networks With KVM on Gentoo
Hetzner - DokuWiki

Comments