1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
|
%%$Id: networking.tex,v 1.9 2009-03-02 16:15:15 potyra Exp $
%% vim:tabstop=8:shiftwidth=8:textwidth=72
% Copyright (C) 2003-2009 FAUmachine Team <info@faumachine.org>.
% This program is free software. You can redistribute it and/or modify it
% under the terms of the GNU General Public License, either version 2 of
% the License, or (at your option) any later version. See COPYING.
This chapter describes, how to connect your virtual machines to the real
network.
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Overview}
\label{s:networking.overview}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
To connect a virtual network to real machines, there is a special
FAUmachine Networking Process which transfers network packets
from and to a virtual machine.
This binary is called \command{faum-bridge-net};
only a single invocation is allowed.
The configuration file is very similar to that of the virtual ethernet
interfaces.
There are several modes of operation for the network bridge: \emph{slirp} or
\emph{tuntap}.
%%======================================================================
\subsection{slirp Mode}
\label{s:networking.overview.slirp}
%%======================================================================
When using this mode, network packets sent by the virtual system
are interpreted by the network bridge, which issues corresponding system calls
on the hosting machine.
This way, the virtual machine can connect to any machine or service
that is reachable for a normal user on the hosting machine, too.
However, it is not possible to listen for incoming connections and to
use special services that depend on privileged ports (for example nfs).
This mode is recommended for most users as it is easy to set up and
does not require special privileges.
We have included a slightly modified \command{slirp} (for the specific
needs of \package) with \package. The original \command{slirp} can be
found at \ulink{http://slirp.sourceforge.net/}.
%%======================================================================
\subsection{tuntap Mode}
\label{s:networking.overview.tuntap}
%%======================================================================
When using the tuntap mode, a new network interface is created on the
hosting system.
All network packets transferred or received at this interface are
transferred to/from the virtual network.
By using standard network tools, this new interface can be configured
to forward or bridge packets to a real network interface.
The network bridge needs access to /dev/tuntap which can be achieved
in usermode by setting access permissions for this device. But setting
up the new interface requires root privileges for the \command{ifconfig} calls.
The transfer rate is much higher than with slirp (about 500kB/s here).
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Configuration of the network bridge}
\label{s:networking.config}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
The easiest way to set up a network bridge for your virtual
network is to use our \launcher which can create the configuration for
you.
If you create a virtual machine, you can connect it to a virtual network.
Each virtual network can be connected to the real network via
a network bridge.
If you select 'Bridged' or 'Routed' network in the Network/Edit
dialog, then a corresponding network bridge configuration will
created in the \Filename{~/.FAUmachine/net\#} directory (where
\Filename{\#} is a number).
%FIXME noch besser auf Bridged/Routed eingehen
The rest of this sections describes the configuration files in detail.
%%======================================================================
\subsection{Connecting to virtual machines}
%%======================================================================
Configuration of the network bridge is stored in a directory,
just like the configuration of your virtual machines.
This directory contains the files \Filename{host}, \Filename{name},
\Filename{upstream} and \Filename{upstream-method}.
The files \Filename{host} and \Filename{name} are used by the \launcher
only, the network bridge itself ignores them. \Filename{host} tells the
\launcher on which real machine the bridge should be started.
\Filename{name} contains the network name displayed in the \launcher's
menus.
The files \Filename{upstream} and \Filename{upstream-method} are read by
the network bridge.
\Filename{upstream} lists all those virtual machines belonging to this virtual
network. It looks similar to the NE2000 config for virtual machines
(see section \ref{s:configmanual.netcard}), but
does not contain an interrupt number or IO address.
\Filename{upstream-method} contains configuration information for the
method used to connect the virtual machines to the real network (either
slirp or tuntap). The following sections give the details.
%%======================================================================
\subsection{slirp configuration}
\label{s:networking.config.slirp}
%%======================================================================
There are two submodes that select how the network bridge responds to ARP requests.
If you use "\command{slirp router \replaceable{ip-address}}" in your
\Filename{upstream-method}, the network bridge responds to the
given IP-address, which should be used as the default router in the
virtual system.
If you use "\command{slirp bridge \replaceable{eth-interface}}", the
bridge forwards requests from the virtual network to the ethernet
interface on the real machine given in the file. This way, a virtual
machine will think that all real machines present in the real network
are present in the virtual network as well. However, all slirp
constraints are still valid and real machines cannot see the virtual
machines.
To avoid some traffic in the real network (necessary for ARP-lookups),
you can explicitly provide a list of IP-address/ARP-address pairs for
those real machines, which should be visible in the virtual network.
Create a file \Filename{slirp-arp}, consisting of lines with mac address
and IP address, as in /etc/ethers(5).
To use only this file, without any automatic configuration,
put "\command{slirp manual}" into \Filename{upstream-method}.
%%======================================================================
\subsection{tuntap configuration}
\label{s:networking.config.tuntap}
%%======================================================================
Tuntap mode is enabled by putting "\command{tuntap
\replaceable{eth-interface}}" into \Filename{upstream-method}.
The specified interface will be created on the real machine.
This interface can be used to communicate with the virtual machines.
In order to use the interface, it has to be configured, requiring root
privileges.
Everything that is possible with a normal network interface can be
accomplished with the new interface.
There are two common configurations which are described below.
If you want to automatically set up the interface, you should
have a look at the network setup of your linux distribution.
They often provide a flexible framework which can do that.
\begin{itemize}
\item Routing:
Set up the interface: \command{ifconfig FAUmachine0 10.10.1.1 up},
then enable forwarding: \command{echo 1 > /proc/sys/net/ipv4/ip\_forward}.
\item Bridging:
You need a kernel with bridging support and the corresponding userspace
tools (\Filename{bridge-utils}).
Then create a bridge (\command{brctl addbr br0}) and add all interfaces
that should be connected to that bridge (\command{brctl addif eth0;
brctl addif FAUmachine0}).
All interfaces that are added to the bridge should be up, but without
assigning an IP address (\command{ifconfig FAUmachine0 0.0.0.0 up}).
When the bridge is ready, you can assign an IP address and routes to
that bridge as you would do with a normal interface.
All interfaces will be connected so that it looks as if
your virtual machines are part of the normal network.
\end{itemize}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\section{Network Configuration of the Virtual Machines}
\label{s:networking.vm}
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
Both slirp and tuntap mode have two submodes: router and bridge.
Network configuration of the virtual machines has to be different
for each of these submodes.
In bridge mode, the virtual machines have to be configured similar
to the host machine. That means, you need the same network/netmask and
the same default route, but a different, unique IP address.
In router mode, the virtual machines are in a different network.
You can use any IP address which belongs to that net.
If you do not know which net you should use,
just take network 10.0.0.0 / netmask 255.0.0.0.
The default route you configure in your virtual machines must match
the IP address specified in the \command{slirp router} config or
the one given to the tuntap interface.
|
