Jul 5

[原]Asianux 4.0 中KVM 使用桥接 多云

linuxing , 17:16 , 网络服务 » 常见服务 , 评论(0) , 引用(0) , 阅读(37593) , Via 本站原创 | |
    默认情况下,Asianux 4.0 中带的KVM 虚拟机是使用NAT模式的,但为了更方便的使用。(例如,用PXE 安装系统)我们更喜欢像VMware下的桥接(bridge)方式。不过,这有点麻烦,需要手动改改配置。

一、准备工作
当前系统的网卡:
引用
# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:50:56:85:44:3F
          inet addr:192.168.228.216  Bcast:192.168.228.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fe85:443f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5818 errors:0 dropped:0 overruns:0 frame:0
          TX packets:959 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1307576 (1.2 MiB)  TX bytes:135507 (132.3 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

virbr0    Link encap:Ethernet  HWaddr 26:F5:C8:B8:B7:67
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:3641 (3.5 KiB)

eth0是物理网卡,virbr0是KVM用的虚拟网卡(本身就是一个桥接设备)。我们需要做的,就是创建一个桥接设备,然后把eth0加进去。
要使用桥接,必须安装bridge-utils 组件:
引用
# rpm -qa|grep bridge
bridge-utils-1.2-9.AXS4.x86_64

当前状态:
引用
# brctl show
bridge name     bridge id               STP enabled     interfaces
virbr0          8000.000000000000       yes

二、配置桥接
1、关闭NetworkManager服务
NetworkManager 会检查网卡状态,并更新。但其不支持桥接设备。因此,当我们修改eth0网卡配置时,会马上生效(网络会中断)。所以,若你是进行远程配置的,请把该服务关掉:

# service NetworkManager stop

2、创建桥接设备
创建一个新文件,内容如下:
引用
# cat /etc/sysconfig/network-scripts/ifcfg-bridge0
DEVICE=bridge0
TYPE=Bridge
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.228.216
NETMASK=255.255.255.0
GATEWAY=192.168.228.153
DNS1=192.168.228.153
DELAY=0

※ 若有多个网卡,可把GATEWAY 写到/etc/sysconfig/network文件中。
※ 若使用DHCP获取该设备IP,可改为BOOTPROTO=dhcp 。


3、修改物理网卡配置
关键在BRIDGE字段,设备名需要与上面创建的桥接设备一致,并关闭NetworkManager监控:
引用
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=none
HWADDR=00:50:56:85:44:3f
NM_CONTROLLED=no
ONBOOT=yes
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
BRIDGE=bridge0

重启网络服务:

# service network restart

查看状态:
引用
# ifconfig
bridge0       Link encap:Ethernet  HWaddr 00:50:56:85:44:3F
          inet addr:192.168.228.216  Bcast:192.168.228.255  Mask:255.255.255.0
          inet6 addr: fe80::250:56ff:fe85:443f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:137 errors:0 dropped:0 overruns:0 frame:0
          TX packets:123 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:12303 (12.0 KiB)  TX bytes:17023 (16.6 KiB)

eth0      Link encap:Ethernet  HWaddr 00:50:56:85:44:3F
          inet6 addr: fe80::250:56ff:fe85:443f/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:8069 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1403 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1816084 (1.7 MiB)  TX bytes:200274 (195.5 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

virbr0    Link encap:Ethernet  HWaddr 26:F5:C8:B8:B7:67
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:3871 (3.7 KiB)
# brctl show
bridge name     bridge id               STP enabled     interfaces
bridge0             8000.00505685443f       no              eth0
virbr0          8000.000000000000       yes
# route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.228.0   *               255.255.255.0   U     0      0        0 bridge0
192.168.122.0   *               255.255.255.0   U     0      0        0 virbr0
link-local      *               255.255.0.0     U     1008   0        0 bridge0
default         192.168.228.153 0.0.0.0         UG    0      0        0 bridge0
# ping -c2 www.163.com
PING 163.xdwscache.glb0.lxdns.com (121.14.228.43) 56(84) bytes of data.
64 bytes from 121.14.228.43: icmp_seq=1 ttl=56 time=3.49 ms
64 bytes from 121.14.228.43: icmp_seq=2 ttl=56 time=18.4 ms

--- 163.xdwscache.glb0.lxdns.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1020ms
rtt min/avg/max/mdev = 3.497/10.962/18.428/7.466 ms
# nslookup www.163.com
Server:         192.168.228.153
Address:        192.168.228.153#53

Non-authoritative answer:
www.163.com     canonical name = www.cache.wangsu.netease.com.
www.cache.wangsu.netease.com    canonical name = www.163.com.lxdns.com.
www.163.com.lxdns.com   canonical name = www.163.z.lxdns.com.
www.163.z.lxdns.com     canonical name = 163.xdwscache.glb0.lxdns.com.
Name:   163.xdwscache.glb0.lxdns.com
Address: 183.60.136.64
Name:   163.xdwscache.glb0.lxdns.com
Address: 121.14.228.43

可见,桥接已经完成。这时,只要在创建KVM时,选择该桥接设备即可:
点击在新窗口中浏览此图片

三、手动管理桥接设备
用类似下面几个命令参数,可手动配置桥接:

# brctl delif virbr0 vnet0
# brctl delif virbr0 vnet1
# brctl addif bridge0 vnet0
# brctl addif bridge0 vnet1

四、防火墙配置
配置iptables
引用
Configure iptables to allow all traffic to be forwarded across the bridge.
# iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
# service iptables save
# service iptables restart

或者 disable iptables on bridges。
在/etc/sysctl.conf 配置文件中,添加如下行:
引用
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

通过sysctl 命令,然后重新加载kernel parameter

# sysctl –p /etc/sysctl.conf
Tags: ,
发表评论
表情
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
打开HTML
打开UBB
打开表情
隐藏
记住我
昵称   密码   游客无需密码
网址   电邮   [注册]