All Categories


Linux KVM Networking using TAP devices (without bridge)

KVM guests are typically setup using bridge networking. Using a bridge in your KVM Network setup is not actually required, you can bypass bridge setup altogether. But why you ask? Because these days people often administer systems remotely and setting up a newtork bridge typically requires a networking restart, something that could possibly be problematic when done remotely. My thinking is if you don't actually need to setup a networking bridge, then why do it? Its surprisingly easy to setup tap interfaces on their own as you'll discover in the steps below.

For the purposes of this guide its assumed you already know how to setup KVM guests and only need help with the KVM networking setup. Its also assumed you have already installed (enabled) the KVM kernel module and qemu on your system. All commands executed in this guide can be performed on a Centos 6 and/or Centos 7 system as the "root" user, I have given the commands required for both systems. Below host "melbourne1" is centos 6 and host "localhost" is centos 7. For other linux distributions it's likely you can execute the same or similar (equivalent) commands.

STEP#1 Create TAP (tap0) interface (virtual device)

Centos 6

[root@melbourne1 ~]# tunctl -t tap0 -u root
Set 'tap0' persistent and owned by uid 0
[root@melbourne1 ~]#

Centos 7

[root@localhost /]# ip tuntap add tap0 mode tap
[root@localhost /]#

 

STEP#2 Bring Up tap0 Interface and confirm its active

Centos 6

[root@melbourne1 ~]# ip link set tap0 up
[root@melbourne1 ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:21:90:A0:2D:4A  
          inet addr:106.11.21.30  Bcast:106.11.21.255  Mask:255.255.255.0
          inet6 addr: fe80::225:10ff:fe20:2d4a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11440728523 errors:0 dropped:0 overruns:1602400 frame:0
          TX packets:12935251464 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:4340122381780 (3.9 TiB)  TX bytes:5473758103648 (4.9 TiB)
          Memory:fba20000-fba40000 

eth1      Link encap:Ethernet  HWaddr 00:21:90:E5:3D:4B  
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Memory:fba00000-fba20000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:48143 errors:0 dropped:0 overruns:0 frame:0
          TX packets:48143 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:2823188 (2.6 MiB)  TX bytes:2823188 (2.6 MiB)

tap0      Link encap:Ethernet  HWaddr F2:56:71:D5:57:BC  
          inet6 addr: fe80::f056:71ff:fed5:27bc/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:357111218 errors:0 dropped:0 overruns:0 frame:0
          TX packets:218071395 errors:0 dropped:220 overruns:246832 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:87783924297 (81.7 GiB)  TX bytes:45891205347 (42.7 GiB)

venet0    Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet6 addr: fe80::1/128 Scope:Link
          UP BROADCAST POINTOPOINT RUNNING NOARP  MTU:1500  Metric:1
          RX packets:12291286380 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10454330081 errors:0 dropped:16345 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:5130816718297 (4.6 TiB)  TX bytes:3793441575865 (3.4 TiB)

[root@melbourne1 ~]#

Centos 7

[root@localhost /]# ip link set tap0 up
[root@localhost /]# ifconfig
enp2s0: flags=4163  mtu 1500
        inet 192.168.0.107  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::52e5:49ff:fece:a1f3  prefixlen 64  scopeid 0x20
        ether 50:e5:49:ce:d1:f3  txqueuelen 1000  (Ethernet)
        RX packets 24794  bytes 24706325 (23.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 21939  bytes 3398480 (3.2 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 1  collisions 0

lo: flags=73  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10
        loop  txqueuelen 0  (Local Loopback)
        RX packets 4  bytes 340 (340.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4  bytes 340 (340.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tap0: flags=4099  mtu 1500
        ether 4a:bd:0f:b4:21:cb  txqueuelen 500  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:07:99:96  txqueuelen 0  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

[root@localhost /]# 

Here you can see on both Centos 6 and Centos 7 KVM systems we now have a tap interface active (tap0) and ready for use. Note there is also a bridge interface present but it is not being used, nor is it necessary to setup.

STEP#3 Enable proxy_arp on tap device

Centos 6 & Centos 7

[root@localhost /]# echo 1 > /proc/sys/net/ipv4/conf/tap0/proxy_arp
[root@localhost /]# 

 

STEP#4 Add Route for each KVM Guest IP

Centos 6 & Centos 7

In this example I'm wanting to assign IP 192.168.0.108 to the KVM Guest, so I setup routing for this IP to the tap0 interface. I then check the routing table to see the new route to tap0. Below shows the Centos 7 system output only, its the same for Centos 6 just change "enp2s0" to "eth0".

[root@localhost /]# ip route add 192.168.0.108 dev tap0
[root@localhost /]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.0.1     0.0.0.0         UG    100    0        0 enp2s0
192.168.0.0     0.0.0.0         255.255.255.0   U     100    0        0 enp2s0
192.168.0.108   0.0.0.0         255.255.255.255 UH    0      0        0 tap0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
[root@localhost /]#

 

STEP#5 Broadcast Arp for each KVM Guest IP

Centos 6

We now broadcast over the local Network that all ARP requests for our KVM Guest IP be sent to eth0. In this example we're still using KVM Guest IP 192.168.0.108

[root@melbourne1 ~]# arp -Ds 192.168.0.108 eth0 pub
[root@melbourne1 ~]#

Centos 7

Since Centos 7 now uses different ethernet labels the command would look like this for Centos 7

[root@localhost /]# arp -Ds 192.168.0.108 enp2s0 pub
[root@localhost /]#

 

STEP#6 KVM qemu command to startup Guest using tap0 device

Centos 6 & Centos 7

Here is a list of typical command line arguments you'd pass to /usr/libexec/qemu-kvm to start your KVM guest - using the tap0 interface:

  • -drive file=/vz/kvm/1000.qcow2,cache=none (qcow2 virtual disk without caching)
  • -m 4000 (4GB Memory)
  • -smp 6 (6 cores)
  • -net nic,macaddr=56:44:45:30:31:32,vlan=0 -net tap,script=no,ifname=tap0,vlan=0 (virtual tap interface)
  • -vnc 106.7.22.30:44 (VNC capability on IP 106.7.22.30 & port 44)
  • -daemonize (daemonized this command so it runs in the background)

The full command:

[root@localhost /]# /usr/libexec/qemu-kvm -drive file=/vz/kvm/1000.qcow2,cache=none -m 4000 -smp 6 -net nic,macaddr=56:44:45:30:31:32,vlan=0 -net tap,script=no,ifname=tap0,vlan=0 -vnc 106.7.22.30:44 -daemonize
[root@localhost /]#


That's it ! You now have a KVM Guest (VPS) with internet connectivity through a bridgeless tap interface, which operates just like a normal NIC for all intensive purposes.




About the Author

Administrator

Most Viewed - All Categories