KVM networking in RHEL 6 with network address translation

RHEL 6 uses network address translation for KVM networking. By changing the NAT configuration files, you can customize your setup.

Red Hat Enterprise Linux (RHEL) 6 now supports the Kernel-based Virtual Machine (KVM) hypervisor. The abstraction layer in KVM -- called libvirt -- runs KVM networking, and it’s where admins can customize virtual machine (VM) connections and track network devices in configuration files.

There are two approaches to KVM networking in libvirt: network address translation (NAT) and bridged networking. Network address translation is the default method, and bridged networking is meant only for very specific infrastructures.

For most admins, it’s best to start by understanding how KVM networking works in the default setup. By learning to navigate the NAT configuration files for network address translation, you'll also become familiar with the settings if you want to create a custom setup. You could, for instance, create multiple NAT interfaces that allow you to change network traffic between different machines.

NAT configuration files

You can find the NAT configuration for the default network address translation in the file /usr/share/libvirt/networks/default.xml. Here’s an example of what it looks like:

 [root@flo networks]# cat default.xml

    <network>

    <name>default</name>

    <bridge name="virbr0" />

    <forward/>

    <ip address="192.168.122.1" netmask="255.255.255.0">

    <dhcp>

    <range start="192.168.122.2" end="192.168.122.254" />

    </dhcp>

    </ip>

    </network>

The NAT configuration file names the network device first. It’s a bit confusing, but the default for network address translation is a KVM network bridge device. The NAT configuration then defines IP addresses. The KVM network bridge has its own IP address and a range of associated IP addresses that can be assigned to VMs using the Dynamic Host Configuration Protocol. You can change these KVM networking parameters by modifying the configuration file and restarting the network or by using the graphical management interface in virt-manager, KVM’s virtual machine manager.

Using the virsh net-listcommand, you can automatically start the default NAT interface. After you start the physical host, you’ll see a virbr0 device. When you start the VMs, they’ll connect to this device and use network address translation to connect to one another and the host. This NAT configuration shows how two VMs have their network interface cards (NICs) connected to the virbr0 device. 

[root@flo networks]# brctl show

Bridge name Bridge ID        STP enabled Interfaces
virbr0   8000.fe5400113597 yes vnet0
      vnet1

Each VM’s configuration file also indicates which network connects that VM to the host. For example:

    <interface type='network'>

    <mac address='52:54:00:11:35:97'/>

    <source network='default'/>

    <model type='virtio'/>

    <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>

    </interface>

In this VM’s configuration, the VM is connected through the host’s default network, but you’re free to connect to other network adapters on the host for more versatile KVM networking.

To implement the virtual network, the host automatically sets up IP forwarding, as well as iptables rules that create the network address translation device. IP forwarding is specified in the /proc/sys/net/ipv4/ip_forward file, which must contain the value 1 to enable the forwarding. The iptables rules are written to the Prerouting, Postrouting and Forward chains in the NAT table on the host. Make sure you don’t change them by accident, because that will break KVM networking connections to your host.

More on KVM in RHEL 6

This was first published in May 2011

Dig deeper on Open source virtualization

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVMware

SearchWindowsServer

SearchCloudComputing

SearchVirtualDesktop

SearchDataCenter

Close