KVM using the Openvswitch

Running KVM using the Openvswitch one way to attach VMs to the network. When using libvirt 1.02 and higher, several configuration options are available. The virt-manager can only use openvswitch fake bridges, so the virt-manager is not the best tool to configure the network interfaces for VM’s.

There are two ways to define libvirt networks:

  • define the whole network configuration in the xml file of the VM (virsh edit <VM>)
  • define the forwarding part using net-* commands of virsh

Edit the VM xml file

The configuration can be split info different parts. One part is the generic part covering the basic interface configuration. The extended part convers the type of the link (untagged or tagged) and the assignment to one or more vlans.

The configuration should be added using „virsh edit <vmname>„. For the examples here, I will use the name vmtest.

The generic part

The generic part looks like the following section:

    <interface type='bridge'>
      <virtualport type='openvswitch'>
      </virtualport>
      <target dev='veth0-vmtest'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
    </interface>

The parameters are:

  • the interface type is always a bridge.
  • no need to specify the mac address – a host unique address will be added by libvirt
  • the virtualport line marks the interface a an openvswitch port
  • I strongly recommend to set the target device name. This is the name of the network interface seen on the openvswitch. I always start the name with „veth“. The number following is the interface number on the guest. And I add the name of the VM. So veth0-vmtest corresponds to eth0 on the guest vmtest. If you do not set the interface name, they will get vnet<some number>. If you have to troubleshoot something on the virtual network, predefined interface names help a lot.
  • the model type should be virtio. This gives the bst performance without emulation a physical network card.
  • The line with address defines the virtual pci slot. Be sure to use unique numbers per VM. domain, bus and function are zero by default. The slot number increases per card in the VM. The card with the lowest slot number will be eth0! This entry should be synchronized with the target device name.

An untagged port

If you want to stick the VM to one vlan on the openvswitch, the generic configuration must be extended by four lines lines:

      <source bridge='brtest'/>
      <vlan>
        <tag id='2001'/>
      </vlan>

The parameters are:

  • The source bridge is the name openvswitch bridge, you created using „ovs-vsctl add-br brtest“
  • The next three lines will ensure, that the openvswitch port will be put into vlan 2001

The openvswitch will drop all tagged packets. This is the default setup, that you want to use, when running VMs.

A tagged port with a restricted vlan list

If you want the VM to access multiple vlans on the openvswitch, the generic configuration must be extended by the following lines:

      <source bridge='brtest-ext'/>
      <vlan trunk='yes'>
        <tag id='2102'/>
        <tag id='2103'/>
        <tag id='2110'/>
        <tag id='2999'/>
        <tag id='3000'/>
      </vlan>

The parameters are:

  • The source bridge is the name openvswitch bridge, you created using „ovs-vsctl add-br brtest-ext“
  • The vlan line contains now the additional parameter ‚trunk=yes‘. This tells the openvswitch to accept tagged packets.
  • The tag lines contain one allowed vlan tag per line. If you need multiple tags, you must add one line per tag. In the example, 5 tags are used on the link.

If you omit the vlan and tag lines, you are creating a link, which transports untagged packets AND tagged packets allowing ALL vlans.

The complete configuration

The complete configuration for our VM is now:

    <interface type='bridge'>
      <source bridge='brtest'/>
      <vlan>
        <tag id='2001'/>
      </vlan>      
      <virtualport type='openvswitch'>
      </virtualport>
      <target dev='veth0-vmtest'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
    </interface>

    <interface type='bridge'>
      <source bridge='brtest-ext'/>
      <vlan trunk='yes'>
        <tag id='2102'/>
        <tag id='2103'/>
        <tag id='2110'/>
        <tag id='2999'/>
        <tag id='3000'/>
      </vlan>
      <virtualport type='openvswitch'>
      </virtualport>
      <target dev='veth1-vmtest'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
    </interface>

Native vlan

As with libvirt 1.02, it is not possible to use one vlan as the native vlan. Later libvirt versions support this. When a version is available for Ubuntu, I’ll add the necessaty section.

Define libvirt networks

The other method is to split the network configuration. The global part, which is the same for many VMs, can be defined using the virsh net-* commands. For the first network the procedure would be:

Create an xml file (example name here mgmt.xml) using an editor of your choice. The file for the untagged interface should look like:

<network>
  <name>Mgmt-2001</name>
  <forward mode='bridge'/>
  <bridge name='brtest' />
  <virtualport type='openvswitch'>
  </virtualport>
  <vlan>
     <tag id='2001'/>
 </vlan>
</network>

The parameters are:

  • The name of the network
  • The forward mode is set to bridge — in the VM config, this is the interface type
  • The bridge name — in the VM config, this is the source bridge
  • The virtualport entry is the same as in the Vm config
  • The vlan and tag entries are the same as in the VM config

Then you must „import“ the network definition to libvirt using the commands:

#
# import the net config to libvirt
virsh net-define mgmt.xml
#
# start the new network - necessary to use it in libvirt
# this DOES NOT create or touch the bridge!
# this is only for the internal libvirt management
virsh net-start Mgmt-2001
#
# do not forget to set autostart for the network
# if you forget this, the network will not be available after
# the next system boot or libvirt restart
virsh net-autostart Mgmt-2001
#
# verify the status of the network
virsh net-list

The interface configuration for the VM should be changed to use the created network

    <interface type='network'>
      <source network='Mgmt-2001'/>
      <target dev='veth0-test1'/>
      <model type='virtio'/>
    </interface>

This looks much simpler now compared to the section above. The parameters are:

  • interface type = network tells libvirt to use a predefined network
  • source network is the name of the predefined network
  • target dev ist the name of the interface as seen by the openvswitch (see my comments for this in the above section)
  • model should be set to virtio to get the best performance

 

Updated: 09/11/2013 — 21:47