KVM+libvirt环境搭建
1. 查看系统是否支持kvm虚拟化
egrep '(vmx|svm)' --color /proc/cpuinfo
2. 安装KVM及相关依赖包:qemu-kvm, libvirt-bin, bridge-utils, sasl2-bin
sudo apt-get install qemu-kvm libvirt-bin bridge-utils sasl2-bin
3. 编辑文件/etc/default/libvirt-bin,修改libvirtd_opts 参数
libvirtd_opts="-d -l"
4. 编辑/etc/libvirt/libvirtd.conf 去掉如下两行参数注释
listen_tls = 0
listen_tcp = 1
5. 重启libvirt服务
sudo service libvirt-bin restart
6. 启用KVM虚拟系统管理器
sudo virt-manager
virbr0是KVM默认创建的一个Bridge,其作用是为连接其上的虚机网卡提供NAT访问外网的功能。
Open Vswitch安装
OVS是一个多层虚拟交换机,可以在VM环境中很好地实现虚拟交换机的功能。
sudo apt-get install openvswitch-switch
查看当前ovs版本(print overview of database contents)
sudo ovs-vsctl show
查看ovs使用帮助
ovs-vsctl --help
添加网桥(create a new bridge named 'br-int')
sudo ovs-vsctl add-br br-int
删除网桥(delete 'br-int' and all of its ports)
sudo ovs-vsctl del-br br-int
启动指定的网络设备
sudo ifconfig br-int up
显示所有的网桥名(print the names of all the bridges)
sudo ovs-vsctl list-br
将enp5s0网卡添加进网桥br-int(add network device 'enp5s0' to 'br-int')
sudo ovs-vsctl add-port br-int enp5s0
显示网桥br-int上所有的端口名(print the names of all the ports on 'br-int')
sudo ovs-vsctl list-ports br-int
显示网桥br-int上所有的接口名(print the names of all interfaces on 'br-int')
sudo ovs-vsctl list-ifaces br-int
设置连接的控制器
连接到IP为192.168.1.55,端口为6633的控制器
sudo ovs-vsctl set-controller br-int tcp:192.168.1.55:6633
删除连接的控制器
sudo ovs-vsctl del-controller br-int
列出br-int所连接的控制器
sudo ovs-vsctl get-controller br-int
流操作命令
查看交换机SWITCH上的流表(print all flow entries)
sudo ovs-ofctl dump-flows SWITCH
添加流表(add flow described by FLOW)
sudo ovs-ofctl add-flow SWITCH FLOW
显示端口及对应端口号(show OpenFlow information)
sudo ovs-ofctl show SWITCH
删除匹配的流表(delete matching FLOWs)
sudo ovs-ofctl del-flows SWITCH [FLOW]
拓扑:一个网桥br-int连接两个虚机vm1和vm2
两个虚机的ip处于相同网段时,OVS流表配置如下:
vm1的ip: 10.0.0.10,vm2的ip: 10.0.0.11
sudo ovs-ofctl add-flow br-int "ip,nw_dst=10.0.0.10 actions=output:1"
sudo ovs-ofctl add-flow br-int "ip,nw_dst=10.0.0.11 actions=output:2"
sudo ovs-ofctl add-flow br-int "arp,arp_tpa=10.0.0.10 actions=output:1"
sudo ovs-ofctl add-flow br-int "arp,arp_tpa=10.0.0.11 actions=output:2"
两个虚机的ip处于不同网段时,OVS流表配置如下:
vm1的ip: 10.0.0.10,网关: 10.0.0.1
vm2的ip: 10.0.10.11,网关: 10.0.10.1
sudo ovs-ofctl add-flow br-int "in_port=1,arp,arp_tpa=10.0.0.1,arp_op=1 actions=load:0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],load:0x5254008B9CB2->NXM_NX_ARP_SHA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],load:0x0a000001->NXM_OF_ARP_SPA[],in_port"
sudo ovs-ofctl add-flow br-int "in_port=2,arp,arp_tpa=10.0.10.1,arp_op=1 actions=load:0x2->NXM_OF_ARP_OP[],move:NXM_NX_ARP_SHA[]->NXM_NX_ARP_THA[],load:0x5254004AADC2->NXM_NX_ARP_SHA[],move:NXM_OF_ARP_SPA[]->NXM_OF_ARP_TPA[],load:0x0a000a01->NXM_OF_ARP_SPA[],in_port"
(simple operation): sudo ovs-ofctl add-flow br-int "icmp,icmp_type=8,icmp_code=0 actions=push:NXM_OF_ETH_SRC[],push:NXM_OF_ETH_DST[],pop:NXM_OF_ETH_SRC[],pop:NXM_OF_ETH_DST[],push:NXM_OF_IP_SRC[],push:NXM_OF_IP_DST[],pop:NXM_OF_IP_SRC[],pop:NXM_OF_IP_DST[],load:0xff->NXM_NX_IP_TTL[],load:0x0->NXM_OF_ICMP_TYPE[],in_port"
sudo ovs-ofctl add-flow br-int "in_port=1,icmp actions=push:NXM_OF_ETH_DST[],pop:NXM_OF_ETH_SRC[],mod_dl_dst:52:54:00:8B:9C:B2,output:2"
sudo ovs-ofctl add-flow br-int "in_port=2,icmp actions=push:NXM_OF_ETH_DST[],pop:NXM_OF_ETH_SRC[],mod_dl_dst:52:54:00:4A:AD:C2,output:1"
sudo ovs-ofctl dump-flows br-int
sudo ovs-ofctl del-flows br-int icmp
常用virsh指令
1)virsh list 列出当前虚拟机列表,不包括未启动的
2)virsh list --all 列出所有虚拟机,包括所有已经定义的虚拟机
3)virsh destroy vm-name 关闭虚拟机
4)virsh start vm-name 启动虚拟机
5)virsh edit vm-name 编辑虚拟机xml文件
6)virsh undefine vm-name 删除虚拟机
7)virsh shutdown vm-name 停止虚拟机
8)virsh reboot vm-name 重启虚拟机
9)virsh autostart vm-name 虚拟机随宿主机启动
10)virsh console vm-name 登录虚拟机
查看arp缓存
arp -a
arp -n
4040
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
