上文接创建DomU。
查看当前虚拟实例状态
[root@virt-server ~]# xl list
Name ID Mem VCPUs State Time(s)
Domain-0 0 1024 2 r----- 111.5
CentOS6.10-001 6 1024 1 -b---- 15.1
销毁掉之前创建的虚拟实例。注意销毁掉虚拟实例后,它的网卡、前半段后半段相应的也都被删掉了
[root@virt-server ~]# xl destroy 6
[root@virt-server ~]# xl list
Name ID Mem VCPUs State Time(s)
Domain-0 0 1024 2 r----- 113.7
[root@virt-server ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::20c:29ff:fe28:bf21 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:28:bf:21 txqueuelen 1000 (Ethernet)
RX packets 348499 bytes 455118099 (434.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 95950 bytes 16188333 (15.4 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
xenbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.245.131 netmask 255.255.255.0 broadcast 192.168.245.255
inet6 fe80::20c:29ff:fe28:bf21 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:28:bf:21 txqueuelen 1000 (Ethernet)
RX packets 33446 bytes 1740242 (1.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 33242 bytes 9159095 (8.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
因为某些硬件支持原因,需要在创建的时候把虚拟实例的类型builder从之前的generic改成hvm。
隔离模型、桥接模型理论知识讲解
该网络模型的实现是通过在宿主机中创建一个虚拟网桥(V-Switch),然后将所有的虚拟主机上网卡的后半段(每个虚拟机的网卡包含前半段和后半段,前半段在虚拟机上,后半段在宿主机上)桥接到这个虚拟网桥中,即实现虚拟主机的网络隔离,无论是与宿主机还是外部网络均无法通信
桥接模型其实就是把物理网卡eth0搭在虚拟网桥V-Switch上,这样虚拟网桥就具备了和外界通信的能力
动手实践
上文接创建DomU,查看一下当前eth0和xenbr0的网卡配置文件
[root@virt-server ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eth0
DEVICE=eth0
ONBOOT=yes
PEERDNS=no
BRIDGE=xenbr0
[root@virt-server ~]# cat /etc/sysconfig/network-scripts/ifcfg-xenbr0
TYPE=Bridge
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=xenbr0
DEVICE=xenbr0
ONBOOT=yes
IPADDR=192.168.245.131
GATEWAY=192.168.245.2
PEERDNS=no
可看到物理网卡eth0已经桥街道虚拟网桥xenbr0上了,故而现在是一个桥接模型,虚拟网桥、以及所创建的虚拟实例都能够访问外网。
而虚拟网桥xenbr0是有地址的,其实它可以没有地址,让它有地址的目的是为了可以通过这个地址去访问到我们的宿主机上,进而对其进行管理。
恢复原状
现在摒弃之前的操作,从新开始。首先需要恢复原状,即先删除网桥(可看https://blog.csdn.net/qq_43527718/article/details/123983511?spm=1001.2014.3001.5501)
[root@virt-server ~]# mv /etc/sysconfig/network-scripts/ifcfg-xenbr0 /etc/sysconfig/network-s
eth0
mv: overwrite ‘/etc/sysconfig/network-scripts/ifcfg-eth0’? y
[root@virt-server ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
[root@virt-server ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.245.131
GATEWAY=192.168.245.2
PEERDNS=no
[root@virt-server ~]# ifconfig xenbr0 0;brctl delif xenbr0 eth0;ip link set xenbr0 down;brctl delbr xenbr0;systemctl restart network
[root@virt-server ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.245.131 netmask 255.255.255.0 broadcast 192.168.245.255
inet6 fe80::20c:29ff:fe28:bf21 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:28:bf:21 txqueuelen 1000 (Ethernet)
RX packets 349995 bytes 455249681 (434.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 96616 bytes 16255905 (15.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
实现隔离模型
需要做的:创建一个虚拟网桥,这个虚拟网桥有两个虚拟主机,这两个虚拟主机把网卡的后半段接到虚拟网桥上。物理网桥eth0跟它们是没有关系的,这样就能实现:Guest OS1的地址能够通Guest OS2的,但是不能通外网的。
首先启动虚拟实例
复制一下配置文件、复制一下映像文件
[root@virt-server ~]# cd /xen/config.d
[root@virt-server config.d]# ls
centos6-10.cfg
[root@virt-server config.d]# mv centos6-10.cfg centos6-10-dom1.cfg
[root@virt-server config.d]# ls
centos6-10-dom1.cfg
[root@virt-server config.d]# cp centos6-10-dom1.cfg centos6-10-dom2.cfg
[root@virt-server config.d]# ls
centos6-10-dom1.cfg centos6-10-dom2.cfg
[root@virt-server config.d]# cd ../images/
[root@virt-server images]# ls
CentOS6-10-4dom1.img
[root@virt-server images]# cp CentOS6-10-4dom1.img CentOS6-10-4dom2.img
[root@virt-server images]# ls
CentOS6-10-4dom1.img CentOS6-10-4dom2.img
然后修改相应的配置文件
[root@virt-server images]# cat ../config.d/centos6-10-dom1.cfg
builder = "hvm"
name = "centos6-dom1"
memory = 1024
vcpus = 1
#kernel = "/xen/Kernel/centos6.10/vmlinuz"
#ramdisk = "/xen/Kernel/centos6.10/initrd.img"
bootloader = "pygrub"
vif = [ 'mac=00:16:3e:00:00:01,bridge=xenbr0' ]
disk = [ '/xen/images/CentOS6-10-4dom1.img,qcow2,xvda' ]
boot = [ 'c' ]
vnc = 1
vnclisten = "0.0.0.0"
vncdisplay = 0
vncpasswd = "supersecret"
[root@virt-server images]# cat ../config.d/centos6-10-dom2.cfg
builder = "hvm"
name = "centos6-dom2"
memory = 1024
vcpus = 1
#kernel = "/xen/Kernel/centos6.10/vmlinuz"
#ramdisk = "/xen/Kernel/centos6.10/initrd.img"
bootloader = "pygrub"
vif = [ 'mac=00:16:3e:00:00:02,bridge=xenbr0' ]
disk = [ '/xen/images/CentOS6-10-4dom2.img,qcow2,xvda' ]
boot = [ 'c' ]
vnc = 1
vnclisten = "0.0.0.0"
vncdisplay = 1
vncpasswd = "supersecret"
接着为它们创建虚拟网桥
[root@virt-server images]# brctl addbr xenbr0
[root@virt-server images]# brctl show
bridge name bridge id STP enabled interfaces
xenbr0 8000.000000000000 no
[root@virt-server images]# ip link show xenbr0
12: xenbr0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 0a:a3:d1:07:6b:a4 brd ff:ff:ff:ff:ff:ff
[root@virt-server images]# ip link set xenbr0 up
[root@virt-server images]# ip link show xenbr0
12: xenbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/ether 0a:a3:d1:07:6b:a4 brd ff:ff:ff:ff:ff:ff
接下来证明:1)网桥不添加地址是完全没问题的;2)不把物理网卡桥接上去,它就不具备访问外网的能力,即所谓的隔离模型。
接下来创建虚拟实例
[root@virt-server images]# xl create /xen/config.d/centos6-10-dom1.cfg
Parsing config from /xen/config.d/centos6-10-dom1.cfg
/xen/config.d/centos6-10-dom1.cfg:10: warning: parameter `boot' is a list but should be a single value
[root@virt-server images]# xl create /xen/config.d/centos6-10-dom2.cfg
Parsing config from /xen/config.d/centos6-10-dom2.cfg
/xen/config.d/centos6-10-dom2.cfg:10: warning: parameter `boot' is a list but should be a single value
[root@virt-server images]# xl list
Name ID Mem VCPUs State Time(s)
Domain-0 0 1022 2 r----- 66.4
centos6-dom1 1 1024 1 -b---- 26.2
centos6-dom2 2 1024 1 r----- 0.4
[root@virt-server images]# netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 1311/qemu-system-i3
tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 1454/qemu-system-i3
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 996/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1131/master
tcp6 0 0 :::22 :::* LISTEN 996/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1131/master
可知一个端口号为5900,一个为5901,接下来通过VNC连接上去
可知它没有获取到地址,这是因为网桥和物理网卡并不是相通的,所以它根本到不了路由器,所以它就获取不到地址。
这时我们给5900指定一个IP地址,其实只要5900和5901在同一个网段内,它们之间就可以互相通信了
现在就是可以互相访问的了,即这个隔离模型的内网是通的(只要两个虚拟机在同一网段内)
而它们和外网是不通的
和宿主机不通(和外网网关肯定也是不通的),即从宿主机中也无法访问两个虚拟机、虚拟实例的内网网段,这就是隔离模型(即使设置在同一网段内也是不通的)
实现桥接模型
要实现桥接模型,首先需要将虚拟机的IP地址改成要和宿主机位于同一网段,这样才符合桥接原理。
然后把物理网卡的地址拆掉,并将该地址附在网桥上。
[root@virt-server ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.245.131 netmask 255.255.255.0 broadcast 192.168.245.255
inet6 fe80::20c:29ff:fe28:bf21 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:28:bf:21 txqueuelen 1000 (Ethernet)
RX packets 17300 bytes 1114836 (1.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 23350 bytes 2631490 (2.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vif1.0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fcff:ffff:feff:ffff prefixlen 64 scopeid 0x20<link>
ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet)
RX packets 21 bytes 2996 (2.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 35 bytes 2726 (2.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vif1.0-emu: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fcff:ffff:feff:ffff prefixlen 64 scopeid 0x20<link>
ether fe:ff:ff:ff:ff:ff txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 42 bytes 4768 (4.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vif2.0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fcff:ffff:feff:ffff prefixlen 64 scopeid 0x20<link>
ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet)
RX packets 15 bytes 1028 (1.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 27 bytes 2118 (2.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vif2.0-emu: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fcff:ffff:feff:ffff prefixlen 64 scopeid 0x20<link>
ether fe:ff:ff:ff:ff:ff txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 26 bytes 1928 (1.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
xenbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::2e:2cff:fe58:6fc0 prefixlen 64 scopeid 0x20<link>
ether fe:ff:ff:ff:ff:ff txqueuelen 1000 (Ethernet)
RX packets 19 bytes 2764 (2.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 17 bytes 1318 (1.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@virt-server ~]# ifconfig eth0 0;ifconfig xenbr0 192.168.245.131/24 up;brctl addif xenbr0 eth0
[root@virt-server ~]# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::20c:29ff:fe28:bf21 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:28:bf:21 txqueuelen 1000 (Ethernet)
RX packets 18450 bytes 1193658 (1.1 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 25155 bytes 2768122 (2.6 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vif1.0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fcff:ffff:feff:ffff prefixlen 64 scopeid 0x20<link>
ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet)
RX packets 21 bytes 2996 (2.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 40 bytes 3634 (3.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vif1.0-emu: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fcff:ffff:feff:ffff prefixlen 64 scopeid 0x20<link>
ether fe:ff:ff:ff:ff:ff txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 48 bytes 5746 (5.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vif2.0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fcff:ffff:feff:ffff prefixlen 64 scopeid 0x20<link>
ether fe:ff:ff:ff:ff:ff txqueuelen 32 (Ethernet)
RX packets 15 bytes 1028 (1.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 33 bytes 3096 (3.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vif2.0-emu: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fcff:ffff:feff:ffff prefixlen 64 scopeid 0x20<link>
ether fe:ff:ff:ff:ff:ff txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 31 bytes 2836 (2.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
xenbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.245.131 netmask 255.255.255.0 broadcast 192.168.245.255
inet6 fe80::2e:2cff:fe58:6fc0 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:28:bf:21 txqueuelen 1000 (Ethernet)
RX packets 77 bytes 6436 (6.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 99 bytes 9718 (9.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@virt-server ~]# brctl show
bridge name bridge id STP enabled interfaces
xenbr0 8000.000c2928bf21 no eth0
vif1.0
vif1.0-emu
vif2.0
vif2.0-emu
这时两个虚拟机和宿主机就是通的了
也就是对于我们的物理网桥,只要把它搭上去了,就是通的了,这时和路由器也是通的(192.168.245.2)
但此时和外网还是不通的,需要加默认路由
这时就和外网通了
扫一扫
763
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
