Background: My First KVM Routed Network
My first KVM routed network configuration was in late 2017 when I was a community member of Komodo. There was a lot of moving parts and I was new – and as I learned one aspect of Komodo I didn’t want it to blow up in my face and stop progress in another part. I was at a crossroads in my career and not in front of a powerful machine a lot of the time. I worked at a fantastic organic health food store part-time to make ends meet whilst I delved into blockchain tech.
This is how I came across some dude’s website about KVM configurations – it seemed to be the only site which was clear…on the whole internet! Hopefully this quick note plus “Jamie’s” site make things clearer. Doing a search for “jamie linux kvm networking” and you see the results. I visited his notes enough to remember his name 🙂
KVM Routed Network Cheatsheet
- ssh to host
- become root and create a bridge interface for your public addresses to be advertised on the host and then routed to the guest (if in doubt, refer to Jamie’s website for clearer instructions)
- download your iso (e.g. ubuntu-16.04-5)
- Create the virtual machine and start it with VNC
virt-install --name erc20bridge --ram 4096 --disk path=/var/lib/libvirt/images/erc20bridge.img,bus=virtio,size=300 --cdrom /opt/ubuntu-16.04.5-server-amd64.iso --network network=default,model=virtio --graphics vnc,listen=0.0.0.0,password=protectme --vcpus 4 --noautoconsole -v
- log out OR ssh tunnel your vnc connection
ssh -L5900:localhost:5900 user@kvmhost
- Finish the install VNC as if you were in front of the machine
- After it shuts down, remove the vnc config from your guest configuration. Firstly dump the definition of your guest, modify the XML definition, then redefine it with the host. (keep an original file in case of errors).
virsh dumpxml erc20bridge > erc20bridge.orig cp erc20bridge.orig erc20bridge vi erc20bridge
<graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'> <listen type='address' address='0.0.0.0'/> </graphics>
- Whilst we are still editing the machine definition, let’s define a new network interface which will have the public ip for our routed network.
From 1 card: <interface type='network'> <mac address='52:54:00:d9:68:1d'/> <source network='default'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> To 2 cards (slot 3 & slot 7): <interface type='network'> <mac address='52:54:00:d9:68:1d'/> <source network='default'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> <interface type='bridge'> <mac address='52:54:00:55:f6:89'/> <source bridge='virbr10'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/> </interface>
vnetXXX on my systems is an odd number. e.g. vnet1, vnet3, vnet5 because each guest has two interfaces. The first interface is internal KVM NAT network, the second is the one used for the KVM Routed Network. * You then want to boot up the guest and make sure the NAT network is ok and that if you run ifconfig on the host there are no conflicts and both guest network cards are shown. vnetX and vnetX+1 * ssh to the guest using internal address, something like ssh email@example.com.XXX will get you in. And then make a definition for the second network card in /etc/network/interfaces # The secondary network interface * Reboot the guest. * On the host, configure the firewall (iptables) and routing (ip r) <pre class="p1">root@host ~ #
iptables -A FORWARD -d GUEST_EXTERN_IP/32 -o virbr10 -j ACCEPT root@host iptables -A FORWARD -s GUEST_EXTERN_IP/32 -i virbr10 -j ACCEPT root@host ip r add GUEST_EXTERN_IP/32 dev virbr10
* To make this routing permanent on the host on reboots, add to the host networking configs (again refer to Jamie’s website for details) <pre class="p1"><span class="s1">#KVM bridge stuff for custom routed network</span>
auto virbr10-dummy iface virbr10-dummy inet manual pre-up /sbin/ip link add virbr10-dummy type dummy up /sbin/ip link set virbr10-dummy address 52:54:00:da:ba:5e
auto virbr10 iface virbr10 inet static #make sure bridge-utils is installed! bridge_ports virbr10-dummy bridge_stp on bridge_fd 2 address HOST_EXTERN_IP netmask 255.255.255.224 up route add -host GUEST_EXTERN_IP_1/32 dev virbr10 up route add -host GUEST_EXTERN_IP_2/32 dev virbr10 </pre>
* Make your guest come up on host machine reboots <pre class="p1"><span class="s1">virsh </span><span class="s2">autostart erc20bridge </span></pre></ol> ## Next step, Use existing work in new servers So once you can ssh to your guest from anywhere in the world, you can start to [build komodo from source](https://i.mylomylo.com/build-komodo-source/) on one machine, use another machine for playing around with [docker images and smart contracts](https://i.mylomylo.com/pre-alpha-komodo-utxo-smart-contracts/) or even running through some [preparation to become a Komodo Notary Node](https://i.mylomylo.com/preparing-komodo-platform-node/) etc. About as limitless as crypto conditions utxo based smart contracts! All the best!