Background: My First KVM Routed Network
My first KVM routed network configuration was in late 2017 when I was a community member of Komodo. There was a lot of moving parts and I was new – and as I learned one aspect of Komodo I didn’t want it to blow up in my face and stop progress in another part. I was at a crossroads in my career and not in front of a powerful machine a lot of the time. I worked at a fantastic organic health food store part-time to make ends meet whilst I delved into blockchain tech.
This is how I came across some dude’s website about KVM configurations – it seemed to be the only site which was clear…on the whole internet! Hopefully this quick note plus “Jamie’s” site make things clearer. Doing a search for “jamie linux kvm networking” and you see the results. I visited his notes enough to remember his name 🙂
KVM Routed Network Cheatsheet
- ssh to host
- become root and create a bridge interface for your public addresses to be advertised on the host and then routed to the guest (if in doubt, refer to Jamie’s website for clearer instructions)
- download your iso (e.g. ubuntu-16.04-5)
- Create the virtual machine and start it with VNC
virt-install --name erc20bridge --ram 4096 --disk path=/var/lib/libvirt/images/erc20bridge.img,bus=virtio,size=300 --cdrom /opt/ubuntu-16.04.5-server-amd64.iso --network network=default,model=virtio --graphics vnc,listen=0.0.0.0,password=protectme --vcpus 4 --noautoconsole -v
- log out OR ssh tunnel your vnc connection
ssh -L5900:localhost:5900 user@kvmhost
- Finish the install VNC as if you were in front of the machine
After it shuts down, remove the vnc config from your guest configuration. Firstly dump the definition of your guest, modify the XML definition, then redefine it with the host. (keep an original file in case of errors).
virsh dumpxml erc20bridge > erc20bridge.orig cp erc20bridge.orig erc20bridge vi erc20bridge
<graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'> <listen type='address' address='0.0.0.0'/> </graphics>
- Whilst we are still editing the machine definition, let’s define a new network interface which will have the public ip for our routed network.
<interface type='network'> <mac address='This has a mac address, and this type/network xml element already exists'/> <source network='default'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> <interface type='bridge'> <source bridge='virbr10'/> <target dev='vnetXXX'/> <model type='virtio' /> </interface>
vnetXXX on my systems is an odd number. e.g. vnet1, vnet3, vnet5 because each guest has two interfaces. The first interface is internal KVM NAT network, the second is the one used for the KVM Routed Network.
- You then want to boot up the guest and make sure the NAT network is ok and that if you run ifconfig on the host there are no conflicts and both guest network cards are shown. vnetX and vnetX+1
- ssh to the guest using it’s internal address, something like ssh firstname.lastname@example.org.XXX will get you in. And then make a definition for the second network card in /etc/network/interfaces
# The secondary network interface auto ens7 iface ens7 inet static address <EXTERNAL IP> netmask 255.255.255.224 gateway <HOST EXTERNAL IP> pointtopoint <HOST EXTERNAL IP>
- Reboot the guest.
- On the host, configure the firewall (iptables) and routing (ip r)
root@host ~ # iptables -A FORWARD -d GUEST_EXTERN_IP/32 -o virbr10 -j ACCEPT root@host ~ # iptables -A FORWARD -s GUEST_EXTERN_IP/32 -i virbr10 -j ACCEPT root@host ~ # ip r add GUEST_EXTERN_IP/32 dev virbr10
- To make this routing permanent on the host on reboots, add to the host networking configs (again refer to Jamie’s website for details)
#KVM bridge stuff for custom routed network auto virbr10-dummy iface virbr10-dummy inet manual pre-up /sbin/ip link add virbr10-dummy type dummy up /sbin/ip link set virbr10-dummy address 52:54:00:da:ba:5e auto virbr10 iface virbr10 inet static #make sure bridge-utils is installed! bridge_ports virbr10-dummy bridge_stp on bridge_fd 2 address HOST_EXTERN_IP netmask 255.255.255.224 up route add -host GUEST_EXTERN_IP_1/32 dev virbr10 up route add -host GUEST_EXTERN_IP_2/32 dev virbr10
- Make your guest come up on host machine reboots
virsh autostart erc20bridge
Next step, Use existing work in new servers
So once you can ssh to your guest from anywhere in the world, you can start to build komodo from source on one machine, use another machine for playing around with docker images and smart contracts or even running through some preparation to become a Komodo Notary Node etc. About as limitless as crypto conditions utxo based smart contracts!
All the best!
at the moment i contribute to the komodo platform where we believe in lowering the barrier to blockchain adoption through an ethos of openness, interoperability and freedom.
hopefully these bits find an appreciative person enlightening themselves with the skills and tools to get stuff done. i love not working, but if there’s pioneering or (re)imagination involved i enjoy working with good people possessing prosperous intentions and champion spirits.