Re: [libvirt] Network definition questions
On 03/28/2013 03:22 PM, Laine Stump wrote:
On 03/27/2013 04:00 PM, Gene Czarcinski wrote:
> If an IPv4 address is *not* specified, then the IPv4 network is
> isolated and, by default, internal (internal to the specific
> interface) IPv4 routing is enabled..
Define "enable IPv4 routing"
ipv4 forwarding is not explicitly enabled in this case, but guests
connected to the bridge can talk to each other.
> If an IPv6 address is *not* specified, then the IPv6 network is
> isolated and, by default, internal IPv6 routing is disabled but can be
> enabled if ipv6='yes' is specified on <network>.
Correct (but you knew this better than me :-)
> If an IPv6 address is specified, then it is routed.
Define "routed". If there is no <forward> element, then rules are added
to reject any traffic that tries to be forwarded beyond the bridge, or
forwarded into the bridge from outside. However, IPv6 traffic between
interfaces directly connected to the bridge (i.e. the guests) and the
bridge itself is allowed.
> If an IPv4 address is specified, then it can be
> Network-Address-Translated or routed. Not having a <forward>
> explicitly specified does not mean that a route is not established.
Do you mean the direct route for the bridge's own subnet? If there is no
<forward>, then the rules added by networkAddGeneralIptablesRules will
be in effect - aside from allowing receive of dhcp, dns, and possibly
tftp to the host from guests (and ignoring inter-guest traffic), these
rules will reject attempts to forward into or out of the bridge.
>
> Do I understand thing correctly?
>
Not sure. Did what I said match up with what you understand? :-)
OK, I was working on the virtual network support in virt-manager when I
realized that I was not sure I understood what the forwarding/routing
rules were. I needed this so I could accurately display just what IPv4
and IPv6 routing was enabled on a network (interface). Based on more
thinking and what you said above, let me try again.
Isolated-1: *no* address specified
IPv4 - internal routing between guests is enabled.
IPv6 - internal routing between guests is enabled only if
ipv6='yes' is specified
Isolated-2: address specified but no <forward>
IPv4 - internal routing between guests and between guests and
virtualization host
IPv6 - internal routing between guests and between guests and
virtualization host
Also - dnsmasq used for DNS service for each address specified
Opt - dhcp for either or both addresses
Routed-1 - address specified, <forward> with NAT
IPv4 - forwarded with Network Address Translation
IPv6 - forward-routed with no restrictions
Also - dnsmasq used for DNS service for each address specified
Opt - dhcp for either or both addresses
Routed-2 - address specified, <forward> with route specified
IPv4 - forward-routed with no restrictions
IPv6 - forward-routed with no restrictions
Also - dnsmasq used for DNS service for each address specified
Opt - dhcp for either or both addresses
So, if IPv6 is to be forwarded then there must be a <forward> in the
definition.
It also appears that there is no way to specify forwarding for only IPv4
or IPv6 is each has an address specified.
Gene