inquiry about differences between the tap and the vnet in the virt-manager


Greetings!

I encounter a problem about the network when using virt-manager to create and run a VM.

when I want to establish a network bridge for the guest OS, I generally use two kinds of ways described as fellow :

First method :          create a bridge with the help of linux commad: brctl, or

Second method :    using virt-manager

(1) create a bridge with the help of linux commad: brctl

I use a script to establish a bridge, there are many script examples on the web to establish a bridge. when I restart the network service, I get the bridge :

1.1 create network bridge

[root@localhost ~]# ifconfig

br0       Link encap:Ethernet  HWaddr C2:CD:89:61:2C:F0 

          inet addr:192.168.1.189  Bcast:192.168.1.255  Mask:255.255.255.0

          inet6 addr: fe80::c0cd:89ff:fe61:2cf0/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:16 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:0 (0.0 b)  TX bytes:1080 (1.0 KiB)

eth2      Link encap:Ethernet  HWaddr 00:25:90:8E:C0:F0 

          inet addr:172.16.1.189  Bcast:172.16.255.255  Mask:255.255.0.0

          inet6 addr: fe80::225:90ff:fe8e:c0f0/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:918998 errors:0 dropped:0 overruns:0 frame:0

          TX packets:2033 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:84486598 (80.5 MiB)  TX bytes:148116 (144.6 KiB)

          Memory:fbe20000-fbe3ffff

[root@localhost ~]# brctl show

bridge name    bridge id                               STP enabled              interfaces

br0                 8000.0025908ec0f0         no             

virbr0                 8000.525400b1de42        yes                               virbr0-nic

1.2 add bridge interface

the eth2 device is a physical ethernet device,

[root@localhost ~]# brctl addif br0 eth2

[root@localhost ~]# brctl show

bridge name    bridge id                               STP enabled     interfaces

br0                     8000.0025908ec0f0         no                       eth2

virbr0                 8000.525400b1de42        yes                     virbr0-nic

1.3 create tap and add it to the bridge

create tap:

tunctl -t tap0 -u root

brctl addif br0 tap0

ifconfig tap0 up

chmod a+rw /dev/net/tun

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A POSTROUTING -j MASQUERADE

add it to the bridge

[root@localhost ~]# brctl addif br0 tap0

[root@localhost ~]# brctl show

bridge name    bridge id                               STP enabled     interfaces

br0                     8000.0025908ec0f0         no                       eth2

                                                                                                      tap0

virbr0                 8000.525400b1de42        yes                     virbr0-nic

[root@localhost kvm_img]# ifconfig

br0       Link encap:Ethernet  HWaddr 00:25:90:8E:C0:F0 

          inet addr:172.16.1.189  Bcast:172.16.255.255  Mask:255.255.0.0

          inet6 addr: fe80::c0cd:89ff:fe61:2cf0/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:37947 errors:0 dropped:0 overruns:0 frame:0

          TX packets:10485 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:2581300 (2.4 MiB)  TX bytes:40996927 (39.0 MiB)

eth2      Link encap:Ethernet  HWaddr 00:25:90:8E:C0:F0 

          inet6 addr: fe80::225:90ff:fe8e:c0f0/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:957962 errors:0 dropped:34 overruns:0 frame:0

          TX packets:38466 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:87721507 (83.6 MiB)  TX bytes:42551007 (40.5 MiB)

          Memory:fbe20000-fbe3ffff

tap0      Link encap:Ethernet  HWaddr F2:55:FC:F8:95:DC 

          inet6 addr: fe80::f055:fcff:fef8:95dc/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:11 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1328 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:500

          RX bytes:846 (846.0 b)  TX bytes:173159 (169.1 KiB)

 

1.4 boot the guest (using the tap0)

kvm -boot c -localtime -m 4G -hda /home/kvm_img/centos6p4.img -net nic -net tap,ifname=tap0,script=no -enable-kvm

(2) using virt-manager

2.1 create network bridge

[root@localhost ~]# ifconfig

br0       Link encap:Ethernet  HWaddr C2:CD:89:61:2C:F0 

          inet addr:192.168.1.189  Bcast:192.168.1.255  Mask:255.255.255.0

          inet6 addr: fe80::c0cd:89ff:fe61:2cf0/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:16 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:0 (0.0 b)  TX bytes:1080 (1.0 KiB)

eth2      Link encap:Ethernet  HWaddr 00:25:90:8E:C0:F0 

          inet addr:172.16.1.189  Bcast:172.16.255.255  Mask:255.255.0.0

          inet6 addr: fe80::225:90ff:fe8e:c0f0/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:918998 errors:0 dropped:0 overruns:0 frame:0

          TX packets:2033 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:84486598 (80.5 MiB)  TX bytes:148116 (144.6 KiB)

          Memory:fbe20000-fbe3ffff

[root@localhost ~]# brctl show

bridge name    bridge id                               STP enabled              interfaces

br0                 8000.0025908ec0f0             no             

virbr0                 8000.525400b1de42        yes                               virbr0-nic

2.2 add bridge interface

the eth2 device is a physical ethernet device,

[root@localhost ~]# brctl addif br0 eth2

[root@localhost ~]# brctl show

bridge name    bridge id                               STP enabled     interfaces

br0                     8000.0025908ec0f0         no                       eth2

virbr0                 8000.525400b1de42        yes                     virbr0-nic

2.3 run the virt-manager and select the NIC option

I find the bridge created above , configure it as fellow :

in "Virtual Network Interface " setting:

Source device:         Host device tap0 (bridge br0)

Device model:         e1000

Mac address:                    52:54:00:84:E3:62

2.4 I start the VM using virt-manager

I get a vnet0 device created by virt-manager,

[root@localhost ~]# ifconfig

br0       Link encap:Ethernet  HWaddr 00:25:90:8E:C0:F0 

          inet addr:172.16.1.189  Bcast:172.16.255.255  Mask:255.255.0.0

          inet6 addr: fe80::c0cd:89ff:fe61:2cf0/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:62160 errors:0 dropped:1 overruns:0 frame:0

          TX packets:22071 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:4007196 (3.8 MiB)  TX bytes:59626981 (56.8 MiB)

eth2      Link encap:Ethernet  HWaddr 00:25:90:8E:C0:F0 

          inet6 addr: fe80::225:90ff:fe8e:c0f0/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:982209 errors:0 dropped:47 overruns:0 frame:0

          TX packets:61101 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:89496644 (85.3 MiB)  TX bytes:61778801 (58.9 MiB)

          Memory:fbe20000-fbe3ffff

vnet0     Link encap:Ethernet  HWaddr FE:54:00:84:E3:62 

          inet6 addr: fe80::fc54:ff:fe84:e362/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:5 errors:0 dropped:0 overruns:0 frame:0

          TX packets:114 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:500

          RX bytes:670 (670.0 b)  TX bytes:13720 (13.3 KiB)

 

both of the methods above seems that the network of guest OS is OK at most of environments, and I can get the attributes of the virtual network device . They are seemed to be the same.

about the tap0

[root@localhost ~]# ethtool -i tap0

driver: tun

version: 1.6

firmware-version:

bus-info: tap

supports-statistics: no

supports-test: no

supports-eeprom-access: no

supports-register-dump: no

supports-priv-flags: no

about the vnet0 created by virt-manager :

[root@localhost ~]# ethtool -i vnet0

driver: tun

version: 1.6

firmware-version:

bus-info: tap

supports-statistics: no

supports-test: no

supports-eeprom-access: no

supports-register-dump: no

supports-priv-flags: no

but the action between tap and vnet is not exactly the sameI will describe it in the following.

this is my project environment:

hardware : intel xeon E5 2600 server from supermicro

host OS: centos 6.4 (kernel version is changed to 3.15.10 by me)

virtual software : KVM+qemu 2.1.3

guest OS: centos 6.4 (kernel is not changed : 2.6.32 64bit)

 

when I establish the network by the first method: create a bridge with the help of Linux commad: brctl, tap0 device is created in the host and assigned to the guest OS. tap0 device gets a name “eth0” in the guest OS.

I use “ping ” command to test network state . I get the following result :

concept explanation :

local host: the OS where the guest OS is running

remote host: another server which is connected to the local host using ethernet network .

and this is my results:

ping local host from guest OS is OK, I get reply from local host;

ping remote host from local host is OK, I get reply from remote host;

ping remote host from guest OS is not OK, I don’t get any reply from remote host; and this is my question.

 

when I establish the network by the second method: using virt-manager, at this time , vnet0 device is created in the host and assigned to the guest OS. vnet0 device gets a name “eth0” in the guest OS.

I also use “ping ” command to test network state . I get the following result :

ping local host from guest OS is OK, I get reply from local host;

ping remote host from local host is OK, I get reply from remote host;

ping remote host from guest OS is OK, I get reply from remote host;

 

my question is :
why I cannot get reply when I ping remote host from guest OS using the first method?

I use the same bridge: br0, so I think that the bridge: br0 is not responsible for the fault. and I have also stop the firewall .

I guess the reason is that there are some differences between the tap device created by linux command and vnet device created by virt-manager. could you please kindly give my some advices to solve the problem ?

 

I would be grateful if you could give me some advice . look forward to your reply !

weihua

wh.h@foxmail.com