867 lines
559 KiB
HTML
867 lines
559 KiB
HTML
|
<!DOCTYPE html>
|
|||
|
<html><head><title>4. KVM 网络配置</title><meta charSet="utf-8"/><meta name="viewport" content="width=device-width, initial-scale=1.0"/><meta property="og:title" content="4. KVM 网络配置"/><meta property="og:description" content="本文详细介绍了KVM虚拟化环境中的网络配置,包括NAT、桥接、内部和仅主机网络的设置方法,以及如何使用NetworkManager和virsh工具进行网络管理、监控和故障排查。."/><meta property="og:image" content="https://wiki.7wate.com/static/og-image.png"/><meta property="og:width" content="1200"/><meta property="og:height" content="675"/><link rel="icon" href="../../../../static/icon.png"/><meta name="description" content="本文详细介绍了KVM虚拟化环境中的网络配置,包括NAT、桥接、内部和仅主机网络的设置方法,以及如何使用NetworkManager和virsh工具进行网络管理、监控和故障排查。."/><meta name="generator" content="Quartz"/><link rel="preconnect" href="https://fonts.googleapis.com"/><link rel="preconnect" href="https://fonts.gstatic.com"/><script async src="https://umami.7wate.com/script.js" data-website-id="c061efdc-95dd-4d21-9d04-a1ffda0a85b9"></script><script>
|
|||
|
var _hmt = _hmt || [];
|
|||
|
(function() {
|
|||
|
var hm = document.createElement("script");
|
|||
|
hm.src = "https://hm.baidu.com/hm.js?94d8ccb156eb7c65abf317e6e01cdba9";
|
|||
|
var s = document.getElementsByTagName("script")[0];
|
|||
|
s.parentNode.insertBefore(hm, s);
|
|||
|
})();
|
|||
|
</script><script async src="https://www.googletagmanager.com/gtag/js?id=G-MHMEL0F832"></script><script>
|
|||
|
(function() {
|
|||
|
window.dataLayer = window.dataLayer || [];
|
|||
|
function gtag() {
|
|||
|
window.dataLayer.push(arguments);
|
|||
|
}
|
|||
|
gtag('js', new Date());
|
|||
|
gtag('config', 'G-MHMEL0F832');
|
|||
|
})();
|
|||
|
</script><link href="../../../../index.css" rel="stylesheet" type="text/css" spa-preserve/><link href="https://cdn.jsdelivr.net/npm/katex@0.16.0/dist/katex.min.css" rel="stylesheet" type="text/css" spa-preserve/><link href="https://fonts.googleapis.com/css2?family=IBM Plex Mono&family=Schibsted Grotesk:wght@400;700&family=Source Sans Pro:ital,wght@0,400;0,600;1,400;1,600&display=swap" rel="stylesheet" type="text/css" spa-preserve/><script src="../../../../prescript.js" type="application/javascript" spa-preserve></script><script type="application/javascript" spa-preserve>const fetchData = fetch(`../../../../static/contentIndex.json`).then(data => data.json())</script></head><body data-slug="Tech/operating-system/Virtualization/2.KVM虚拟化/4.-KVM-网络配置"><div id="quartz-root" class="page"><div id="quartz-body"><div class="left sidebar"><h1 class="page-title "><a href="../../../..">📚 X·Eden</a></h1><div class="spacer mobile-only"></div><div class="search "><div id="search-icon"><p>Search</p><div></div><svg tabIndex="0" aria-labelledby="title desc" role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 19.9 19.7"><title id="title">Search</title><desc id="desc">Search</desc><g class="search-path" fill="none"><path stroke-linecap="square" d="M18.5 18.3l-5.4-5.4"></path><circle cx="8" cy="8" r="7"></circle></g></svg></div><div id="search-container"><div id="search-space"><input autocomplete="off" id="search-bar" name="search" type="text" aria-label="Search for something" placeholder="Search for something"/><div id="results-container"></div></div></div></div><div class="darkmode "><input class="toggle" id="darkmode-toggle" type="checkbox" tabIndex="-1"/><label id="toggle-label-light" for="darkmode-toggle" tabIndex="-1"><svg xmlns="http://www.w3.org/2000/svg" xmlnsXlink="http://www.w3.org/1999/xlink" version="1.1" id="dayIcon" x="0px" y="0px" viewBox="0 0 35 35" style="enable-background:new 0 0 35 35;" xmlSpace="preserve"><title>Light mode</title><path d="M6,17.5C6,16.672,5.328,16,4.5,16h-3C0.672,16,0,16.672,0,17.5 S0.672,19,1.5,19h3C5.328,19,6,18.328,6,17.5z M7.5,26c-0.414,0-0.789,0.168-1.061,0.439l-2,2C4.168,28.711,4,29.086,4,29.5 C4,30.328,4.671,31,5.5,31c0.414,0,0.789-0.168,1.06-0.44l2-2C8.832,28.289,9,27.914,9,27.5C9,26.672,8.329,26,7.5,26z M17.5,6 C18.329,6,19,5.328,19,4.5v-3C19,0.672,18.329,0,17.5,0S16,0.672,16,1.5v3C16,5.328,16.671,6,17.5,6z M27.5,9 c0.414,0,0.789-0.168,1.06-0.439l2-2C30.832,6.289,31,5.914,31,5.5C31,4.672,30.329,4,29.5,4c-0.414,0-0.789,0.168-1.061,0.44 l-2,2C26.168,6.711,26,7.086,26,7.5C26,8.328,26.671,9,27.5,9z M6.439,8.561C6.711,8.832,7.086,9,7.5,9C8.328,9,9,8.328,9,7.5 c0-0.414-0.168-0.789-0.439-1.061l-2-2C6.289,4.168,5.914,4,5.5,4C4.672,4,4,4.672,4,5.5c0,0.414,0.168,0.789,0.439,1.06 L6.439,8.561z M33.5,16h-3c-0.828,0-1.5,0.672-1.5,1.5s0.672,1.5,1.5,1.5h3c0.828,0,1.5-0.672,1.5-1.5S34.328,16,33.5,16z M28.561,26.439C28.289,26.168,27.914,26,27.5,26c-0.828,0-1.5,0.672-1.5,1.5c0,0.414,0.168,0.789,0.439,1.06l2,2 C28.711,30.832,29.086,31,29.5,31c0.828,0,1.5-0.672,1.5-1.5c0-0.414-0.168-0.789-0.439-1.061L28.561,26.439z M17.5,29 c-0.829,0-1.5,0.672-1.5,1.5v3c0,0.828,0.671,1.5,1.5,1.5s1.5-0.672,1.5-1.5v-3C19,29.672,18.329,29,17.5,29z M17.5,7 C11.71,7,7,11.71,7,17.5S11.71,28,17.5,28S28,23.29,28,17.5S23.29,7,17.5,7z M17.5,25c-4.136,0-7.5-3.364-7.5-7.5 c0-4.136,3.364-7.5,7.5-7.5c4.136,0,7.5,3.364,7.5,7.5C25,21.636,21.636,25,17.5,25z"></path></svg></label><label id="toggle-label-dark" for="darkmode-toggle" tabIndex="-1"><svg xmlns="http://www.w3.org/2000/svg" xmlnsXlink="http://www.w3.org/1999/xlink" version="1.1" id="nightIcon" x="0px" y="0px" viewBox="0 0 100 100" style="enable-background='new 0 0 100 100'" xmlSpace="preserve"><title>Dark mode</title><path d="M96.76,66.458c-0.853-0.852-2.15-1.064-3.23-0.534c-6.063,2.991-12.858,4.571-19.655,4.571 C62.022,70.495,50.88,65.88,42.5,57.5C29.043,44.043,25.658,23.536,34.076,6.47c0.532-1.08,0.318-2.379-0.534-3.23 c-0.851-0.852-2.15-1.064-3.23-0.534c-4.918,2.427-9.375,5.619-13.246,9.491c-9.447,9.447
|
|||
|
<p>KVM(Kernel-based Virtual Machine)网络是指在 KVM 虚拟化环境中,为虚拟机提供的网络连接和通信机制。通过 KVM 网络,虚拟机可以与其他虚拟机、宿主机以及外部网络进行通信。</p>
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
<table><thead><tr><th><strong>网络类型</strong></th><th><strong>描述</strong></th><th><strong>优点</strong></th><th><strong>缺点</strong></th><th><strong>适用场景</strong></th></tr></thead><tbody><tr><td>NAT 网络</td><td>虚拟机通过宿主机的网络接口与外部通信,IP 地址被隐藏。</td><td>配置简单,适合需要外部通信的虚拟机。</td><td>虚拟机间通信需额外配置,网络性能可能受限。</td><td>适合不需外部访问但需访问外网的虚拟机。</td></tr><tr><td>桥接网络</td><td>虚拟机直接连接物理网络接口,拥有独立 IP 地址,可直接与其他设备通信。</td><td>与物理网络无缝集成,适合需外部访问的虚拟机。</td><td>配置较复杂,需适当配置物理网络接口。</td><td>适合需要直接对外提供服务的虚拟机。</td></tr><tr><td>内部网络</td><td>仅允许虚拟机之间的通信,不与宿主机或外部网络通信。</td><td>提供隔离网络,适合测试和开发。</td><td>虚拟机无法与外部网络通信。</td><td>适合需要隔离的测试和开发环境。</td></tr><tr><td>仅主机网络</td><td>允许虚拟机与宿主机通信,但不与外部网络通信。</td><td>简单隔离,适合虚拟机与宿主机通信。</td><td>虚拟机无法与外部网络通信。</td><td>适合虚拟机与宿主机需要频繁交互的场景。</td></tr></tbody></table>
|
|||
|
<h2 id="kvm-网络安装与准备">KVM 网络安装与准备<a aria-hidden="true" tabindex="-1" href="#kvm-网络安装与准备" class="internal"> §</a></h2>
|
|||
|
<p>你<strong>可以选择使用任意一款网络管理工具</strong>,这里**推荐使用<code>NetworkManager</code>**来管理网络桥接。</p>
|
|||
|
<h3 id="安装-networkmanager">安装 NetworkManager<a aria-hidden="true" tabindex="-1" href="#安装-networkmanager" class="internal"> §</a></h3>
|
|||
|
<p><strong>非 Fedora/RHEL 系列,需要手动安装 NetworkManager</strong>,并配置 NetworkManager 接管网络。</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-comment);"># Debian/Ubuntu 系列</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">apt-get</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">update</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">apt-get</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">install</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-y</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">network-manager</span></span></code></pre></div>
|
|||
|
<h3 id="配置系统网络支持">配置系统网络支持<a aria-hidden="true" tabindex="-1" href="#配置系统网络支持" class="internal"> §</a></h3>
|
|||
|
<ol>
|
|||
|
<li>
|
|||
|
<p><strong>启用 NetworkManager</strong></p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-comment);"># 启动并启用 NetworkManager 服务</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">systemctl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">start</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">NetworkManager</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">systemctl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">enable</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">NetworkManager</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>创建并配置网络桥接</strong></p>
|
|||
|
<p>使用<code>nmcli</code>工具创建一个新的桥接接口。例如,创建名为<code>br0</code>的桥接接口并将现有的以太网接口(假设为<code>eth0</code>)添加到桥接中。</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">nmcli</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">add</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">type</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">bridge</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">autoconnect</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">yes</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">con-name</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">br0</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">ifname</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">br0</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">nmcli</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">add</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">type</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">bridge-slave</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">autoconnect</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">yes</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">con-name</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">br0-slave</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">ifname</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">eth0</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">master</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">br0</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">nmcli</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">modify</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">br0</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">ipv4.method</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">auto</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">nmcli</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">up</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">br0</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>确认桥接网络配置</strong></p>
|
|||
|
<p>使用以下命令确认桥接网络是否正确配置。</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">nmcli</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">show</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">ip</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">a</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>确认内核模块加载情况</strong></p>
|
|||
|
<p>确保KVM相关的内核模块已加载:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">lsmod</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);">|</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">grep</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">kvm</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
</ol>
|
|||
|
<h3 id="示例配置文件">示例配置文件<a aria-hidden="true" tabindex="-1" href="#示例配置文件" class="internal"> §</a></h3>
|
|||
|
<p>对于<code>NetworkManager</code>的配置文件(一般位于<code>/etc/NetworkManager/system-connections/</code>目录下),你可以手动编辑这些文件进行更复杂的配置。例如,编辑<code>br0</code>的配置文件:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="ini" data-theme="default"><code data-language="ini" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);">[connection]</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-keyword);">id=</span><span style="color:var(--shiki-color-text);">br0</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-keyword);">type=</span><span style="color:var(--shiki-color-text);">bridge</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-keyword);">interface-name=</span><span style="color:var(--shiki-color-text);">br0</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-keyword);">autoconnect=</span><span style="color:var(--shiki-color-text);">true</span></span>
|
|||
|
<span data-line> </span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);">[ipv4]</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-keyword);">method=</span><span style="color:var(--shiki-color-text);">auto</span></span>
|
|||
|
<span data-line> </span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);">[ipv6]</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-keyword);">method=</span><span style="color:var(--shiki-color-text);">auto</span></span></code></pre></div>
|
|||
|
<h3 id="其他注意事项">其他注意事项<a aria-hidden="true" tabindex="-1" href="#其他注意事项" class="internal"> §</a></h3>
|
|||
|
<ol>
|
|||
|
<li><strong>防火墙配置</strong>:确保你的防火墙规则允许桥接网络的流量。</li>
|
|||
|
<li><strong>验证桥接网络</strong>:创建一个虚拟机并将其连接到<code>br0</code>桥接网络,验证网络连接是否正常。</li>
|
|||
|
</ol>
|
|||
|
<h2 id="nat-网络">NAT 网络<a aria-hidden="true" tabindex="-1" href="#nat-网络" class="internal"> §</a></h2>
|
|||
|
<p>**KVM 默认会创建一个名为 <code>default</code> 的 NAT 网络。**这个网络通常在安装 libvirt 时自动创建和启用。</p>
|
|||
|
<ol>
|
|||
|
<li>
|
|||
|
<p><strong>检查并启用默认网络</strong>:</p>
|
|||
|
<p>检查 <code>default</code> 网络是否已经存在并启用:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">net-list</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--all</span></span></code></pre></div>
|
|||
|
<p>如果默认网络未启用,可以通过以下命令启用:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">net-start</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">default</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">net-autostart</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">default</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>查看默认网络配置</strong>:</p>
|
|||
|
<p>查看默认网络的详细配置:</p>
|
|||
|
<pre><code>sudo virsh net-dumpxml default
|
|||
|
</code></pre>
|
|||
|
<p>典型的默认网络配置如下:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="xml" data-theme="default"><code data-language="xml" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);"><</span><span style="color:var(--shiki-token-string-expression);">network</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">name</span><span style="color:var(--shiki-color-text);">>default</</span><span style="color:var(--shiki-token-string-expression);">name</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">uuid</span><span style="color:var(--shiki-color-text);">>……</</span><span style="color:var(--shiki-token-string-expression);">uuid</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">forward</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">mode</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'nat'</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">nat</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">port</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">start</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'1024'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">end</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'65535'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </</span><span style="color:var(--shiki-token-string-expression);">nat</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </</span><span style="color:var(--shiki-token-string-expression);">forward</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">bridge</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">name</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'virbr0'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">stp</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'on'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">delay</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">mac</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">address</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'52:54:00:d3:9b:fb'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">ip</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">address</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'192.168.122.1'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">netmask</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'255.255.255.0'</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">dhcp</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">range</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">start</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'192.168.122.2'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">end</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'192.168.122.254'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </</span><span style="color:var(--shiki-token-string-expression);">dhcp</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </</span><span style="color:var(--shiki-token-string-expression);">ip</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"></</span><span style="color:var(--shiki-token-string-expression);">network</span><span style="color:var(--shiki-color-text);">></span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>创建虚拟机</strong>:</p>
|
|||
|
<p>创建一台连接到 <code>default</code> 网络的虚拟机。可以使用 <code>virt-install</code> 命令来完成:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virt-install</span><span style="color:var(--shiki-color-text);"> \</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--name</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">myvm</span><span style="color:var(--shiki-color-text);"> \</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--ram</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">4096</span><span style="color:var(--shiki-color-text);"> \</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--disk</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">path=/var/lib/libvirt/images/myvm_storage.qcow2,size=</span><span style="color:var(--shiki-token-constant);">32</span><span style="color:var(--shiki-color-text);"> \</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--vcpus</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">2</span><span style="color:var(--shiki-color-text);"> \</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--os-type</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">linux</span><span style="color:var(--shiki-color-text);"> \</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--os-variant</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">ubuntu20.04</span><span style="color:var(--shiki-color-text);"> \</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--network</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">network=default</span><span style="color:var(--shiki-color-text);"> \</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--graphics</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">none</span><span style="color:var(--shiki-color-text);"> \</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--console</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">pty,target_type=serial</span><span style="color:var(--shiki-color-text);"> \</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--location</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string-expression);">'https://mirrors.tuna.tsinghua.edu.cn/ubuntu/dists/focal/main/installer-amd64/'</span><span style="color:var(--shiki-color-text);"> \</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--extra-args</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string-expression);">'console=ttyS0,115200n8 serial'</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>验证虚拟机网络连接</strong>:</p>
|
|||
|
<p>登录到虚拟机,并验证其网络连接:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">ping</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-c</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">4</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">8.8</span><span style="color:var(--shiki-token-string);">.8.8</span></span></code></pre></div>
|
|||
|
<p>检查虚拟机是否能够获得 IP 地址:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">ip</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">a</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
</ol>
|
|||
|
<h3 id="virsh-创建自定义-nat-网络"><code>virsh</code> 创建自定义 NAT 网络<a aria-hidden="true" tabindex="-1" href="#virsh-创建自定义-nat-网络" class="internal"> §</a></h3>
|
|||
|
<p>通过 <code>virsh</code> 命令创建自定义 NAT 网络,并配置 DHCP 和 IP 地址范围。</p>
|
|||
|
<ol>
|
|||
|
<li>
|
|||
|
<p><strong>创建网络配置文件</strong>:</p>
|
|||
|
<p>创建一个自定义网络配置文件(如 <code>custom-net.xml</code>):</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="xml" data-theme="default"><code data-language="xml" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);"><</span><span style="color:var(--shiki-token-string-expression);">network</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">name</span><span style="color:var(--shiki-color-text);">>custom-net</</span><span style="color:var(--shiki-token-string-expression);">name</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">forward</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">mode</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'nat'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">bridge</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">name</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'virbr1'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">stp</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'on'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">delay</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">mac</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">address</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'52:54:00:12:34:56'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">ip</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">address</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'192.168.100.1'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">netmask</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'255.255.255.0'</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">dhcp</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">range</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">start</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'192.168.100.2'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">end</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'192.168.100.254'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </</span><span style="color:var(--shiki-token-string-expression);">dhcp</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </</span><span style="color:var(--shiki-token-string-expression);">ip</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"></</span><span style="color:var(--shiki-token-string-expression);">network</span><span style="color:var(--shiki-color-text);">></span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>定义并启动网络</strong>:</p>
|
|||
|
<p>使用 <code>virsh</code> 命令定义并启动该网络:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">net-define</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">custom-net.xml</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">net-start</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">custom-net</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">net-autostart</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">custom-net</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>查看自定义网络状态</strong>:</p>
|
|||
|
<p>确认网络已启用:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">net-list</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--all</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
</ol>
|
|||
|
<p>在上面的 <code>custom-net.xml</code> 文件中,已经定义了 DHCP 范围:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="xml" data-theme="default"><code data-language="xml" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);"><</span><span style="color:var(--shiki-token-string-expression);">ip</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">address</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'192.168.100.1'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">netmask</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'255.255.255.0'</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">dhcp</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">range</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">start</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'192.168.100.2'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">end</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'192.168.100.254'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </</span><span style="color:var(--shiki-token-string-expression);">dhcp</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"></</span><span style="color:var(--shiki-token-string-expression);">ip</span><span style="color:var(--shiki-color-text);">></span></span></code></pre></div>
|
|||
|
<p>此配置表示:</p>
|
|||
|
<ul>
|
|||
|
<li><strong>网关地址</strong>:192.168.100.1</li>
|
|||
|
<li><strong>DHCP 范围</strong>:192.168.100.2 到 192.168.100.254</li>
|
|||
|
</ul>
|
|||
|
<h3 id="networkmanager-创建自定义-nat-网络"><code>NetworkManager</code> 创建自定义 NAT 网络<a aria-hidden="true" tabindex="-1" href="#networkmanager-创建自定义-nat-网络" class="internal"> §</a></h3>
|
|||
|
<ol>
|
|||
|
<li>
|
|||
|
<p><strong>确保 NetworkManager 已启用</strong>:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">systemctl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">enable</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--now</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">NetworkManager</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>创建 NetworkManager 桥接连接</strong>:</p>
|
|||
|
<p>编辑 NetworkManager 配置文件,创建一个桥接网络(例如 <code>/etc/NetworkManager/system-connections/bridge-br1.nmconnection</code>):</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="ini" data-theme="default"><code data-language="ini" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);">[connection]</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-keyword);">id=</span><span style="color:var(--shiki-color-text);">bridge-br1</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-keyword);">type=</span><span style="color:var(--shiki-color-text);">bridge</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-keyword);">autoconnect=</span><span style="color:var(--shiki-color-text);">true</span></span>
|
|||
|
<span data-line> </span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);">[bridge]</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-keyword);">stp=</span><span style="color:var(--shiki-color-text);">true</span></span>
|
|||
|
<span data-line> </span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);">[ipv4]</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-keyword);">method=</span><span style="color:var(--shiki-color-text);">manual</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-keyword);">address1=</span><span style="color:var(--shiki-color-text);">192.168.100.1/24</span></span>
|
|||
|
<span data-line> </span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);">[ipv6]</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-keyword);">method=</span><span style="color:var(--shiki-color-text);">ignore</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>重启 NetworkManager 服务</strong>:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">systemctl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">restart</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">NetworkManager</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>验证桥接网络</strong>:</p>
|
|||
|
<p>确认新的桥接网络已创建并启用:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">nmcli</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">show</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
</ol>
|
|||
|
<h2 id="桥接网络">桥接网络<a aria-hidden="true" tabindex="-1" href="#桥接网络" class="internal"> §</a></h2>
|
|||
|
<p>使用 NetworkManager 的 <code>nmcli</code> 命令来创建和配置桥接网络接口,并将物理接口绑定到网桥。</p>
|
|||
|
<ol>
|
|||
|
<li>
|
|||
|
<p><strong>创建桥接接口</strong>:</p>
|
|||
|
<p>使用 <code>nmcli</code> 命令创建一个新的桥接接口:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">nmcli</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">add</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">type</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">bridge</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">ifname</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">br0</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>配置桥接接口的 IP 地址</strong>:</p>
|
|||
|
<p>为桥接接口配置 IP 地址:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">nmcli</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">modify</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">br0</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">ipv4.addresses</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">192.168</span><span style="color:var(--shiki-token-string);">.1.100/24</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">ipv4.method</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">manual</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">nmcli</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">modify</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">br0</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">ipv4.gateway</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">192.168</span><span style="color:var(--shiki-token-string);">.1.1</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">nmcli</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">modify</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">br0</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">ipv4.dns</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string-expression);">"8.8.8.8,8.8.4.4"</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">nmcli</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">modify</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">br0</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection.autoconnect</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">yes</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>将物理接口绑定到桥接接口</strong>:</p>
|
|||
|
<p>假设物理接口为 <code>eth0</code>,使用 <code>nmcli</code> 将其绑定到 <code>br0</code>:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">nmcli</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">add</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">type</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">ethernet</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">ifname</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">eth0</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">master</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">br0</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>启用桥接接口</strong>:</p>
|
|||
|
<p>启用桥接接口 <code>br0</code> 和物理接口 <code>eth0</code>:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">nmcli</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">up</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">br0</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">nmcli</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">up</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">eth0</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>编辑虚拟机的 XML 配置文件</strong>:</p>
|
|||
|
<p>假设虚拟机名称为 <code>testvm</code>,使用以下命令编辑其 XML 配置文件:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">edit</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">testvm</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>添加桥接网络接口配置</strong>:</p>
|
|||
|
<p>在 <code><devices></code> 部分中添加以下内容,将 <code>br0</code> 作为桥接接口:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="xml" data-theme="default"><code data-language="xml" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);"><</span><span style="color:var(--shiki-token-string-expression);">interface</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'bridge'</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">mac</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">address</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'52:54:00:12:34:56'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">source</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">bridge</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'br0'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">model</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'virtio'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">address</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'pci'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">domain</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x0000'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">bus</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x00'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">slot</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x03'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">function</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x0'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"></</span><span style="color:var(--shiki-token-string-expression);">interface</span><span style="color:var(--shiki-color-text);">></span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>保存并退出</strong>:</p>
|
|||
|
<p>保存配置文件并退出编辑器。</p>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>重启虚拟机</strong>:</p>
|
|||
|
<p>重启虚拟机使新的网络配置生效:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">shutdown</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">testvm</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">start</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">testvm</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
</ol>
|
|||
|
<h2 id="内部网络">内部网络<a aria-hidden="true" tabindex="-1" href="#内部网络" class="internal"> §</a></h2>
|
|||
|
<p>内部网络允许虚拟机之间进行通信,而无需通过外部网络。这种网络模式适用于需要隔离的测试环境或需要内部通信的应用。</p>
|
|||
|
<ol>
|
|||
|
<li>
|
|||
|
<p><strong>创建内部网络 XML 配置文件</strong></p>
|
|||
|
<p>首先,创建一个 XML 文件(如 <code>internal-net.xml</code>),定义内部网络的配置:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="xml" data-theme="default"><code data-language="xml" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);"><</span><span style="color:var(--shiki-token-string-expression);">network</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">name</span><span style="color:var(--shiki-color-text);">>internal-net</</span><span style="color:var(--shiki-token-string-expression);">name</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">forward</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">mode</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'none'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">bridge</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">name</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'virbr1'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">stp</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'on'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">delay</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">ip</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">address</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'192.168.200.1'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">netmask</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'255.255.255.0'</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">dhcp</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">range</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">start</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'192.168.200.2'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">end</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'192.168.200.254'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </</span><span style="color:var(--shiki-token-string-expression);">dhcp</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </</span><span style="color:var(--shiki-token-string-expression);">ip</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"></</span><span style="color:var(--shiki-token-string-expression);">network</span><span style="color:var(--shiki-color-text);">></span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
</ol>
|
|||
|
<p>在上面的 XML 文件中,已定义网络名称为 <code>internal-net</code>,IP 地址范围为 <code>192.168.200.2</code> 到 <code>192.168.200.254</code>。</p>
|
|||
|
<ol start="2">
|
|||
|
<li>
|
|||
|
<p><strong>定义并启动网络</strong></p>
|
|||
|
<p>使用 <code>virsh</code> 命令定义并启动内部网络:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">net-define</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">internal-net.xml</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">net-start</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">internal-net</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">net-autostart</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">internal-net</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p>编辑虚拟机的 XML 配置文件:</p>
|
|||
|
<pre><code>sudo virsh edit <vm_name>
|
|||
|
</code></pre>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p>在 <code><devices></code>部分中添加以下内容,将 <code>internal-net</code>作为网络接口:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="xml" data-theme="default"><code data-language="xml" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);"><</span><span style="color:var(--shiki-token-string-expression);">interface</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'network'</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">mac</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">address</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'52:54:00:12:34:56'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">source</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">network</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'internal-net'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">model</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'virtio'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">address</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'pci'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">domain</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x0000'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">bus</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x00'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">slot</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x03'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">function</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x0'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"></</span><span style="color:var(--shiki-token-string-expression);">interface</span><span style="color:var(--shiki-color-text);">></span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p>保存并退出编辑器。</p>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p>重启虚拟机使新的网络配置生效:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">shutdown</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);"><</span><span style="color:var(--shiki-token-string);">vm_nam</span><span style="color:var(--shiki-color-text);">e</span><span style="color:var(--shiki-token-keyword);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">start</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);"><</span><span style="color:var(--shiki-token-string);">vm_nam</span><span style="color:var(--shiki-color-text);">e</span><span style="color:var(--shiki-token-keyword);">></span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
</ol>
|
|||
|
<h2 id="仅主机网络">仅主机网络<a aria-hidden="true" tabindex="-1" href="#仅主机网络" class="internal"> §</a></h2>
|
|||
|
<p>仅主机网络(Host-only Network)允许虚拟机与宿主机通信,但不允许虚拟机与外部网络通信。这种网络模式适用于需要虚拟机与宿主机进行隔离通信的场景。</p>
|
|||
|
<ol>
|
|||
|
<li>
|
|||
|
<p><strong>创建仅主机网络 XML 配置文件</strong></p>
|
|||
|
<p>创建一个 XML 文件(如 <code>host-only-net.xml</code>),定义仅主机网络的配置:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="xml" data-theme="default"><code data-language="xml" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);"><</span><span style="color:var(--shiki-token-string-expression);">network</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">name</span><span style="color:var(--shiki-color-text);">>host-only-net</</span><span style="color:var(--shiki-token-string-expression);">name</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">forward</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">mode</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'none'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">bridge</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">name</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'virbr2'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">stp</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'on'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">delay</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">ip</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">address</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'192.168.150.1'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">netmask</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'255.255.255.0'</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">dhcp</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">range</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">start</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'192.168.150.2'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">end</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'192.168.150.254'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </</span><span style="color:var(--shiki-token-string-expression);">dhcp</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </</span><span style="color:var(--shiki-token-string-expression);">ip</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"></</span><span style="color:var(--shiki-token-string-expression);">network</span><span style="color:var(--shiki-color-text);">></span></span></code></pre></div>
|
|||
|
<p>在上面的 XML 文件中,已定义网络名称为 <code>host-only-net</code>,IP 地址范围为 <code>192.168.150.2</code> 到 <code>192.168.150.254</code>。</p>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>定义并启动网络</strong></p>
|
|||
|
<p>使用 <code>virsh</code> 命令定义并启动仅主机网络:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="xml" data-theme="default"><code data-language="xml" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);">sudo virsh net-define host-only-net.xml</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);">sudo virsh net-start host-only-net</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);">sudo virsh net-autostart host-only-net</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p>编辑虚拟机的 XML 配置文件:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">edit</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);"><</span><span style="color:var(--shiki-token-string);">vm_nam</span><span style="color:var(--shiki-color-text);">e</span><span style="color:var(--shiki-token-keyword);">></span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p>在 <code><devices></code>部分中添加以下内容,将 <code>host-only-net</code> 作为网络接口:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="xml" data-theme="default"><code data-language="xml" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);"><</span><span style="color:var(--shiki-token-string-expression);">interface</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'network'</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">mac</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">address</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'52:54:00:12:34:56'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">source</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">network</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'host-only-net'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">model</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'virtio'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">address</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'pci'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">domain</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x0000'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">bus</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x00'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">slot</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x03'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">function</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x0'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"></</span><span style="color:var(--shiki-token-string-expression);">interface</span><span style="color:var(--shiki-color-text);">></span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p>保存并退出编辑器。</p>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p>重启虚拟机使新的网络配置生效:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="xml" data-theme="default"><code data-language="xml" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);">sudo virsh shutdown <</span><span style="color:var(--shiki-token-string-expression);">vm_name</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);">sudo virsh start <</span><span style="color:var(--shiki-token-string-expression);">vm_name</span><span style="color:var(--shiki-color-text);">></span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
</ol>
|
|||
|
<h2 id="高级网络功能">高级网络功能<a aria-hidden="true" tabindex="-1" href="#高级网络功能" class="internal"> §</a></h2>
|
|||
|
<h3 id="vlan-配置">VLAN 配置<a aria-hidden="true" tabindex="-1" href="#vlan-配置" class="internal"> §</a></h3>
|
|||
|
<p>使用 NetworkManager 和 <code>nmcli</code> 命令创建 VLAN 网络。</p>
|
|||
|
<ol>
|
|||
|
<li>
|
|||
|
<p><strong>创建 VLAN 接口</strong>:</p>
|
|||
|
<p>假设物理接口为 <code>eth0</code>,VLAN ID 为 100,VLAN 接口命名为 <code>eth0.100</code>:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">nmcli</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">add</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">type</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">vlan</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">con-name</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">vlan100</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">dev</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">eth0</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">id</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">100</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>配置 VLAN 接口 IP 地址</strong>:</p>
|
|||
|
<p>为 VLAN 接口配置 IP 地址:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">nmcli</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">modify</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">vlan100</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">ipv4.addresses</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">192.168</span><span style="color:var(--shiki-token-string);">.100.1/24</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">ipv4.method</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">manual</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">nmcli</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">modify</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">vlan100</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">ipv4.gateway</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">192.168</span><span style="color:var(--shiki-token-string);">.100.254</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">nmcli</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">modify</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">vlan100</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">ipv4.dns</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string-expression);">"8.8.8.8,8.8.4.4"</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">nmcli</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">up</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">vlan100</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>使用 <code>virsh</code> 配置 VLAN 网络</strong></p>
|
|||
|
<ol>
|
|||
|
<li>编辑虚拟机的 XML 配置文件:</li>
|
|||
|
</ol>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">edit</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);"><</span><span style="color:var(--shiki-token-string);">vm_nam</span><span style="color:var(--shiki-color-text);">e</span><span style="color:var(--shiki-token-keyword);">></span></span></code></pre></div>
|
|||
|
<ol start="2">
|
|||
|
<li>在 <code><devices></code>部分中添加以下内容,将 <code>vlan100</code>作为网络接口:</li>
|
|||
|
</ol>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="xml" data-theme="default"><code data-language="xml" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);"><</span><span style="color:var(--shiki-token-string-expression);">interface</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'network'</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"><</span><span style="color:var(--shiki-token-string-expression);">mac</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">address</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'52:54:00:12:34:56'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"><</span><span style="color:var(--shiki-token-string-expression);">source</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">network</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'vlan100'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"><</span><span style="color:var(--shiki-token-string-expression);">model</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'virtio'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"><</span><span style="color:var(--shiki-token-string-expression);">vlan</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">tag</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">id</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'100'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"></</span><span style="color:var(--shiki-token-string-expression);">vlan</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"><</span><span style="color:var(--shiki-token-string-expression);">address</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'pci'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">domain</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x0000'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">bus</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x00'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">slot</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x03'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">function</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x0'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"></</span><span style="color:var(--shiki-token-string-expression);">interface</span><span style="color:var(--shiki-color-text);">></span></span></code></pre></div>
|
|||
|
<ol start="3">
|
|||
|
<li>
|
|||
|
<p>保存并退出编辑器。</p>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p>重启虚拟机使新的网络配置生效:</p>
|
|||
|
</li>
|
|||
|
</ol>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="bash" data-theme="default"><code data-language="bash" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">shutdown</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);"><</span><span style="color:var(--shiki-token-string);">vm_nam</span><span style="color:var(--shiki-color-text);">e</span><span style="color:var(--shiki-token-keyword);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">start</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);"><</span><span style="color:var(--shiki-token-string);">vm_nam</span><span style="color:var(--shiki-color-text);">e</span><span style="color:var(--shiki-token-keyword);">></span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
</ol>
|
|||
|
<h3 id="配置虚拟机的多网卡">配置虚拟机的多网卡<a aria-hidden="true" tabindex="-1" href="#配置虚拟机的多网卡" class="internal"> §</a></h3>
|
|||
|
<ol>
|
|||
|
<li>编辑虚拟机的 XML 配置文件:</li>
|
|||
|
</ol>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">edit</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);"><</span><span style="color:var(--shiki-token-string);">vm_nam</span><span style="color:var(--shiki-color-text);">e</span><span style="color:var(--shiki-token-keyword);">></span></span></code></pre></div>
|
|||
|
<ol start="2">
|
|||
|
<li>在 <code><devices></code>部分中添加多个 <code><interface></code>元素,每个代表一个网络接口:</li>
|
|||
|
</ol>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="xml" data-theme="default"><code data-language="xml" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);"><</span><span style="color:var(--shiki-token-string-expression);">interface</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'network'</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">mac</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">address</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'52:54:00:12:34:56'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">source</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">network</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'default'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">model</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'virtio'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">address</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'pci'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">domain</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x0000'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">bus</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x00'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">slot</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x03'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">function</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x0'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"></</span><span style="color:var(--shiki-token-string-expression);">interface</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"><</span><span style="color:var(--shiki-token-string-expression);">interface</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'network'</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">mac</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">address</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'52:54:00:12:34:57'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">source</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">network</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'vlan100'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">model</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'virtio'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">address</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'pci'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">domain</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x0000'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">bus</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x00'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">slot</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x04'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">function</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x0'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"></</span><span style="color:var(--shiki-token-string-expression);">interface</span><span style="color:var(--shiki-color-text);">></span></span></code></pre></div>
|
|||
|
<ol start="3">
|
|||
|
<li>
|
|||
|
<p>保存并退出编辑器。</p>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p>重启虚拟机使新的网络配置生效:</p>
|
|||
|
</li>
|
|||
|
</ol>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">shutdown</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);"><</span><span style="color:var(--shiki-token-string);">vm_nam</span><span style="color:var(--shiki-color-text);">e</span><span style="color:var(--shiki-token-keyword);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">start</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);"><</span><span style="color:var(--shiki-token-string);">vm_nam</span><span style="color:var(--shiki-color-text);">e</span><span style="color:var(--shiki-token-keyword);">></span></span></code></pre></div>
|
|||
|
<h3 id="配置网络带宽限制">配置网络带宽限制<a aria-hidden="true" tabindex="-1" href="#配置网络带宽限制" class="internal"> §</a></h3>
|
|||
|
<ol>
|
|||
|
<li>编辑虚拟机的 XML 配置文件:</li>
|
|||
|
</ol>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">edit</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);"><</span><span style="color:var(--shiki-token-string);">vm_nam</span><span style="color:var(--shiki-color-text);">e</span><span style="color:var(--shiki-token-keyword);">></span></span></code></pre></div>
|
|||
|
<ol start="2">
|
|||
|
<li>在 <code><interface></code> 元素中添加 <code><bandwidth></code> 元素,设置带宽限制参数,例如:</li>
|
|||
|
</ol>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="xml" data-theme="default"><code data-language="xml" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);"><</span><span style="color:var(--shiki-token-string-expression);">interface</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'network'</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">mac</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">address</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'52:54:00:12:34:56'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">source</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">network</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'default'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">model</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'virtio'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">bandwidth</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">inbound</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">average</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'1000'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">peak</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'2000'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">burst</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'512'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">outbound</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">average</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'1000'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">peak</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'2000'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">burst</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'512'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </</span><span style="color:var(--shiki-token-string-expression);">bandwidth</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">address</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'pci'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">domain</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x0000'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">bus</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x00'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">slot</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x03'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">function</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'0x0'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"></</span><span style="color:var(--shiki-token-string-expression);">interface</span><span style="color:var(--shiki-color-text);">></span></span></code></pre></div>
|
|||
|
<p>以上配置将网络带宽限制为入站和出站各 1000 Kbps 平均速率,2000 Kbps 峰值速率,512 KB 突发流量。</p>
|
|||
|
<ol start="3">
|
|||
|
<li>
|
|||
|
<p>保存并退出编辑器。</p>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p>重启虚拟机使新的网络配置生效:</p>
|
|||
|
</li>
|
|||
|
</ol>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">shutdown</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);"><</span><span style="color:var(--shiki-token-string);">vm_nam</span><span style="color:var(--shiki-color-text);">e</span><span style="color:var(--shiki-token-keyword);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virsh</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">start</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);"><</span><span style="color:var(--shiki-token-string);">vm_nam</span><span style="color:var(--shiki-color-text);">e</span><span style="color:var(--shiki-token-keyword);">></span></span></code></pre></div>
|
|||
|
<ul>
|
|||
|
<li>
|
|||
|
<p>在宿主机和虚拟机上安装 <code>iperf</code>:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">apt</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">install</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">iperf3</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-comment);"># Ubuntu</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">yum</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">install</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">iperf3</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-comment);"># CentOS/RHEL</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p>在虚拟机上启动 <code>iperf</code> 服务端:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">iperf3</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-s</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p>在宿主机上运行 <code>iperf</code> 客户端进行带宽测试:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">iperf3</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-c</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);"><</span><span style="color:var(--shiki-token-string);">vm_ip_addres</span><span style="color:var(--shiki-color-text);">s</span><span style="color:var(--shiki-token-keyword);">></span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p>检查测试结果,验证带宽限制是否生效。</p>
|
|||
|
</li>
|
|||
|
</ul>
|
|||
|
<p>通过以上步骤使用 NetworkManager 和 <code>nmcli</code> 命令配置 VLAN 网络、为虚拟机添加多个网卡,并使用 <code>virsh</code> 配置网络带宽限制。同时,可以通过 <code>iperf</code> 工具验证网络带宽限制的效果。</p>
|
|||
|
<h2 id="管理和监控虚拟网络">管理和监控虚拟网络<a aria-hidden="true" tabindex="-1" href="#管理和监控虚拟网络" class="internal"> §</a></h2>
|
|||
|
<h3 id="virsh-命令管理网络"><code>virsh</code> 命令管理网络<a aria-hidden="true" tabindex="-1" href="#virsh-命令管理网络" class="internal"> §</a></h3>
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
<table><thead><tr><th>命令</th><th>描述</th></tr></thead><tbody><tr><td><code>virsh net-list --all</code></td><td>列出所有虚拟网络</td></tr><tr><td><code>virsh net-info <network></code></td><td>显示虚拟网络的信息</td></tr><tr><td><code>virsh net-dumpxml <network></code></td><td>显示虚拟网络的 XML 配置</td></tr><tr><td><code>virsh net-create <network.xml></code></td><td>创建虚拟网络</td></tr><tr><td><code>virsh net-destroy <network></code></td><td>销毁虚拟网络</td></tr><tr><td><code>virsh net-start <network></code></td><td>启动虚拟网络</td></tr><tr><td><code>virsh net-autostart <network></code></td><td>设置虚拟网络开机自启</td></tr><tr><td><code>virsh net-undefine <network></code></td><td>取消定义虚拟网络</td></tr><tr><td><code>virsh net-edit <network></code></td><td>编辑虚拟网络的 XML 配置</td></tr><tr><td><code>virsh net-update <network> <command> <section> <xml></code></td><td>更新虚拟网络</td></tr><tr><td><code>virsh net-dhcp-leases <network></code></td><td>列出网络的 DHCP 租约</td></tr></tbody></table>
|
|||
|
<h3 id="监控网络性能">监控网络性能<a aria-hidden="true" tabindex="-1" href="#监控网络性能" class="internal"> §</a></h3>
|
|||
|
<h4 id="使用-iftop-和-vnstat-等工具">使用 <code>iftop</code> 和 <code>vnstat</code> 等工具<a aria-hidden="true" tabindex="-1" href="#使用-iftop-和-vnstat-等工具" class="internal"> §</a></h4>
|
|||
|
<ol>
|
|||
|
<li>
|
|||
|
<p><strong>安装 <code>iftop</code> 和 <code>vnstat</code></strong></p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-comment);"># 在 Ubuntu 上</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">apt</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">install</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">iftop</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">vnstat</span></span>
|
|||
|
<span data-line> </span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-comment);"># 在 CentOS/RHEL 上</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">yum</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">install</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">iftop</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">vnstat</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>使用 <code>iftop</code> 监控实时网络流量</strong>:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">iftop</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-i</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);"><</span><span style="color:var(--shiki-token-string);">network_interfac</span><span style="color:var(--shiki-color-text);">e</span><span style="color:var(--shiki-token-keyword);">></span></span></code></pre></div>
|
|||
|
<p><code>iftop</code> 会显示实时的网络流量,包括发送和接收数据的主机 IP 和带宽使用情况。</p>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>使用 <code>vnstat</code> 监控网络流量</strong>:</p>
|
|||
|
<p>初始化 <code>vnstat</code>数据库:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">vnstat</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-u</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-i</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);"><</span><span style="color:var(--shiki-token-string);">network_interfac</span><span style="color:var(--shiki-color-text);">e</span><span style="color:var(--shiki-token-keyword);">></span></span></code></pre></div>
|
|||
|
<ul>
|
|||
|
<li>
|
|||
|
<p>查看实时流量:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">vnstat</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-l</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p>查看流量统计:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">vnstat</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p>查看详细流量统计:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">vnstat</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-d</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-comment);"># 查看每日流量统计</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">vnstat</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-m</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-comment);"># 查看每月流量统计</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">vnstat</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-t</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-comment);"># 查看每小时流量统计</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
</ol>
|
|||
|
<h4 id="分析网络流量和性能">分析网络流量和性能<a aria-hidden="true" tabindex="-1" href="#分析网络流量和性能" class="internal"> §</a></h4>
|
|||
|
<ol>
|
|||
|
<li><strong>分析流量数据</strong>:
|
|||
|
<ul>
|
|||
|
<li>使用 <code>iftop</code> 和 <code>vnstat</code> 收集的流量数据,可以帮助识别网络瓶颈和高流量的主机。</li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
<li><strong>优化网络配置</strong>:
|
|||
|
<ul>
|
|||
|
<li>根据监控数据,优化虚拟网络的配置,例如调整网络带宽限制、优化网络拓扑结构等。</li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
<li><strong>监控网络接口的性能</strong>:
|
|||
|
<ul>
|
|||
|
<li>定期检查和分析网络接口的性能,确保虚拟网络的稳定性和高效运行。</li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
</ol>
|
|||
|
<h2 id="安全配置">安全配置<a aria-hidden="true" tabindex="-1" href="#安全配置" class="internal"> §</a></h2>
|
|||
|
<h3 id="配置防火墙规则">配置防火墙规则<a aria-hidden="true" tabindex="-1" href="#配置防火墙规则" class="internal"> §</a></h3>
|
|||
|
<h4 id="使用-iptables-配置防火墙">使用 <code>iptables</code> 配置防火墙<a aria-hidden="true" tabindex="-1" href="#使用-iptables-配置防火墙" class="internal"> §</a></h4>
|
|||
|
<ol>
|
|||
|
<li>
|
|||
|
<p><strong>安装 <code>iptables</code></strong>:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-comment);"># 在 CentOS/RHEL 上</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">yum</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">install</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">iptables-services</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">systemctl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">enable</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--now</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">iptables</span></span>
|
|||
|
<span data-line> </span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-comment);"># 在 Ubuntu 上</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">apt</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">install</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">iptables</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>配置基本规则</strong>:</p>
|
|||
|
<p>允许虚拟机网络通信:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">iptables</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-A</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">FORWARD</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-i</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virbr0</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-o</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">eth0</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-j</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">ACCEPT</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">iptables</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-A</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">FORWARD</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-i</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">eth0</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-o</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">virbr0</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">-j</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">ACCEPT</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>保存规则</strong>:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-comment);"># 在 CentOS/RHEL 上</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">service</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">iptables</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">save</span></span>
|
|||
|
<span data-line> </span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-comment);"># 在 Ubuntu 上</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">iptables-save</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-keyword);">|</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">tee</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">/etc/iptables/rules.v4</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
</ol>
|
|||
|
<h4 id="配置-firewalld-管理规则">配置 <code>firewalld</code> 管理规则<a aria-hidden="true" tabindex="-1" href="#配置-firewalld-管理规则" class="internal"> §</a></h4>
|
|||
|
<ol>
|
|||
|
<li>
|
|||
|
<p><strong>安装 <code>firewalld</code></strong>:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-comment);"># 在 CentOS/RHEL 上</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">yum</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">install</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">firewalld</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">systemctl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">enable</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--now</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">firewalld</span></span>
|
|||
|
<span data-line> </span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-comment);"># 在 Ubuntu 上</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">apt</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">install</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">firewalld</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">systemctl</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">enable</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--now</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">firewalld</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
<li>
|
|||
|
<p><strong>配置基本规则</strong>:</p>
|
|||
|
<p>允许虚拟机网络通信:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">firewall-cmd</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--zone=public</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--add-interface=virbr0</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--permanent</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">firewall-cmd</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--zone=public</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--add-masquerade</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--permanent</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">firewall-cmd</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">--reload</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
</ol>
|
|||
|
<h3 id="网络隔离与访问控制">网络隔离与访问控制<a aria-hidden="true" tabindex="-1" href="#网络隔离与访问控制" class="internal"> §</a></h3>
|
|||
|
<h4 id="使用-vlan-实现网络隔离">使用 VLAN 实现网络隔离<a aria-hidden="true" tabindex="-1" href="#使用-vlan-实现网络隔离" class="internal"> §</a></h4>
|
|||
|
<ol>
|
|||
|
<li>
|
|||
|
<p><strong>创建 VLAN 接口</strong>:</p>
|
|||
|
<p>使用 <code>nmcli</code>创建 VLAN 接口:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="shell" data-theme="default"><code data-language="shell" data-theme="default"><span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">nmcli</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">add</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">type</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">vlan</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">con-name</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">vlan100</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">dev</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">eth0</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">id</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">100</span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-token-function);">sudo</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">nmcli</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">connection</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">modify</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">vlan100</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">ipv4.addresses</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-constant);">192.168</span><span style="color:var(--shiki-token-string);">.100.1/24</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">ipv4.method</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-string);">manual</span></span></code></pre></div>
|
|||
|
</li>
|
|||
|
</ol>
|
|||
|
<p>sudo nmcli connection up vlan100</p>
|
|||
|
<pre><code>
|
|||
|
2. **配置虚拟机使用 VLAN**:
|
|||
|
|
|||
|
使用 `virt-manager` 或 `virsh` 配置虚拟机连接到 VLAN 网络。
|
|||
|
|
|||
|
#### 配置虚拟机访问控制列表(ACL)
|
|||
|
|
|||
|
1. **使用 `virsh` 配置 ACL**:
|
|||
|
|
|||
|
为虚拟机创建网络 ACL 规则:
|
|||
|
|
|||
|
```shell
|
|||
|
sudo virsh nwfilter-define /etc/libvirt/nwfilter/myfilter.xml
|
|||
|
</code></pre>
|
|||
|
<p>配置 <code>myfilter.xml</code>文件示例:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="xml" data-theme="default"><code data-language="xml" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);"><</span><span style="color:var(--shiki-token-string-expression);">filter</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">name</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'myfilter'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">chain</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'ipv4'</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">uuid</span><span style="color:var(--shiki-color-text);">>...</</span><span style="color:var(--shiki-token-string-expression);">uuid</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">rule</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">action</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'accept'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">direction</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'in'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">priority</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'500'</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">mac</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">address</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'52:54:00:12:34:56'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> </</span><span style="color:var(--shiki-token-string-expression);">rule</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">rule</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">action</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'drop'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">direction</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'in'</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">priority</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'1000'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"></</span><span style="color:var(--shiki-token-string-expression);">filter</span><span style="color:var(--shiki-color-text);">></span></span></code></pre></div>
|
|||
|
<ol start="2">
|
|||
|
<li>
|
|||
|
<p><strong>应用 ACL 到虚拟机</strong>:</p>
|
|||
|
<p>编辑虚拟机的 XML 配置文件,应用网络过滤器:</p>
|
|||
|
<div data-rehype-pretty-code-fragment><pre style="background-color:var(--shiki-color-background);" tabindex="0" data-language="xml" data-theme="default"><code data-language="xml" data-theme="default"><span data-line><span style="color:var(--shiki-color-text);"><</span><span style="color:var(--shiki-token-string-expression);">interface</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'network'</span><span style="color:var(--shiki-color-text);">></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">mac</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">address</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'52:54:00:12:34:56'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">source</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">network</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'default'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">model</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">type</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'virtio'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"> <</span><span style="color:var(--shiki-token-string-expression);">filterref</span><span style="color:var(--shiki-color-text);"> </span><span style="color:var(--shiki-token-function);">filter</span><span style="color:var(--shiki-color-text);">=</span><span style="color:var(--shiki-token-string-expression);">'myfilter'</span><span style="color:var(--shiki-color-text);">/></span></span>
|
|||
|
<span data-line><span style="color:var(--shiki-color-text);"></</span><span style="color:var(--shiki-token-string-expression);">interface</span><span style="color:var(--shiki-color-text);">></span></span></code></pre></div>
|
|||
|
<p>重启虚拟机使 ACL 生效。</p>
|
|||
|
</li>
|
|||
|
</ol>
|
|||
|
<h2 id="故障排查">故障排查<a aria-hidden="true" tabindex="-1" href="#故障排查" class="internal"> §</a></h2>
|
|||
|
<h3 id="常见网络问题及解决方法">常见网络问题及解决方法<a aria-hidden="true" tabindex="-1" href="#常见网络问题及解决方法" class="internal"> §</a></h3>
|
|||
|
<h4 id="虚拟机无法连接网络">虚拟机无法连接网络<a aria-hidden="true" tabindex="-1" href="#虚拟机无法连接网络" class="internal"> §</a></h4>
|
|||
|
<ol>
|
|||
|
<li><strong>检查虚拟机的网络配置</strong>:
|
|||
|
<ul>
|
|||
|
<li>确认虚拟机的网络接口配置正确。</li>
|
|||
|
<li>使用 <code>virsh dumpxml <vm_name></code> 命令查看虚拟机的 XML 配置,确保 <code><interface></code> 部分配置正确。</li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
<li><strong>检查虚拟网络状态</strong>:
|
|||
|
<ul>
|
|||
|
<li>使用 <code>virsh net-list --all</code> 命令查看虚拟网络是否启动。</li>
|
|||
|
<li>如果虚拟网络未启动,使用 <code>virsh net-start <network_name></code> 启动虚拟网络。</li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
<li><strong>检查宿主机的网络配置</strong>:
|
|||
|
<ul>
|
|||
|
<li>确认宿主机的网络接口和桥接配置正确。</li>
|
|||
|
<li>使用 <code>nmcli connection show</code> 命令查看 NetworkManager 的连接状态,确保相关接口已连接。</li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
<li><strong>检查虚拟机的 IP 地址</strong>:
|
|||
|
<ul>
|
|||
|
<li>登录到虚拟机,使用 <code>ip a</code> 命令查看虚拟机的 IP 地址是否正确分配。</li>
|
|||
|
<li>如果未分配 IP 地址,检查 DHCP 配置是否正确。</li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
</ol>
|
|||
|
<h4 id="网络性能问题">网络性能问题<a aria-hidden="true" tabindex="-1" href="#网络性能问题" class="internal"> §</a></h4>
|
|||
|
<ol>
|
|||
|
<li><strong>检查网络带宽限制</strong>:
|
|||
|
<ul>
|
|||
|
<li>确认是否为虚拟机配置了带宽限制。</li>
|
|||
|
<li>使用 <code>virsh edit <vm_name></code> 命令检查 <code><bandwidth></code> 配置。</li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
<li><strong>检查网络流量</strong>:
|
|||
|
<ul>
|
|||
|
<li>使用 <code>iftop</code> 和 <code>vnstat</code> 等工具监控网络流量,识别高流量主机和瓶颈。</li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
<li><strong>优化网络配置</strong>:
|
|||
|
<ul>
|
|||
|
<li>调整虚拟机的网络接口配置,例如使用 Virtio 网络驱动以提高性能。</li>
|
|||
|
<li>使用桥接网络模式,确保虚拟机与物理网络的高效通信。</li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
</ol>
|
|||
|
<h3 id="日志查看与分析">日志查看与分析<a aria-hidden="true" tabindex="-1" href="#日志查看与分析" class="internal"> §</a></h3>
|
|||
|
<h4 id="查看-libvirt-网络日志">查看 <code>libvirt</code> 网络日志<a aria-hidden="true" tabindex="-1" href="#查看-libvirt-网络日志" class="internal"> §</a></h4>
|
|||
|
<ol>
|
|||
|
<li><strong>libvirt 日志路径</strong>:
|
|||
|
<ul>
|
|||
|
<li>在 CentOS/RHEL 上,<code>libvirt</code> 日志通常位于 <code>/var/log/libvirt/</code> 目录下。</li>
|
|||
|
<li>在 Ubuntu 上,<code>libvirt</code> 日志通常位于 <code>/var/log/libvirt/</code> 目录下。</li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
<li><strong>查看网络日志</strong>:
|
|||
|
<ul>
|
|||
|
<li>使用 <code>tail -f /var/log/libvirt/libvirtd.log</code> 命令查看实时日志。</li>
|
|||
|
<li>使用 <code>grep</code> 命令筛选关键字以查找特定问题,例如 <code>grep "network" /var/log/libvirt/libvirtd.log</code>。</li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
</ol>
|
|||
|
<h4 id="使用系统日志进行排查">使用系统日志进行排查<a aria-hidden="true" tabindex="-1" href="#使用系统日志进行排查" class="internal"> §</a></h4>
|
|||
|
<ol>
|
|||
|
<li><strong>查看系统日志</strong>:
|
|||
|
<ul>
|
|||
|
<li>使用 <code>journalctl</code> 命令查看系统日志,例如 <code>journalctl -u libvirtd</code> 查看 <code>libvirtd</code> 服务的日志。</li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
<li><strong>检查网络相关日志</strong>:
|
|||
|
<ul>
|
|||
|
<li>使用 <code>dmesg</code> 命令查看内核日志,查找与网络相关的错误信息。</li>
|
|||
|
</ul>
|
|||
|
</li>
|
|||
|
</ol></article></div><div class="right sidebar"><div class="graph "><h3>Graph View</h3><div class="graph-outer"><div id="graph-container" data-cfg="{"drag":true,"zoom":true,"depth":1,"scale":1.1,"repelForce":0.5,"centerForce":0.3,"linkDistance":30,"fontSize":0.6,"opacityScale":1,"showTags":true,"removeTags":[]}"></div><svg version="1.1" id="global-graph-icon" xmlns="http://www.w3.org/2000/svg" xmlnsXlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 55 55" fill="currentColor" xmlSpace="preserve"><path d="M49,0c-3.309,0-6,2.691-6,6c0,1.035,0.263,2.009,0.726,2.86l-9.829,9.829C32.542,17.634,30.846,17,29,17
|
|||
|
s-3.542,0.634-4.898,1.688l-7.669-7.669C16.785,10.424,17,9.74,17,9c0-2.206-1.794-4-4-4S9,6.794,9,9s1.794,4,4,4
|
|||
|
c0.74,0,1.424-0.215,2.019-0.567l7.669,7.669C21.634,21.458,21,23.154,21,25s0.634,3.542,1.688,4.897L10.024,42.562
|
|||
|
C8.958,41.595,7.549,41,6,41c-3.309,0-6,2.691-6,6s2.691,6,6,6s6-2.691,6-6c0-1.035-0.263-2.009-0.726-2.86l12.829-12.829
|
|||
|
c1.106,0.86,2.44,1.436,3.898,1.619v10.16c-2.833,0.478-5,2.942-5,5.91c0,3.309,2.691,6,6,6s6-2.691,6-6c0-2.967-2.167-5.431-5-5.91
|
|||
|
v-10.16c1.458-0.183,2.792-0.759,3.898-1.619l7.669,7.669C41.215,39.576,41,40.26,41,41c0,2.206,1.794,4,4,4s4-1.794,4-4
|
|||
|
s-1.794-4-4-4c-0.74,0-1.424,0.215-2.019,0.567l-7.669-7.669C36.366,28.542,37,26.846,37,25s-0.634-3.542-1.688-4.897l9.665-9.665
|
|||
|
C46.042,11.405,47.451,12,49,12c3.309,0,6-2.691,6-6S52.309,0,49,0z M11,9c0-1.103,0.897-2,2-2s2,0.897,2,2s-0.897,2-2,2
|
|||
|
S11,10.103,11,9z M6,51c-2.206,0-4-1.794-4-4s1.794-4,4-4s4,1.794,4,4S8.206,51,6,51z M33,49c0,2.206-1.794,4-4,4s-4-1.794-4-4
|
|||
|
s1.794-4,4-4S33,46.794,33,49z M29,31c-3.309,0-6-2.691-6-6s2.691-6,6-6s6,2.691,6,6S32.309,31,29,31z M47,41c0,1.103-0.897,2-2,2
|
|||
|
s-2-0.897-2-2s0.897-2,2-2S47,39.897,47,41z M49,10c-2.206,0-4-1.794-4-4s1.794-4,4-4s4,1.794,4,4S51.206,10,49,10z"></path></svg></div><div id="global-graph-outer"><div id="global-graph-container" data-cfg="{"drag":true,"zoom":true,"depth":-1,"scale":0.9,"repelForce":0.5,"centerForce":0.3,"linkDistance":30,"fontSize":0.6,"opacityScale":1,"showTags":true,"removeTags":[]}"></div></div></div><div class="toc desktop-only"><button type="button" id="toc" class><h3>Table of Contents</h3><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="fold"><polyline points="6 9 12 15 18 9"></polyline></svg></button><div id="toc-content"><ul class="overflow"><li class="depth-0"><a href="#kvm-网络基础" data-for="kvm-网络基础">KVM 网络基础</a></li><li class="depth-0"><a href="#kvm-网络安装与准备" data-for="kvm-网络安装与准备">KVM 网络安装与准备</a></li><li class="depth-1"><a href="#安装-networkmanager" data-for="安装-networkmanager">安装 NetworkManager</a></li><li class="depth-1"><a href="#配置系统网络支持" data-for="配置系统网络支持">配置系统网络支持</a></li><li class="depth-1"><a href="#示例配置文件" data-for="示例配置文件">示例配置文件</a></li><li class="depth-1"><a href="#其他注意事项" data-for="其他注意事项">其他注意事项</a></li><li class="depth-0"><a href="#nat-网络" data-for="nat-网络">NAT 网络</a></li><li class="depth-1"><a href="#virsh-创建自定义-nat-网络" data-for="virsh-创建自定义-nat-网络">virsh 创建自定义 NAT 网络</a></li><li class="depth-1"><a href="#networkmanager-创建自定义-nat-网络" data-for="networkmanager-创建自定义-nat-网络">NetworkManager 创建自定义 NAT 网络</a></li><li class="depth-0"><a href="#桥接网络" data-for="桥接网络">桥接网络</a></li><li class="depth-0"><a href="#内部网络" data-for="内部网络">内部网络</a></li><li class="depth-0"><a href="#仅主机网络" data-for="仅主机网络">仅主机网络</a></li><li class="depth-0"><a href="#高级网络功能" data-for="高级网络功能">高级网络功能</a></li><li class="depth-1"><a href="#vlan-配置" data-for="vlan-配置">VLAN 配置</a></li><li class="depth-1"><a href="#配置虚拟机的多网卡" data-for="配置虚拟机的多网卡">配置虚拟机的多网卡</a></li><li class="depth-1"><a href="#配置网络带宽限制" data-for="配置网络带宽限制">配置网络带宽限制</a></li><li class="depth-0"><a href="#管理和监控虚拟网络" data-for="管理和监控虚拟网络">管理和监控虚拟网络</a></li><li class="depth-1"><a href="#virsh-命令管理网络" data-for="virsh-命令管理网络">virsh 命令管理网络</a></li><li class="depth-1"><a href="#监控网络性能" data-for="监控网络性能">监控网络性能</a></li><li class="depth-0"><a href="#安全配置" data-for="安全配置">安全配置</a></li><li class="depth-1"><a href="#配置防火墙规则" data-for="配置防火墙规则">配置防火墙规则</a></li><li class="depth-1"><a href="#网络隔离与访问控制" data-for="网络隔离与访问控制">网络隔离与访问控制</a></li><li class="depth-0"><a href="#故障排查" data-for="故障排查">故障排查</a></li><li class="depth-1"><a href="#常见网络问题及解决方法" data-for="常见网络问题及解决方法">常见网络问题及解决方法</a></li><li class="depth-1"><a href="#日志查看与分析" data-for="日志查看与分析">日志查看与分析</a></li></ul></div></div><div class="backlinks "><h3>Backlinks</h3><ul class="overflow"><li>No backlinks found</li></ul></div><div class="explorer mobile-only"><button type="button" id="explorer" data-behavior="collapse" data-collapsed="collapsed" data-savestate="true" data-tree="[{"path":"Basics","collap
|
|||
|
function toggleCallout() {
|
|||
|
const outerBlock = this.parentElement;
|
|||
|
outerBlock.classList.toggle(`is-collapsed`);
|
|||
|
const collapsed = outerBlock.classList.contains(`is-collapsed`);
|
|||
|
const height = collapsed ? this.scrollHeight : outerBlock.scrollHeight;
|
|||
|
outerBlock.style.maxHeight = height + `px`;
|
|||
|
let current = outerBlock;
|
|||
|
let parent = outerBlock.parentElement;
|
|||
|
while (parent) {
|
|||
|
if (!parent.classList.contains(`callout`)) {
|
|||
|
return;
|
|||
|
}
|
|||
|
const collapsed2 = parent.classList.contains(`is-collapsed`);
|
|||
|
const height2 = collapsed2 ? parent.scrollHeight : parent.scrollHeight + current.scrollHeight;
|
|||
|
parent.style.maxHeight = height2 + `px`;
|
|||
|
current = parent;
|
|||
|
parent = parent.parentElement;
|
|||
|
}
|
|||
|
}
|
|||
|
function setupCallout() {
|
|||
|
const collapsible = document.getElementsByClassName(
|
|||
|
`callout is-collapsible`
|
|||
|
);
|
|||
|
for (const div of collapsible) {
|
|||
|
const title = div.firstElementChild;
|
|||
|
if (title) {
|
|||
|
title.removeEventListener(`click`, toggleCallout);
|
|||
|
title.addEventListener(`click`, toggleCallout);
|
|||
|
const collapsed = div.classList.contains(`is-collapsed`);
|
|||
|
const height = collapsed ? title.scrollHeight : div.scrollHeight;
|
|||
|
div.style.maxHeight = height + `px`;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
document.addEventListener(`nav`, setupCallout);
|
|||
|
window.addEventListener(`resize`, setupCallout);
|
|||
|
</script><script type="module">
|
|||
|
import mermaid from 'https://cdn.jsdelivr.net/npm/mermaid/dist/mermaid.esm.min.mjs';
|
|||
|
const darkMode = document.documentElement.getAttribute('saved-theme') === 'dark'
|
|||
|
mermaid.initialize({
|
|||
|
startOnLoad: false,
|
|||
|
securityLevel: 'loose',
|
|||
|
theme: darkMode ? 'dark' : 'default'
|
|||
|
});
|
|||
|
document.addEventListener('nav', async () => {
|
|||
|
await mermaid.run({
|
|||
|
querySelector: '.mermaid'
|
|||
|
})
|
|||
|
});
|
|||
|
</script><script src="https://cdn.jsdelivr.net/npm/katex@0.16.7/dist/contrib/copy-tex.min.js" type="application/javascript"></script><script src="../../../../postscript.js" type="module"></script></html>
|