1
0
wiki/Technology/OperatingSystem/Virtualization/2.KVM虚拟化/4.-KVM-网络配置.html

819 lines
585 KiB
HTML
Raw Normal View History

2024-09-06 10:58:26 +08:00
<!DOCTYPE html>
<html lang="zh"><head><title>4. KVM 网络配置</title><meta charset="utf-8"/><link rel="preconnect" href="https://fonts.googleapis.com"/><link rel="preconnect" href="https://fonts.gstatic.com"/><link rel="stylesheet" href="https://fonts.googleapis.com/css2?family=IBM Plex Mono&amp;family=Noto Serif Simplified Chinese:wght@400;700&amp;family=Source Sans Pro:ital,wght@0,400;0,600;1,400;1,600&amp;display=swap"/><meta name="viewport" content="width=device-width, initial-scale=1.0"/><meta property="og:title" content="4. KVM 网络配置"/><meta property="og:description" content="本文详细介绍了KVM虚拟化环境中的网络配置包括NAT、桥接、内部和仅主机网络的设置方法以及如何使用NetworkManager和virsh工具进行网络管理、监控和故障排查。."/><meta property="og:image" content="https://wiki.7wate.com/static/og-image.png"/><meta property="og:width" content="1200"/><meta property="og:height" content="675"/><link rel="icon" href="../../../../static/icon.png"/><meta name="description" content="本文详细介绍了KVM虚拟化环境中的网络配置包括NAT、桥接、内部和仅主机网络的设置方法以及如何使用NetworkManager和virsh工具进行网络管理、监控和故障排查。."/><meta name="generator" content="Quartz"/><link href="../../../../index.css" rel="stylesheet" type="text/css" spa-preserve/><link href="https://cdnjs.cloudflare.com/ajax/libs/KaTeX/0.16.9/katex.min.css" rel="stylesheet" type="text/css" spa-preserve/><script src="../../../../prescript.js" type="application/javascript" spa-preserve></script><script type="application/javascript" spa-preserve>const fetchData = fetch("../../../../static/contentIndex.json").then(data => data.json())</script></head><body data-slug="Technology/OperatingSystem/Virtualization/2.KVM虚拟化/4.-KVM-网络配置"><div id="quartz-root" class="page"><div id="quartz-body"><div class="left sidebar"><h2 class="page-title"><a href="../../../..">🪴 X·Eden</a></h2><div class="spacer mobile-only"></div><div class="search"><button class="search-button" id="search-button"><p>搜索</p><svg role="img" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 19.9 19.7"><title>Search</title><g class="search-path" fill="none"><path stroke-linecap="square" d="M18.5 18.3l-5.4-5.4"></path><circle cx="8" cy="8" r="7"></circle></g></svg></button><div id="search-container"><div id="search-space"><input autocomplete="off" id="search-bar" name="search" type="text" aria-label="搜索些什么" placeholder="搜索些什么"/><div id="search-layout" data-preview="true"></div></div></div></div><button class="darkmode" id="darkmode"><svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1" id="dayIcon" x="0px" y="0px" viewBox="0 0 35 35" style="enable-background:new 0 0 35 35" xml:space="preserve" aria-label="暗色模式"><title>暗色模式</title><path d="M6,17.5C6,16.672,5.328,16,4.5,16h-3C0.672,16,0,16.672,0,17.5 S0.672,19,1.5,19h3C5.328,19,6,18.328,6,17.5z M7.5,26c-0.414,0-0.789,0.168-1.061,0.439l-2,2C4.168,28.711,4,29.086,4,29.5 C4,30.328,4.671,31,5.5,31c0.414,0,0.789-0.168,1.06-0.44l2-2C8.832,28.289,9,27.914,9,27.5C9,26.672,8.329,26,7.5,26z M17.5,6 C18.329,6,19,5.328,19,4.5v-3C19,0.672,18.329,0,17.5,0S16,0.672,16,1.5v3C16,5.328,16.671,6,17.5,6z M27.5,9 c0.414,0,0.789-0.168,1.06-0.439l2-2C30.832,6.289,31,5.914,31,5.5C31,4.672,30.329,4,29.5,4c-0.414,0-0.789,0.168-1.061,0.44 l-2,2C26.168,6.711,26,7.086,26,7.5C26,8.328,26.671,9,27.5,9z M6.439,8.561C6.711,8.832,7.086,9,7.5,9C8.328,9,9,8.328,9,7.5 c0-0.414-0.168-0.789-0.439-1.061l-2-2C6.289,4.168,5.914,4,5.5,4C4.672,4,4,4.672,4,5.5c0,0.414,0.168,0.789,0.439,1.06 L6.439,8.561z M33.5,16h-3c-0.828,0-1.5,0.672-1.5,1.5s0.672,1.5,1.5,1.5h3c0.828,0,1.5-0.672,1.5-1.5S34.328,16,33.5,16z M28.561,26.439C28.289,26.168,27.914,26,27.5,26c-0.828,0-1.5,0.672-1.5,1.5c0,0.414,0.168,0.789,0.439,1.06l2,2 C28.711,30.832,29.086,31,29.5,31c0.828,0,1.5-0.672,1.5-1.5c0-0.414-0.168-0.789-0.439-1.061L28.561,26.439z M17.5,29 c-0.829,0-1.5,0.672
<p>KVMKernel-based Virtual Machine网络是指在 KVM 虚拟化环境中,为虚拟机提供的网络连接和通信机制。通过 KVM 网络,虚拟机可以与其他虚拟机、宿主机以及外部网络进行通信。</p>
<div class="table-container"><table><thead><tr><th><strong>网络类型</strong></th><th><strong>描述</strong></th><th><strong>优点</strong></th><th><strong>缺点</strong></th><th><strong>适用场景</strong></th></tr></thead><tbody><tr><td>NAT 网络</td><td>虚拟机通过宿主机的网络接口与外部通信IP 地址被隐藏。</td><td>配置简单,适合需要外部通信的虚拟机。</td><td>虚拟机间通信需额外配置,网络性能可能受限。</td><td>适合不需外部访问但需访问外网的虚拟机。</td></tr><tr><td>桥接网络</td><td>虚拟机直接连接物理网络接口,拥有独立 IP 地址,可直接与其他设备通信。</td><td>与物理网络无缝集成,适合需外部访问的虚拟机。</td><td>配置较复杂,需适当配置物理网络接口。</td><td>适合需要直接对外提供服务的虚拟机。</td></tr><tr><td>内部网络</td><td>仅允许虚拟机之间的通信,不与宿主机或外部网络通信。</td><td>提供隔离网络,适合测试和开发。</td><td>虚拟机无法与外部网络通信。</td><td>适合需要隔离的测试和开发环境。</td></tr><tr><td>仅主机网络</td><td>允许虚拟机与宿主机通信,但不与外部网络通信。</td><td>简单隔离,适合虚拟机与宿主机通信。</td><td>虚拟机无法与外部网络通信。</td><td>适合虚拟机与宿主机需要频繁交互的场景。</td></tr></tbody></table></div>
<h2 id="kvm-网络安装与准备">KVM 网络安装与准备<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#kvm-网络安装与准备" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h2>
<p><strong>可以选择使用任意一款网络管理工具</strong>,这里**推荐使用<code>NetworkManager</code>**来管理网络桥接。</p>
<h3 id="安装-networkmanager">安装 NetworkManager<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#安装-networkmanager" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h3>
<p><strong>非 Fedora/RHEL 系列,需要手动安装 NetworkManager</strong>,并配置 NetworkManager 接管网络。</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># Debian/Ubuntu 系列</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> apt-get</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> update</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> apt-get</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> install</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -y</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> network-manager</span></span></code></pre></figure>
<h3 id="配置系统网络支持">配置系统网络支持<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#配置系统网络支持" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h3>
<ol>
<li>
<p><strong>启用 NetworkManager</strong></p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># 启动并启用 NetworkManager 服务</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> systemctl</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> start</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> NetworkManager</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> systemctl</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> enable</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> NetworkManager</span></span></code></pre></figure>
</li>
<li>
<p><strong>创建并配置网络桥接</strong></p>
<p>使用<code>nmcli</code>工具创建一个新的桥接接口。例如,创建名为<code>br0</code>的桥接接口并将现有的以太网接口(假设为<code>eth0</code>)添加到桥接中。</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> nmcli</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> add</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> type</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> bridge</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> autoconnect</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> yes</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> con-name</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> br0</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> ifname</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> br0</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> nmcli</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> add</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> type</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> bridge-slave</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> autoconnect</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> yes</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> con-name</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> br0-slave</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> ifname</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> eth0</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> master</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> br0</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> nmcli</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> modify</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> br0</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> ipv4.method</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> auto</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> nmcli</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> up</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> br0</span></span></code></pre></figure>
</li>
<li>
<p><strong>确认桥接网络配置</strong></p>
<p>使用以下命令确认桥接网络是否正确配置。</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">nmcli</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> show</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">ip</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> a</span></span></code></pre></figure>
</li>
<li>
<p><strong>确认内核模块加载情况</strong></p>
<p>确保KVM相关的内核模块已加载</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">lsmod</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> |</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> grep</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> kvm</span></span></code></pre></figure>
</li>
</ol>
<h3 id="示例配置文件">示例配置文件<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#示例配置文件" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h3>
<p>对于<code>NetworkManager</code>的配置文件(一般位于<code>/etc/NetworkManager/system-connections/</code>目录下),你可以手动编辑这些文件进行更复杂的配置。例如,编辑<code>br0</code>的配置文件:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="ini" data-theme="github-light github-dark"><code data-language="ini" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">[connection]</span></span>
<span data-line><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">id</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=br0</span></span>
<span data-line><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=bridge</span></span>
<span data-line><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">interface-name</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=br0</span></span>
<span data-line><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">autoconnect</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=true</span></span>
<span data-line> </span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">[ipv4]</span></span>
<span data-line><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">method</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=auto</span></span>
<span data-line> </span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">[ipv6]</span></span>
<span data-line><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">method</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=auto</span></span></code></pre></figure>
<h3 id="其他注意事项">其他注意事项<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#其他注意事项" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h3>
<ol>
<li><strong>防火墙配置</strong>:确保你的防火墙规则允许桥接网络的流量。</li>
<li><strong>验证桥接网络</strong>:创建一个虚拟机并将其连接到<code>br0</code>桥接网络,验证网络连接是否正常。</li>
</ol>
<h2 id="nat-网络">NAT 网络<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#nat-网络" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h2>
<p>**KVM 默认会创建一个名为 <code>default</code> 的 NAT 网络。**这个网络通常在安装 libvirt 时自动创建和启用。</p>
<ol>
<li>
<p><strong>检查并启用默认网络</strong></p>
<p>检查 <code>default</code> 网络是否已经存在并启用:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> net-list</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --all</span></span></code></pre></figure>
<p>如果默认网络未启用,可以通过以下命令启用:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> net-start</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> default</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> net-autostart</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> default</span></span></code></pre></figure>
</li>
<li>
<p><strong>查看默认网络配置</strong></p>
<p>查看默认网络的详细配置:</p>
<pre><code>sudo virsh net-dumpxml default
</code></pre>
<p>典型的默认网络配置如下:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="xml" data-theme="github-light github-dark"><code data-language="xml" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">network</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">name</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">>default&lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">name</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">uuid</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">>……&lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">uuid</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">forward</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> mode</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'nat'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">nat</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">port</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> start</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'1024'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> end</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'65535'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">nat</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">forward</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">bridge</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> name</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'virbr0'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> stp</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'on'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> delay</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">mac</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> address</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'52:54:00:d3:9b:fb'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">ip</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> address</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'192.168.122.1'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> netmask</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'255.255.255.0'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">dhcp</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">range</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> start</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'192.168.122.2'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> end</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'192.168.122.254'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">dhcp</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">ip</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">network</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span></code></pre></figure>
</li>
<li>
<p><strong>创建虚拟机</strong></p>
<p>创建一台连接到 <code>default</code> 网络的虚拟机。可以使用 <code>virt-install</code> 命令来完成:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virt-install</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> \</span></span>
<span data-line><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --name</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> myvm</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> \</span></span>
<span data-line><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --ram</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> 4096</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> \</span></span>
<span data-line><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --disk</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> path=/var/lib/libvirt/images/myvm_storage.qcow2,size=</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;">32</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> \</span></span>
<span data-line><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --vcpus</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> 2</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> \</span></span>
<span data-line><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --os-type</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> linux</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> \</span></span>
<span data-line><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --os-variant</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> ubuntu20.04</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> \</span></span>
<span data-line><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --network</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> network=default</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> \</span></span>
<span data-line><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --graphics</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> none</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> \</span></span>
<span data-line><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --console</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> pty,target_type=serial</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> \</span></span>
<span data-line><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --location</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> 'https://mirrors.tuna.tsinghua.edu.cn/ubuntu/dists/focal/main/installer-amd64/'</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> \</span></span>
<span data-line><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --extra-args</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> 'console=ttyS0,115200n8 serial'</span></span></code></pre></figure>
</li>
<li>
<p><strong>验证虚拟机网络连接</strong></p>
<p>登录到虚拟机,并验证其网络连接:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">ping</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -c</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> 4</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> 8.8.8.8</span></span></code></pre></figure>
<p>检查虚拟机是否能够获得 IP 地址:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">ip</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> a</span></span></code></pre></figure>
</li>
</ol>
<h3 id="virsh-创建自定义-nat-网络"><code>virsh</code> 创建自定义 NAT 网络<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#virsh-创建自定义-nat-网络" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h3>
<p>通过 <code>virsh</code> 命令创建自定义 NAT 网络,并配置 DHCP 和 IP 地址范围。</p>
<ol>
<li>
<p><strong>创建网络配置文件</strong></p>
<p>创建一个自定义网络配置文件(如 <code>custom-net.xml</code></p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="xml" data-theme="github-light github-dark"><code data-language="xml" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">network</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">name</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">>custom-net&lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">name</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">forward</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> mode</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'nat'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">bridge</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> name</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'virbr1'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> stp</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'on'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> delay</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">mac</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> address</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'52:54:00:12:34:56'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">ip</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> address</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'192.168.100.1'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> netmask</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'255.255.255.0'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">dhcp</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">range</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> start</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'192.168.100.2'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> end</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'192.168.100.254'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">dhcp</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">ip</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">network</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span></code></pre></figure>
</li>
<li>
<p><strong>定义并启动网络</strong></p>
<p>使用 <code>virsh</code> 命令定义并启动该网络:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> net-define</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> custom-net.xml</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> net-start</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> custom-net</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> net-autostart</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> custom-net</span></span></code></pre></figure>
</li>
<li>
<p><strong>查看自定义网络状态</strong></p>
<p>确认网络已启用:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> net-list</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --all</span></span></code></pre></figure>
</li>
</ol>
<p>在上面的 <code>custom-net.xml</code> 文件中,已经定义了 DHCP 范围:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="xml" data-theme="github-light github-dark"><code data-language="xml" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">ip</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> address</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'192.168.100.1'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> netmask</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'255.255.255.0'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">dhcp</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">range</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> start</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'192.168.100.2'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> end</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'192.168.100.254'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">dhcp</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">ip</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span></code></pre></figure>
<p>此配置表示:</p>
<ul>
<li><strong>网关地址</strong>192.168.100.1</li>
<li><strong>DHCP 范围</strong>192.168.100.2 到 192.168.100.254</li>
</ul>
<h3 id="networkmanager-创建自定义-nat-网络"><code>NetworkManager</code> 创建自定义 NAT 网络<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#networkmanager-创建自定义-nat-网络" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h3>
<ol>
<li>
<p><strong>确保 NetworkManager 已启用</strong></p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> systemctl</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> enable</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --now</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> NetworkManager</span></span></code></pre></figure>
</li>
<li>
<p><strong>创建 NetworkManager 桥接连接</strong></p>
<p>编辑 NetworkManager 配置文件,创建一个桥接网络(例如 <code>/etc/NetworkManager/system-connections/bridge-br1.nmconnection</code></p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="ini" data-theme="github-light github-dark"><code data-language="ini" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">[connection]</span></span>
<span data-line><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">id</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=bridge-br1</span></span>
<span data-line><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=bridge</span></span>
<span data-line><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">autoconnect</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=true</span></span>
<span data-line> </span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">[bridge]</span></span>
<span data-line><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">stp</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=true</span></span>
<span data-line> </span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">[ipv4]</span></span>
<span data-line><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">method</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=manual</span></span>
<span data-line><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">address1</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=192.168.100.1/24</span></span>
<span data-line> </span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">[ipv6]</span></span>
<span data-line><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">method</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=ignore</span></span></code></pre></figure>
</li>
<li>
<p><strong>重启 NetworkManager 服务</strong></p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> systemctl</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> restart</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> NetworkManager</span></span></code></pre></figure>
</li>
<li>
<p><strong>验证桥接网络</strong></p>
<p>确认新的桥接网络已创建并启用:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">nmcli</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> show</span></span></code></pre></figure>
</li>
</ol>
<h2 id="桥接网络">桥接网络<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#桥接网络" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h2>
<p>使用 NetworkManager 的 <code>nmcli</code> 命令来创建和配置桥接网络接口,并将物理接口绑定到网桥。</p>
<ol>
<li>
<p><strong>创建桥接接口</strong></p>
<p>使用 <code>nmcli</code> 命令创建一个新的桥接接口:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> nmcli</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> add</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> type</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> bridge</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> ifname</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> br0</span></span></code></pre></figure>
</li>
<li>
<p><strong>配置桥接接口的 IP 地址</strong></p>
<p>为桥接接口配置 IP 地址:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> nmcli</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> modify</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> br0</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> ipv4.addresses</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> 192.168.1.100/24</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> ipv4.method</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> manual</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> nmcli</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> modify</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> br0</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> ipv4.gateway</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> 192.168.1.1</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> nmcli</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> modify</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> br0</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> ipv4.dns</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> &quot;8.8.8.8,8.8.4.4&quot;</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> nmcli</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> modify</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> br0</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection.autoconnect</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> yes</span></span></code></pre></figure>
</li>
<li>
<p><strong>将物理接口绑定到桥接接口</strong></p>
<p>假设物理接口为 <code>eth0</code>,使用 <code>nmcli</code> 将其绑定到 <code>br0</code></p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> nmcli</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> add</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> type</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> ethernet</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> ifname</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> eth0</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> master</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> br0</span></span></code></pre></figure>
</li>
<li>
<p><strong>启用桥接接口</strong></p>
<p>启用桥接接口 <code>br0</code> 和物理接口 <code>eth0</code></p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> nmcli</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> up</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> br0</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> nmcli</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> up</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> eth0</span></span></code></pre></figure>
</li>
<li>
<p><strong>编辑虚拟机的 XML 配置文件</strong></p>
<p>假设虚拟机名称为 <code>testvm</code>,使用以下命令编辑其 XML 配置文件:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> edit</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> testvm</span></span></code></pre></figure>
</li>
<li>
<p><strong>添加桥接网络接口配置</strong></p>
<p><code>&lt;devices></code> 部分中添加以下内容,将 <code>br0</code> 作为桥接接口:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="xml" data-theme="github-light github-dark"><code data-language="xml" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">interface</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'bridge'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">mac</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> address</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'52:54:00:12:34:56'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">source</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> bridge</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'br0'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">model</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'virtio'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">address</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'pci'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> domain</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x0000'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> bus</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x00'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> slot</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x03'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> function</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x0'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">interface</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span></code></pre></figure>
</li>
<li>
<p><strong>保存并退出</strong></p>
<p>保存配置文件并退出编辑器。</p>
</li>
<li>
<p><strong>重启虚拟机</strong></p>
<p>重启虚拟机使新的网络配置生效:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> shutdown</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> testvm</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> start</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> testvm</span></span></code></pre></figure>
</li>
</ol>
<h2 id="内部网络">内部网络<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#内部网络" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h2>
<p>内部网络允许虚拟机之间进行通信,而无需通过外部网络。这种网络模式适用于需要隔离的测试环境或需要内部通信的应用。</p>
<ol>
<li>
<p><strong>创建内部网络 XML 配置文件</strong></p>
<p>首先,创建一个 XML 文件(如 <code>internal-net.xml</code>),定义内部网络的配置:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="xml" data-theme="github-light github-dark"><code data-language="xml" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">network</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">name</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">>internal-net&lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">name</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">forward</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> mode</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'none'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">bridge</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> name</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'virbr1'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> stp</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'on'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> delay</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">ip</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> address</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'192.168.200.1'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> netmask</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'255.255.255.0'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">dhcp</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">range</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> start</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'192.168.200.2'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> end</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'192.168.200.254'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">dhcp</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">ip</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">network</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span></code></pre></figure>
</li>
</ol>
<p>在上面的 XML 文件中,已定义网络名称为 <code>internal-net</code>IP 地址范围为 <code>192.168.200.2</code><code>192.168.200.254</code></p>
<ol start="2">
<li>
<p><strong>定义并启动网络</strong></p>
<p>使用 <code>virsh</code> 命令定义并启动内部网络:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> net-define</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> internal-net.xml</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> net-start</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> internal-net</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> net-autostart</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> internal-net</span></span></code></pre></figure>
</li>
<li>
<p>编辑虚拟机的 XML 配置文件:</p>
<pre><code>sudo virsh edit &lt;vm_name>
</code></pre>
</li>
<li>
<p><code>&lt;devices></code>部分中添加以下内容,将 <code>internal-net</code>作为网络接口:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="xml" data-theme="github-light github-dark"><code data-language="xml" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">interface</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'network'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">mac</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> address</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'52:54:00:12:34:56'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">source</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> network</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'internal-net'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">model</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'virtio'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">address</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'pci'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> domain</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x0000'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> bus</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x00'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> slot</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x03'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> function</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x0'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">interface</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span></code></pre></figure>
</li>
<li>
<p>保存并退出编辑器。</p>
</li>
<li>
<p>重启虚拟机使新的网络配置生效:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> shutdown</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> &lt;</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">vm_nam</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">e</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">></span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> start</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> &lt;</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">vm_nam</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">e</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">></span></span></code></pre></figure>
</li>
</ol>
<h2 id="仅主机网络">仅主机网络<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#仅主机网络" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h2>
<p>仅主机网络Host-only Network允许虚拟机与宿主机通信但不允许虚拟机与外部网络通信。这种网络模式适用于需要虚拟机与宿主机进行隔离通信的场景。</p>
<ol>
<li>
<p><strong>创建仅主机网络 XML 配置文件</strong></p>
<p>创建一个 XML 文件(如 <code>host-only-net.xml</code>),定义仅主机网络的配置:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="xml" data-theme="github-light github-dark"><code data-language="xml" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">network</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">name</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">>host-only-net&lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">name</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">forward</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> mode</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'none'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">bridge</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> name</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'virbr2'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> stp</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'on'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> delay</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">ip</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> address</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'192.168.150.1'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> netmask</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'255.255.255.0'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">dhcp</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">range</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> start</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'192.168.150.2'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> end</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'192.168.150.254'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">dhcp</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">ip</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">network</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span></code></pre></figure>
<p>在上面的 XML 文件中,已定义网络名称为 <code>host-only-net</code>IP 地址范围为 <code>192.168.150.2</code><code>192.168.150.254</code></p>
</li>
<li>
<p><strong>定义并启动网络</strong></p>
<p>使用 <code>virsh</code> 命令定义并启动仅主机网络:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="xml" data-theme="github-light github-dark"><code data-language="xml" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">sudo virsh net-define host-only-net.xml</span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">sudo virsh net-start host-only-net</span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">sudo virsh net-autostart host-only-net</span></span></code></pre></figure>
</li>
<li>
<p>编辑虚拟机的 XML 配置文件:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> edit</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> &lt;</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">vm_nam</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">e</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">></span></span></code></pre></figure>
</li>
<li>
<p><code>&lt;devices></code>部分中添加以下内容,将 <code>host-only-net</code> 作为网络接口:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="xml" data-theme="github-light github-dark"><code data-language="xml" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">interface</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'network'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">mac</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> address</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'52:54:00:12:34:56'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">source</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> network</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'host-only-net'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">model</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'virtio'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">address</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'pci'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> domain</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x0000'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> bus</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x00'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> slot</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x03'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> function</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x0'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">interface</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span></code></pre></figure>
</li>
<li>
<p>保存并退出编辑器。</p>
</li>
<li>
<p>重启虚拟机使新的网络配置生效:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="xml" data-theme="github-light github-dark"><code data-language="xml" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">sudo virsh shutdown &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">vm_name</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">sudo virsh start &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">vm_name</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span></code></pre></figure>
</li>
</ol>
<h2 id="高级网络功能">高级网络功能<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#高级网络功能" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h2>
<h3 id="vlan-配置">VLAN 配置<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#vlan-配置" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h3>
<p>使用 NetworkManager 和 <code>nmcli</code> 命令创建 VLAN 网络。</p>
<ol>
<li>
<p><strong>创建 VLAN 接口</strong></p>
<p>假设物理接口为 <code>eth0</code>VLAN ID 为 100VLAN 接口命名为 <code>eth0.100</code></p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> nmcli</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> add</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> type</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> vlan</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> con-name</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> vlan100</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> dev</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> eth0</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> id</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> 100</span></span></code></pre></figure>
</li>
<li>
<p><strong>配置 VLAN 接口 IP 地址</strong></p>
<p>为 VLAN 接口配置 IP 地址:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> nmcli</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> modify</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> vlan100</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> ipv4.addresses</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> 192.168.100.1/24</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> ipv4.method</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> manual</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> nmcli</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> modify</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> vlan100</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> ipv4.gateway</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> 192.168.100.254</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> nmcli</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> modify</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> vlan100</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> ipv4.dns</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> &quot;8.8.8.8,8.8.4.4&quot;</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> nmcli</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> up</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> vlan100</span></span></code></pre></figure>
</li>
<li>
<p><strong>使用 <code>virsh</code> 配置 VLAN 网络</strong></p>
<ol>
<li>编辑虚拟机的 XML 配置文件:</li>
</ol>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> edit</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> &lt;</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">vm_nam</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">e</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">></span></span></code></pre></figure>
<ol start="2">
<li><code>&lt;devices></code>部分中添加以下内容,将 <code>vlan100</code>作为网络接口:</li>
</ol>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="xml" data-theme="github-light github-dark"><code data-language="xml" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">interface</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'network'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">mac</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> address</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'52:54:00:12:34:56'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">source</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> network</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'vlan100'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">model</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'virtio'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">vlan</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">tag</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> id</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'100'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">vlan</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">address</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'pci'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> domain</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x0000'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> bus</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x00'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> slot</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x03'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> function</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x0'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">interface</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span></code></pre></figure>
<ol start="3">
<li>
<p>保存并退出编辑器。</p>
</li>
<li>
<p>重启虚拟机使新的网络配置生效:</p>
</li>
</ol>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="bash" data-theme="github-light github-dark"><code data-language="bash" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> shutdown</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> &lt;</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">vm_nam</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">e</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">></span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> start</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> &lt;</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">vm_nam</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">e</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">></span></span></code></pre></figure>
</li>
</ol>
<h3 id="配置虚拟机的多网卡">配置虚拟机的多网卡<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#配置虚拟机的多网卡" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h3>
<ol>
<li>编辑虚拟机的 XML 配置文件:</li>
</ol>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> edit</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> &lt;</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">vm_nam</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">e</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">></span></span></code></pre></figure>
<ol start="2">
<li><code>&lt;devices></code>部分中添加多个 <code>&lt;interface></code>元素,每个代表一个网络接口:</li>
</ol>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="xml" data-theme="github-light github-dark"><code data-language="xml" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">interface</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'network'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">mac</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> address</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'52:54:00:12:34:56'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">source</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> network</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'default'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">model</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'virtio'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">address</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'pci'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> domain</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x0000'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> bus</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x00'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> slot</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x03'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> function</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x0'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">interface</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">interface</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'network'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">mac</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> address</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'52:54:00:12:34:57'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">source</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> network</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'vlan100'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">model</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'virtio'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">address</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'pci'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> domain</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x0000'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> bus</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x00'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> slot</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x04'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> function</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x0'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">interface</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span></code></pre></figure>
<ol start="3">
<li>
<p>保存并退出编辑器。</p>
</li>
<li>
<p>重启虚拟机使新的网络配置生效:</p>
</li>
</ol>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> shutdown</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> &lt;</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">vm_nam</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">e</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">></span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> start</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> &lt;</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">vm_nam</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">e</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">></span></span></code></pre></figure>
<h3 id="配置网络带宽限制">配置网络带宽限制<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#配置网络带宽限制" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h3>
<ol>
<li>编辑虚拟机的 XML 配置文件:</li>
</ol>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> edit</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> &lt;</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">vm_nam</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">e</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">></span></span></code></pre></figure>
<ol start="2">
<li><code>&lt;interface></code> 元素中添加 <code>&lt;bandwidth></code> 元素,设置带宽限制参数,例如:</li>
</ol>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="xml" data-theme="github-light github-dark"><code data-language="xml" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">interface</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'network'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">mac</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> address</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'52:54:00:12:34:56'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">source</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> network</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'default'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">model</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'virtio'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">bandwidth</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">inbound</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> average</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'1000'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> peak</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'2000'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> burst</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'512'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">outbound</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> average</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'1000'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> peak</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'2000'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> burst</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'512'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">bandwidth</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">address</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'pci'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> domain</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x0000'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> bus</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x00'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> slot</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x03'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> function</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'0x0'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">interface</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span></code></pre></figure>
<p>以上配置将网络带宽限制为入站和出站各 1000 Kbps 平均速率2000 Kbps 峰值速率512 KB 突发流量。</p>
<ol start="3">
<li>
<p>保存并退出编辑器。</p>
</li>
<li>
<p>重启虚拟机使新的网络配置生效:</p>
</li>
</ol>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> shutdown</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> &lt;</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">vm_nam</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">e</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">></span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virsh</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> start</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> &lt;</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">vm_nam</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">e</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">></span></span></code></pre></figure>
<ul>
<li>
<p>在宿主机和虚拟机上安装 <code>iperf</code></p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> apt</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> install</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> iperf3</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"> # Ubuntu</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> yum</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> install</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> iperf3</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"> # CentOS/RHEL</span></span></code></pre></figure>
</li>
<li>
<p>在虚拟机上启动 <code>iperf</code> 服务端:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">iperf3</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -s</span></span></code></pre></figure>
</li>
<li>
<p>在宿主机上运行 <code>iperf</code> 客户端进行带宽测试:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">iperf3</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -c</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> &lt;</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">vm_ip_addres</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">s</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">></span></span></code></pre></figure>
</li>
<li>
<p>检查测试结果,验证带宽限制是否生效。</p>
</li>
</ul>
<p>通过以上步骤使用 NetworkManager 和 <code>nmcli</code> 命令配置 VLAN 网络、为虚拟机添加多个网卡,并使用 <code>virsh</code> 配置网络带宽限制。同时,可以通过 <code>iperf</code> 工具验证网络带宽限制的效果。</p>
<h2 id="管理和监控虚拟网络">管理和监控虚拟网络<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#管理和监控虚拟网络" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h2>
<h3 id="virsh-命令管理网络"><code>virsh</code> 命令管理网络<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#virsh-命令管理网络" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h3>
<div class="table-container"><table><thead><tr><th>命令</th><th>描述</th></tr></thead><tbody><tr><td><code>virsh net-list --all</code></td><td>列出所有虚拟网络</td></tr><tr><td><code>virsh net-info &lt;network></code></td><td>显示虚拟网络的信息</td></tr><tr><td><code>virsh net-dumpxml &lt;network></code></td><td>显示虚拟网络的 XML 配置</td></tr><tr><td><code>virsh net-create &lt;network.xml></code></td><td>创建虚拟网络</td></tr><tr><td><code>virsh net-destroy &lt;network></code></td><td>销毁虚拟网络</td></tr><tr><td><code>virsh net-start &lt;network></code></td><td>启动虚拟网络</td></tr><tr><td><code>virsh net-autostart &lt;network></code></td><td>设置虚拟网络开机自启</td></tr><tr><td><code>virsh net-undefine &lt;network></code></td><td>取消定义虚拟网络</td></tr><tr><td><code>virsh net-edit &lt;network></code></td><td>编辑虚拟网络的 XML 配置</td></tr><tr><td><code>virsh net-update &lt;network> &lt;command> &lt;section> &lt;xml></code></td><td>更新虚拟网络</td></tr><tr><td><code>virsh net-dhcp-leases &lt;network></code></td><td>列出网络的 DHCP 租约</td></tr></tbody></table></div>
<h3 id="监控网络性能">监控网络性能<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#监控网络性能" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h3>
<h4 id="使用-iftop-和-vnstat-等工具">使用 <code>iftop</code><code>vnstat</code> 等工具<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#使用-iftop-和-vnstat-等工具" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h4>
<ol>
<li>
<p><strong>安装 <code>iftop</code><code>vnstat</code></strong></p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"> # 在 Ubuntu 上</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> apt</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> install</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> iftop</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> vnstat</span></span>
<span data-line> </span>
<span data-line><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># 在 CentOS/RHEL 上</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> yum</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> install</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> iftop</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> vnstat</span></span></code></pre></figure>
</li>
<li>
<p><strong>使用 <code>iftop</code> 监控实时网络流量</strong></p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> iftop</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -i</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> &lt;</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">network_interfac</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">e</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">></span></span></code></pre></figure>
<p><code>iftop</code> 会显示实时的网络流量,包括发送和接收数据的主机 IP 和带宽使用情况。</p>
</li>
<li>
<p><strong>使用 <code>vnstat</code> 监控网络流量</strong></p>
<p>初始化 <code>vnstat</code>数据库:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> vnstat</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -u</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -i</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> &lt;</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">network_interfac</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">e</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;">></span></span></code></pre></figure>
<ul>
<li>
<p>查看实时流量:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> vnstat</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -l</span></span></code></pre></figure>
</li>
<li>
<p>查看流量统计:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> vnstat</span></span></code></pre></figure>
</li>
<li>
<p>查看详细流量统计:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> vnstat</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -d</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"> # 查看每日流量统计</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> vnstat</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -m</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"> # 查看每月流量统计</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> vnstat</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -t</span><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"> # 查看每小时流量统计</span></span></code></pre></figure>
</li>
</ul>
</li>
</ol>
<h4 id="分析网络流量和性能">分析网络流量和性能<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#分析网络流量和性能" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h4>
<ol>
<li><strong>分析流量数据</strong>
<ul>
<li>使用 <code>iftop</code><code>vnstat</code> 收集的流量数据,可以帮助识别网络瓶颈和高流量的主机。</li>
</ul>
</li>
<li><strong>优化网络配置</strong>
<ul>
<li>根据监控数据,优化虚拟网络的配置,例如调整网络带宽限制、优化网络拓扑结构等。</li>
</ul>
</li>
<li><strong>监控网络接口的性能</strong>
<ul>
<li>定期检查和分析网络接口的性能,确保虚拟网络的稳定性和高效运行。</li>
</ul>
</li>
</ol>
<h2 id="安全配置">安全配置<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#安全配置" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h2>
<h3 id="配置防火墙规则">配置防火墙规则<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#配置防火墙规则" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h3>
<h4 id="使用-iptables-配置防火墙">使用 <code>iptables</code> 配置防火墙<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#使用-iptables-配置防火墙" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h4>
<ol>
<li>
<p><strong>安装 <code>iptables</code></strong></p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># 在 CentOS/RHEL 上</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> yum</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> install</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> iptables-services</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> systemctl</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> enable</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --now</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> iptables</span></span>
<span data-line> </span>
<span data-line><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># 在 Ubuntu 上</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> apt</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> install</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> iptables</span></span></code></pre></figure>
</li>
<li>
<p><strong>配置基本规则</strong></p>
<p>允许虚拟机网络通信:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> iptables</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -A</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> FORWARD</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -i</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virbr0</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -o</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> eth0</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -j</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> ACCEPT</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> iptables</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -A</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> FORWARD</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -i</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> eth0</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -o</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> virbr0</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> -j</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> ACCEPT</span></span></code></pre></figure>
</li>
<li>
<p><strong>保存规则</strong></p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># 在 CentOS/RHEL 上</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> service</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> iptables</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> save</span></span>
<span data-line> </span>
<span data-line><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># 在 Ubuntu 上</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> iptables-save</span><span style="--shiki-light:#D73A49;--shiki-dark:#F97583;"> |</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> tee</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> /etc/iptables/rules.v4</span></span></code></pre></figure>
</li>
</ol>
<h4 id="配置-firewalld-管理规则">配置 <code>firewalld</code> 管理规则<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#配置-firewalld-管理规则" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h4>
<ol>
<li>
<p><strong>安装 <code>firewalld</code></strong></p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># 在 CentOS/RHEL 上</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> yum</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> install</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> firewalld</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> systemctl</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> enable</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --now</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> firewalld</span></span>
<span data-line> </span>
<span data-line><span style="--shiki-light:#6A737D;--shiki-dark:#6A737D;"># 在 Ubuntu 上</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> apt</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> install</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> firewalld</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> systemctl</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> enable</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --now</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> firewalld</span></span></code></pre></figure>
</li>
<li>
<p><strong>配置基本规则</strong></p>
<p>允许虚拟机网络通信:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> firewall-cmd</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --zone=public</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --add-interface=virbr0</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --permanent</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> firewall-cmd</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --zone=public</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --add-masquerade</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --permanent</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> firewall-cmd</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> --reload</span></span></code></pre></figure>
</li>
</ol>
<h3 id="网络隔离与访问控制">网络隔离与访问控制<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#网络隔离与访问控制" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h3>
<h4 id="使用-vlan-实现网络隔离">使用 VLAN 实现网络隔离<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#使用-vlan-实现网络隔离" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h4>
<ol>
<li>
<p><strong>创建 VLAN 接口</strong></p>
<p>使用 <code>nmcli</code>创建 VLAN 接口:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="shell" data-theme="github-light github-dark"><code data-language="shell" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> nmcli</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> add</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> type</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> vlan</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> con-name</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> vlan100</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> dev</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> eth0</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> id</span><span style="--shiki-light:#005CC5;--shiki-dark:#79B8FF;"> 100</span></span>
<span data-line><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;">sudo</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> nmcli</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> connection</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> modify</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> vlan100</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> ipv4.addresses</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> 192.168.100.1/24</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> ipv4.method</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;"> manual</span></span></code></pre></figure>
</li>
</ol>
<p>sudo nmcli connection up vlan100</p>
<pre><code>
2. **配置虚拟机使用 VLAN**
使用 `virt-manager` 或 `virsh` 配置虚拟机连接到 VLAN 网络。
#### 配置虚拟机访问控制列表ACL
1. **使用 `virsh` 配置 ACL**
为虚拟机创建网络 ACL 规则:
```shell
sudo virsh nwfilter-define /etc/libvirt/nwfilter/myfilter.xml
</code></pre>
<p>配置 <code>myfilter.xml</code>文件示例:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="xml" data-theme="github-light github-dark"><code data-language="xml" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">filter</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> name</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'myfilter'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> chain</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'ipv4'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">uuid</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">>...&lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">uuid</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">rule</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> action</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'accept'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> direction</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'in'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> priority</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'500'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">mac</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> address</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'52:54:00:12:34:56'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">rule</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">rule</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> action</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'drop'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> direction</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'in'</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> priority</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'1000'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">filter</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span></code></pre></figure>
<ol start="2">
<li>
<p><strong>应用 ACL 到虚拟机</strong></p>
<p>编辑虚拟机的 XML 配置文件,应用网络过滤器:</p>
<figure data-rehype-pretty-code-figure><pre tabindex="0" data-language="xml" data-theme="github-light github-dark"><code data-language="xml" data-theme="github-light github-dark" style="display:grid;"><span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">interface</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'network'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">mac</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> address</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'52:54:00:12:34:56'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">source</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> network</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'default'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">model</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> type</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'virtio'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;"> &lt;</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">filterref</span><span style="--shiki-light:#6F42C1;--shiki-dark:#B392F0;"> filter</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">=</span><span style="--shiki-light:#032F62;--shiki-dark:#9ECBFF;">'myfilter'</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">/></span></span>
<span data-line><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">&lt;/</span><span style="--shiki-light:#22863A;--shiki-dark:#85E89D;">interface</span><span style="--shiki-light:#24292E;--shiki-dark:#E1E4E8;">></span></span></code></pre></figure>
<p>重启虚拟机使 ACL 生效。</p>
</li>
</ol>
<h2 id="故障排查">故障排查<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#故障排查" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h2>
<h3 id="常见网络问题及解决方法">常见网络问题及解决方法<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#常见网络问题及解决方法" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h3>
<h4 id="虚拟机无法连接网络">虚拟机无法连接网络<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#虚拟机无法连接网络" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h4>
<ol>
<li><strong>检查虚拟机的网络配置</strong>
<ul>
<li>确认虚拟机的网络接口配置正确。</li>
<li>使用 <code>virsh dumpxml &lt;vm_name></code> 命令查看虚拟机的 XML 配置,确保 <code>&lt;interface></code> 部分配置正确。</li>
</ul>
</li>
<li><strong>检查虚拟网络状态</strong>
<ul>
<li>使用 <code>virsh net-list --all</code> 命令查看虚拟网络是否启动。</li>
<li>如果虚拟网络未启动,使用 <code>virsh net-start &lt;network_name></code> 启动虚拟网络。</li>
</ul>
</li>
<li><strong>检查宿主机的网络配置</strong>
<ul>
<li>确认宿主机的网络接口和桥接配置正确。</li>
<li>使用 <code>nmcli connection show</code> 命令查看 NetworkManager 的连接状态,确保相关接口已连接。</li>
</ul>
</li>
<li><strong>检查虚拟机的 IP 地址</strong>
<ul>
<li>登录到虚拟机,使用 <code>ip a</code> 命令查看虚拟机的 IP 地址是否正确分配。</li>
<li>如果未分配 IP 地址,检查 DHCP 配置是否正确。</li>
</ul>
</li>
</ol>
<h4 id="网络性能问题">网络性能问题<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#网络性能问题" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h4>
<ol>
<li><strong>检查网络带宽限制</strong>
<ul>
<li>确认是否为虚拟机配置了带宽限制。</li>
<li>使用 <code>virsh edit &lt;vm_name></code> 命令检查 <code>&lt;bandwidth></code> 配置。</li>
</ul>
</li>
<li><strong>检查网络流量</strong>
<ul>
<li>使用 <code>iftop</code><code>vnstat</code> 等工具监控网络流量,识别高流量主机和瓶颈。</li>
</ul>
</li>
<li><strong>优化网络配置</strong>
<ul>
<li>调整虚拟机的网络接口配置,例如使用 Virtio 网络驱动以提高性能。</li>
<li>使用桥接网络模式,确保虚拟机与物理网络的高效通信。</li>
</ul>
</li>
</ol>
<h3 id="日志查看与分析">日志查看与分析<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#日志查看与分析" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h3>
<h4 id="查看-libvirt-网络日志">查看 <code>libvirt</code> 网络日志<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#查看-libvirt-网络日志" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h4>
<ol>
<li><strong>libvirt 日志路径</strong>
<ul>
<li>在 CentOS/RHEL 上,<code>libvirt</code> 日志通常位于 <code>/var/log/libvirt/</code> 目录下。</li>
<li>在 Ubuntu 上,<code>libvirt</code> 日志通常位于 <code>/var/log/libvirt/</code> 目录下。</li>
</ul>
</li>
<li><strong>查看网络日志</strong>
<ul>
<li>使用 <code>tail -f /var/log/libvirt/libvirtd.log</code> 命令查看实时日志。</li>
<li>使用 <code>grep</code> 命令筛选关键字以查找特定问题,例如 <code>grep &quot;network&quot; /var/log/libvirt/libvirtd.log</code></li>
</ul>
</li>
</ol>
<h4 id="使用系统日志进行排查">使用系统日志进行排查<a role="anchor" aria-hidden="true" tabindex="-1" data-no-popover="true" href="#使用系统日志进行排查" class="internal"><svg width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M10 13a5 5 0 0 0 7.54.54l3-3a5 5 0 0 0-7.07-7.07l-1.72 1.71"></path><path d="M14 11a5 5 0 0 0-7.54-.54l-3 3a5 5 0 0 0 7.07 7.07l1.71-1.71"></path></svg></a></h4>
<ol>
<li><strong>查看系统日志</strong>
<ul>
<li>使用 <code>journalctl</code> 命令查看系统日志,例如 <code>journalctl -u libvirtd</code> 查看 <code>libvirtd</code> 服务的日志。</li>
</ul>
</li>
<li><strong>检查网络相关日志</strong>
<ul>
<li>使用 <code>dmesg</code> 命令查看内核日志,查找与网络相关的错误信息。</li>
</ul>
</li>
</ol></article><hr/><div class="page-footer"></div></div><div class="right sidebar"><div class="graph"><h3>关系图谱</h3><div class="graph-outer"><div id="graph-container" data-cfg="{&quot;drag&quot;:true,&quot;zoom&quot;:true,&quot;depth&quot;:1,&quot;scale&quot;:1.1,&quot;repelForce&quot;:0.5,&quot;centerForce&quot;:0.3,&quot;linkDistance&quot;:30,&quot;fontSize&quot;:0.6,&quot;opacityScale&quot;:1,&quot;showTags&quot;:true,&quot;removeTags&quot;:[],&quot;focusOnHover&quot;:false}"></div><button id="global-graph-icon" aria-label="Global Graph"><svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 55 55" fill="currentColor" xml:space="preserve"><path d="M49,0c-3.309,0-6,2.691-6,6c0,1.035,0.263,2.009,0.726,2.86l-9.829,9.829C32.542,17.634,30.846,17,29,17
s-3.542,0.634-4.898,1.688l-7.669-7.669C16.785,10.424,17,9.74,17,9c0-2.206-1.794-4-4-4S9,6.794,9,9s1.794,4,4,4
c0.74,0,1.424-0.215,2.019-0.567l7.669,7.669C21.634,21.458,21,23.154,21,25s0.634,3.542,1.688,4.897L10.024,42.562
C8.958,41.595,7.549,41,6,41c-3.309,0-6,2.691-6,6s2.691,6,6,6s6-2.691,6-6c0-1.035-0.263-2.009-0.726-2.86l12.829-12.829
c1.106,0.86,2.44,1.436,3.898,1.619v10.16c-2.833,0.478-5,2.942-5,5.91c0,3.309,2.691,6,6,6s6-2.691,6-6c0-2.967-2.167-5.431-5-5.91
v-10.16c1.458-0.183,2.792-0.759,3.898-1.619l7.669,7.669C41.215,39.576,41,40.26,41,41c0,2.206,1.794,4,4,4s4-1.794,4-4
s-1.794-4-4-4c-0.74,0-1.424,0.215-2.019,0.567l-7.669-7.669C36.366,28.542,37,26.846,37,25s-0.634-3.542-1.688-4.897l9.665-9.665
C46.042,11.405,47.451,12,49,12c3.309,0,6-2.691,6-6S52.309,0,49,0z M11,9c0-1.103,0.897-2,2-2s2,0.897,2,2s-0.897,2-2,2
S11,10.103,11,9z M6,51c-2.206,0-4-1.794-4-4s1.794-4,4-4s4,1.794,4,4S8.206,51,6,51z M33,49c0,2.206-1.794,4-4,4s-4-1.794-4-4
s1.794-4,4-4S33,46.794,33,49z M29,31c-3.309,0-6-2.691-6-6s2.691-6,6-6s6,2.691,6,6S32.309,31,29,31z M47,41c0,1.103-0.897,2-2,2
s-2-0.897-2-2s0.897-2,2-2S47,39.897,47,41z M49,10c-2.206,0-4-1.794-4-4s1.794-4,4-4s4,1.794,4,4S51.206,10,49,10z"></path></svg></button></div><div id="global-graph-outer"><div id="global-graph-container" data-cfg="{&quot;drag&quot;:true,&quot;zoom&quot;:true,&quot;depth&quot;:-1,&quot;scale&quot;:0.9,&quot;repelForce&quot;:0.5,&quot;centerForce&quot;:0.3,&quot;linkDistance&quot;:30,&quot;fontSize&quot;:0.6,&quot;opacityScale&quot;:1,&quot;showTags&quot;:true,&quot;removeTags&quot;:[],&quot;focusOnHover&quot;:true}"></div></div></div><div class="toc desktop-only"><button type="button" id="toc" class aria-controls="toc-content" aria-expanded="true"><h3>目录</h3><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="fold"><polyline points="6 9 12 15 18 9"></polyline></svg></button><div id="toc-content" class><ul class="overflow"><li class="depth-0"><a href="#kvm-网络基础" data-for="kvm-网络基础">KVM 网络基础</a></li><li class="depth-0"><a href="#kvm-网络安装与准备" data-for="kvm-网络安装与准备">KVM 网络安装与准备</a></li><li class="depth-1"><a href="#安装-networkmanager" data-for="安装-networkmanager">安装 NetworkManager</a></li><li class="depth-1"><a href="#配置系统网络支持" data-for="配置系统网络支持">配置系统网络支持</a></li><li class="depth-1"><a href="#示例配置文件" data-for="示例配置文件">示例配置文件</a></li><li class="depth-1"><a href="#其他注意事项" data-for="其他注意事项">其他注意事项</a></li><li class="depth-0"><a href="#nat-网络" data-for="nat-网络">NAT 网络</a></li><li class="depth-1"><a href="#virsh-创建自定义-nat-网络" data-for="virsh-创建自定义-nat-网络">virsh 创建自定义 NAT 网络</a></li><li class="depth-1"><a href="#networkmanager-创建自定义-nat-网络" data-for="networkmanager-创建自定义-nat-网络">NetworkManager 创建自定义 NAT 网络</a></li><li class="depth-0"><a href="#桥接网络" data-for="桥接网络">桥接网络</a></li><li class="depth-0"><a href="#内部网络" data-for="内部网络">内部网络</a></li><li class="depth-0"><a href="#仅主机网络" data-for="仅主机网络">仅主机网络</a></li><li class="depth-0"><a href="#高级网络功能" data-for="高级网络功能">高级网络功能</a></li><li class="depth-1"><a href="#vlan-配置" data-for="vlan-配置">VLAN 配置</a></li><li class="depth-1"><a href="#配置虚拟机的多网卡" data-for="配置虚拟机的多网卡">配置虚拟机的多网卡</a></li><li class="depth-1"><a href="#配置网络带宽限制" data-for="配置网络带宽限制">配置网络带宽限制</a></li><li class="depth-0"><a href="#管理和监控虚拟网络" data-for="管理和监控虚拟网络">管理和监控虚拟网络</a></li><li class="depth-1"><a href="#virsh-命令管理网络" data-for="virsh-命令管理网络">virsh 命令管理网络</a></li><li class="depth-1"><a href="#监控网络性能" data-for="监控网络性能">监控网络性能</a></li><li class="depth-0"><a href="#安全配置" data-for="安全配置">安全配置</a></li><li class="depth-1"><a href="#配置防火墙规则" data-for="配置防火墙规则">配置防火墙规则</a></li><li class="depth-1"><a href="#网络隔离与访问控制" data-for="网络隔离与访问控制">网络隔离与访问控制</a></li><li class="depth-0"><a href="#故障排查" data-for="故障排查">故障排查</a></li><li class="depth-1"><a href="#常见网络问题及解决方法" data-for="常见网络问题及解决方法">常见网络问题及解决方法</a></li><li class="depth-1"><a href="#日志查看与分析" data-for="日志查看与分析">日志查看与分析</a></li></ul></div></div><div class="explorer mobile-only"><button type="button" id="explorer" data-behavior="collapse" data-collapsed="collapsed" data-savestate="true" data-tree="[{&quot;path&quot;:&quot;Personal&quot;,&quot;collaps
</script><script type="module">
let mermaidImport = undefined
document.addEventListener('nav', async () => {
if (document.querySelector("code.mermaid")) {
mermaidImport ||= await import('https://cdnjs.cloudflare.com/ajax/libs/mermaid/10.7.0/mermaid.esm.min.mjs')
const mermaid = mermaidImport.default
const darkMode = document.documentElement.getAttribute('saved-theme') === 'dark'
mermaid.initialize({
startOnLoad: false,
securityLevel: 'loose',
theme: darkMode ? 'dark' : 'default'
})
await mermaid.run({
querySelector: '.mermaid'
})
}
});
</script><script src="https://cdnjs.cloudflare.com/ajax/libs/KaTeX/0.16.9/contrib/copy-tex.min.js" type="application/javascript"></script><script src="../../../../postscript.js" type="module"></script></html>