Red Hat TrainingA Red Hat training course is available for RHEL 8 Show
For your virtual machines (VMs) to connect over a network to your host, to other VMs on your host, and to locations on an external network, the VM networking must be configured accordingly. To provide VM networking, the RHEL 8 hypervisor and newly created VMs have a default network configuration, which can also be modified further. For example:
The following sections explain the various types of VM network configuration and provide instructions for setting up selected VM network configurations. 13.1. Understanding virtual networkingThe connection of virtual machines (VMs) to other devices and locations on a network has to be facilitated by the host hardware. The following sections explain the mechanisms of VM network connections and describe the default VM network setting. 13.1.1. How virtual networks workVirtual networking uses the concept of a virtual network switch. A virtual network switch is a software construct that operates on a host machine. VMs connect to the network through the virtual network switch. Based on the configuration of the virtual switch, a VM can use an existing virtual network managed by the hypervisor, or a different network connection method. The following figure shows a virtual network switch connecting two VMs to the network: From the perspective of a guest operating system, a virtual network connection is the same as a physical network connection. Host machines view virtual network switches as network interfaces. When the To view information about this interface, use the $ ip addr show virbr0
3: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state
UNKNOWN link/ether 1b:c4:94:cf:fd:17 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 By default, all VMs on a single host are connected to the same NAT-type virtual network, named default, which uses the virbr0 interface. For details, see Virtual networking default configuration. For basic
outbound-only network access from VMs, no additional network setup is usually needed, because the default network is installed along with the If a different VM network functionality is needed, you can create additional virtual networks and network interfaces and configure your VMs to use them. In addition to the default NAT, these networks and interfaces can be configured to use one of the following modes:
13.1.2. Virtual networking default configuration When the
The following diagram illustrates the default VM network configuration: 13.2. Using the web console for managing virtual machine network interfacesUsing the RHEL 8 web console, you can manage the virtual network interfaces for the virtual machines to which the web console is connected. You can:
13.2.1. Viewing and editing virtual network interface information in the web consoleUsing the RHEL 8 web console, you can view and modify the virtual network interfaces on a selected virtual machine (VM): Procedure
13.2.2. Adding and connecting virtual network interfaces in the web consoleUsing the RHEL 8 web console, you can create a virtual network interface and connect a virtual machine (VM) to it. Procedure
13.2.3. Disconnecting and removing virtual network interfaces in the web consoleUsing the RHEL 8 web console, you can disconnect the virtual network interfaces connected to a selected virtual machine (VM). Procedure
13.3. Recommended virtual machine networking configurationsIn many scenarios, the default VM networking configuration is sufficient. However, if adjusting the configuration is required, you can use the command-line interface (CLI) or the RHEL 8 web console to do so. The following sections describe selected VM network setups for such situations. 13.3.1. Configuring externally visible virtual machines using the command-line interface By default, a newly created VM connects to a NAT-type network that uses If you require a VM to appear on the same external network as the hypervisor, you must use bridged mode instead. To do so, attach the VM to a bridge device connected to the hypervisor’s physical network device. To use the command-line interface for this, follow the instructions below. Prerequisites
Procedure
Verification
Troubleshooting
13.3.2. Configuring externally visible virtual machines using the web console By default, a newly created VM connects to a NAT-type network that uses If you require a VM to appear on the same external network as the hypervisor, you must use bridged mode instead. To do so, attach the VM to a bridge device connected to the hypervisor’s physical network device. To use the RHEL 8 web console for this, follow the instructions below. Prerequisites
Procedure
Verification
Troubleshooting
To work around this problem, you can set destination NAT using 13.4. Types of virtual machine network connectionsTo modify the networking properties and behavior of your VMs, change the type of virtual network or interface the VMs use. The following sections describe the connection types available to VMs in RHEL 8. 13.4.1. Virtual networking with network address translationBy default, virtual network switches operate in network address translation (NAT) mode. They use IP masquerading rather than Source-NAT (SNAT) or Destination-NAT (DNAT). IP masquerading enables connected VMs to use the host machine’s IP address for communication with any external network. When the virtual network switch is operating in NAT mode, computers external to the host cannot communicate with the VMs inside the host. Virtual network switches use NAT configured by firewall rules. Editing these rules while the switch is running is not recommended, because incorrect rules may result in the switch being unable to communicate. 13.4.2. Virtual networking in routed modeWhen using Routed mode, the virtual switch connects to the physical LAN connected to the host machine, passing traffic back and forth without the use of NAT. The virtual switch can examine all traffic and use the information contained within the network packets to make routing decisions. When using this mode, the virtual machines (VMs) are all in a single subnet, separate from the host machine. The VM subnet is routed through a virtual switch, which exists on the host machine. This enables incoming connections, but requires extra routing-table entries for systems on the external network. Routed mode uses routing based on the IP address: A common topology that uses routed mode is virtual server hosting (VSH). A VSH provider may have several host machines, each with two physical network connections. One interface is used for management and accounting, the other for the VMs to connect through. Each VM has its own public IP address, but the host machines use private IP addresses so that only internal administrators can manage the VMs. + image::vn-10-routed-mode-datacenter.png[] 13.4.3. Virtual networking in bridged mode In most VM networking modes, VMs automatically create and connect to the Bridged mode uses connection switching based on the MAC address: In bridged mode, the VM appear within the same subnet as the host machine. All other physical machines on the same physical network can detect the VM and access it. Bridged network bonding It is possible to use multiple physical bridge interfaces on the hypervisor by joining them together with a bond. The bond can then be added to a bridge, after which the VMs can be added to the bridge as well. However, the bonding driver has several modes of operation, and not all of these modes work with a bridge where VMs are in use. The following bonding modes are usable:
In contrast, using modes 0, 3, 5, or 6 is likely to cause the connection to fail. Also note that media-independent interface (MII) monitoring should be used to monitor bonding modes, as Address Resolution Protocol (ARP) monitoring does not work correctly. For more information on bonding modes, refer to the Red Hat Knowledgebase. Common scenarios The most common use cases for bridged mode include:
13.4.4. Virtual networking in isolated mode
When using isolated mode, virtual machines connected to the virtual switch can communicate with each other and with the host machine, but their traffic will not pass outside of the host machine, and they cannot receive traffic from outside the host machine. Using 13.4.5. Virtual networking in open mode When using open mode for networking, 13.4.6. Comparison of virtual machine connection typesThe following table provides information about the locations to which selected types of virtual machine (VM) network configurations can connect, and to which they are visible. Table 13.1. Virtual machine connection types
13.5. Booting virtual machines from a PXE server Virtual machines (VMs) that use Preboot Execution Environment (PXE) can boot and load their configuration from a network. This chapter describes how to use
These procedures are provided only as an example. Ensure that you have sufficient backups before proceeding. 13.5.1. Setting up a PXE boot server on a virtual network This procedure describes how to configure a Prerequisites
Procedure
Verification
13.5.2. Booting virtual machines using PXE and a virtual networkTo boot virtual machines (VMs) from a Preboot Execution Environment (PXE) server available on a virtual network, you must enable PXE booting. Procedure
Verification
13.5.3. Booting virtual machines using PXE and a bridged networkTo boot virtual machines (VMs) from a Preboot Execution Environment (PXE) server available on a bridged network, you must enable PXE booting. Prerequisites
Procedure
Verification
13.6. Additional resources
What mode is it when a vNIC accesses a physical network using the host machine's NIC?This virtual machine network connection type is where a vNIC accesses a physical network using the host machine's NIC. In other words, the virtual interface and thephysical interface are bridged.
How does a vNIC virtual NIC get a MAC address without manual intervention?How does a vNIC get a MAC address? Every vNIC is automatically assigned with a MAC address. Subnetting operates at Layer while VLANs function at Layer.
Which feature allows virtual machines to change the source MAC address in outgoing packets to the one that is not assigned to them?MAC address spoofing allows virtual machines to change the source MAC address in outgoing packets to one that is not assigned to them.
What is the name of the hypervisor that comes with vSphere?VMware ESXi, also called VMware ESXi Server, is a bare-metal hypervisor developed by VMware for vSphere. ESXi is one of the primary components in the VMware infrastructure software suite. ESXi is a Type 1 hypervisor, meaning it runs directly on system hardware without the need for an OS.
|