Szymon Niedźwiedź 2023/11/14

Networking

Configuring networking will allow easy sharing of files through SMB.

Why additional router device is used?

VMs and HOST behave like they are in same home-network this improves efficiency, when sharing files and accessing some services.
Isolates VM behind OpenWRT NAT for additional security, bandwidth may be limited.

If reaching ultra-low latencies is a priority, then router doesn’t have to be used as default gateway and may serve to access LAN only.

Middle-layer between HOST and GUEST

Semi-automatic

I created a package that install service which creates bridge for virtual devices.

Enabling virtual bridge

Remember to activate virtual bridge service after installing the package

# systemctl enable --now hcinfo-vm-net.service

Manually

Visit this article

Downloading firmware

Router firmware may be downloaded from OpenWRT website, path to images for 22.03.5 version https://downloads.openwrt.org/releases/22.03.5/targets/x86/64/ simplest way is to use *generic-ext4-combined-efi.img as it boots up out of the box.

gzip -d openwrt-*.img.gz
sudo mkdir -p /var/lib/libvirt/iso
sudo cp openwrt-*.img /var/lib/libvirt/iso
sudo mv openwrt-*.img /var/lib/libvirt/images/router.img

Very important

It is very important to setup first NIC to vm-bridge and setup to default NAT network before booting router first time as it will autoconfigure easily

OpenWRT configuration

When booting first time, user won’t have access to router web interface. It is connected to vm-bridge, but it does’nt have proper address at this moment. Proper address must be set up through VM text interface.

Step 1

Create a new virtual machine (Step 1) - Manual install

Manula install, architecture x86_64

Step 2

Create a new virtual machine (Step 2) - OS: Generic Linux 2022

Choose OS.

Step 3

Create a new virtual machine (Step 3) - Memory: 1024MiB, CPU: 1

Step 4

Create a new virtual machine (Step 4) - Enable Storage, Select or create custom storage: /var/lib/libvirt/images/router.img

Step 5

Create a new virtual machine (Step 5) - Name: router, Customize configuration before install, Network selection: Bridge device (vm-bridge)

Activate virtual network

Create a new virtual machine (Step 5) - Virtual Network is not active -> Select Yes

Edit domain

Pre install domain configuration - name: router, chipset: Q35, Firmware: BIOS

Add NAT as second device

OpenWRT treats first NIC as LAN (vm-bridge) Second NIC is NAT, which is WAN by default this way, the only thing to change will be IP address and root password of OpenWRT router after installation

Add New Virtual Hardware -> Add NIC with Virtual Network ‘default’: NAT

Restart router

Reboot router domain

Set root password

virt-manager router console: set root password using passwd

Change default gateway

Configuration should look like this: virt-manager router console: cat /etc/network before change Default gateway needs to be changed from 192.168.1.1 to 10.100.100.1

Reload network services

service network restart

Router XML

Relevant part of router configuration amd64 arch, 1GiB of RAM, 1 pinned core, AMD specific CPU flags, and combined efi img is used.

<domain type="kvm">
  <name>router</name>
  ...
  <vcpu placement="static">1</vcpu>
  <cputune>
    <vcpupin vcpu="0" cpuset="3"/>
    <emulatorpin cpuset="0-1"/>
  </cputune>
  ...
  <cpu mode="host-passthrough" check="none" migratable="on">
    <topology sockets="1" dies="1" cores="1" threads="1"/>
    <feature policy="require" name="topoext"/>
    <feature policy="require" name="invtsc"/>
  </cpu>
  ...
  <devices>
  ...
  </devices>
</domain>

Web interface

firefox: 10.100.100.1 - LuCI web interface - Login page

OpenWRT web configuration

OpenWRT is the only device that is connected to NAT, it is also connected to vm-bridge. When VMs connect to vm-bridge they get an IP address from OpenWRT router and it will serve as a default gateway for all their networking.

Interfaces configuration
Interfaces configuration(2)
NAT configuration
DHCP in OpenWRT is used for static IP assignment