Re: [Qemu-devel] [Qemu-discuss] changing from net to netdev with vde switches and double nics

Re: [Qemu-devel] [Qemu-discuss] changing from net to netdev with vde switches and double nics

[Thomas Huth]

 Hi,

On 28.08.2017 15:58, Paolo wrote:
> Hello everyone,
> 
> I'm at loss as to how to translate from net to netdev syntax the following lines:
> 
> NET0="-net vde,vlan=0,sock=/var/run/vde.ctl00 -net nic,vlan=0,model=rtl8139,macaddr=$NIC0MAC -net tap,vlan=0,ifname=pub2,script=no,downscript=no"
> 
> NET1="-net vde,vlan=1,sock=/var/run/vde.ctl01 -net nic,vlan=1,model=rtl8139,macaddr=$NIC1MAC -net tap,vlan=1,ifname=prv2,script=no,downscript=no"
> 
> Usage for lines above is: qemu blah blah blah $NET0 $NET1 blah blah
> (obviously NIC0MAC and NIC1MAC are declared before in the script)
> 
> these syntax, which has been working flawlessly for ages on my pc, creates two network cards (pubX, prvX) for each one of my virtual machines. Each of the two network cards is attached to a vde switch, so all of pubX cards (X is the machine) are attached to vsw0 (virtaul switch 0) and all of prvX cards are attached to vsw1. The rationale behind this is to attach each qemu machine to a private vlan (172.16.y.z) and to a public vlan (192.168.w.t) at the same time.
> This way the public lan is used when connected to the internet, the private lan works always (i.e. with the router inaccessible) for accessing samba directories on the host (of course, firewalled, ip restricted and so on).
> 
> Translation from net to netdev is simple for the nic (-device) part and for the tap part alike, but how can I tell qemu that the vdeswitch with socket /var/run/vde.ctl00 belongs to the same virtual lan of tap pub2 with device rtl8139 and mac address NIC0MAC?
> 
> Translating from net to netdev we lose the vlan=X info.

That's interesting, I think you're the first person I know in months or
even years who really seems to be using the vlan=x parameter (with x >=
1)...

You're right, you can not translate your setup 1:1 to -netdev anymore,
since there are no 'vlan's (or rather hubs, since 'vlan' is rather a
misnomer here) available with the -netdev parameter.

Question is: Why do you need it at all? I see your point that you want
to have two network cards, but why does each NIC has to be wired to two
host networks (vde *and* tap)? Isn't it sufficient if you connect each
NIC to one VDE network?

 Thomas

Re: [Qemu-devel] [Qemu-discuss] changing from net to netdev with vde switches and double nics

[Thomas Huth]

On 29.08.2017 21:22, Paolo wrote:
> 
> ----------------------------------------------------------------------
>> On Tue, 29 Aug 2017 11:48:20 +0200
>> Thomas Huth <thuth@redhat.com> wrote:
> [cut]
>> That's interesting, I think you're the first person I know in months or
>> even years who really seems to be using the vlan=x parameter (with x >=
>> 1)...
> 
> I can't see any other way to realize this topology:
>                        
>              Internet---HOST--SambaServer
>                        |    |
>                        |    |
>                   pubNET    prvNET
>                   |         |
>    |--------------          |
>    |                        |
>  NIC0  NIC1-----------------|
>    |    |
>   machine_1                   ....  machine_N        
>> You're right, you can not translate your setup 1:1 to -netdev anymore,
>> since there are no 'vlan's (or rather hubs, since 'vlan' is rather a
>> misnomer here) available with the -netdev parameter.
> 
> This might be a problem for me, as I explain later 
>> Question is: Why do you need it at all? I see your point that you want
>> to have two network cards, but why does each NIC has to be wired to two
>> host networks (vde *and* tap)? Isn't it sufficient if you connect each
>> NIC to one VDE network?
> 
> Easily: by ignorance.

Deja vu ... this is actually one of the reasons why we want to get rid
of this "vlan" stuff in QEMU. Hardly anybody gets it really right, it
mainly causes confusion and mis-configurations.

> Writing that script (about 8 years ago) with almost zero knowledge of networking and difference between tap, vde (and much more stuff), made me rely on a Frankenstein-style patchwork from midnight readings of the various howtos on internet. Quite a mess and a long and painful trial-and-error race. Nor that today I might be regarded as an expert in networking, I didn't progress very much (and it' not my job anyway).
> 
> Back on topic, following your hint, I've tried just know that all I need is vde, and everything works fine:
> 
>  NET0="-net vde,vlan=0,sock=/var/run/vde.ctl00 -net nic,vlan=0,model=rtl8139,macaddr=$NIC0MAC"
>  NET1="-net vde,vlan=1,sock=/var/run/vde.ctl01 -net nic,vlan=1,model=rtl8139,macaddr=$NIC1MAC"
> 
> Now I guess this is impossbile to achieve with netdev?
> How may I tell to qemu that the guest's NIC0 has to be wired to the vde switch vde.ctl00 run on host has, and NIC1 to vde.ctl01?

It should be doable. Could you please try something like this:

 NET0="-netdev vde,id=v0,sock=/var/run/vde.ctl00 -device rtl8139,netdev=v0,mac=$NIC0MAC"
 NET1="-netdev vde,id=v1,sock=/var/run/vde.ctl01 -device rtl8139,netdev=v1,mac=$NIC1MAC"

I haven't tested it though, so you still might have to tweak it. Run qemu
with "-device rtl8139,?" to see the options of the rtl8139 device.

> Also hubport function is unclear to me. It reproduces the previous vlan concept, but it's left orphan, because no other devices seems to be made aware that hubportN exists, nor they can be wired to it.

You mean "-netdev hubport"? Forget about it, you don't need it. The hubport
is only required if you want to connect a device to a legacy "vlan" hub. In
your case, you should be fine without these legacy "vlan"s.

 HTH,
  Thomas