参考:
http://libvirt.org/formatnetwork.html#examplesNAT
NAT based network
This example is the so called "default" virtual network. It is provided and enabled out-of-the-box for all libvirt installations. This is a configuration that allows guest OS to get outbound connectivity regardless of whether the host uses ethernet, wireless, dialup, or VPN networking without requiring any specific admin configuration. In the absence of host networking, it at least allows guests to talk directly to each other.
NAT(Network Address Translation)表示共享主机的IP地址,虚拟机的IP被翻译为好像是宿主机的公有IP一样,即使这个宿主机只允许有一个公有IP, 那该宿主机上的多台虚拟机都可以访问物理网络,虚拟机上的请求根据宿主机的路由转发。NAT mode will mask all network activity as if it came from your Host OS, although the VM can access external resources.
<network>
<name>default</name>
<bridge name="virbr0" />
<forward mode="nat"/>
<ip address="192.168.122.1" netmask="255.255.255.0">
<dhcp>
<range start="192.168.122.2" end="192.168.122.254" />
</dhcp>
</ip>
<ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" />
</network>
Routed network config
This is a variant on the default network which routes traffic from the virtual network to the LAN without applying any NAT. It requires that the IP address range be pre-configured in the routing tables of the router on the host network. This example further specifies that guest traffic may only go out via the eth1 host network device.
效果近似于NAT,但是需要提前在物理网的路由器上配置该IP段的转发。例如下面IP段只能通过eth1转发出去。
<network>
<name>local</name>
<bridge name="virbr1" />
<forward mode="route" dev="eth1"/>
<ip address="192.168.122.1" netmask="255.255.255.0">
<dhcp>
<range start="192.168.122.2" end="192.168.122.254" />
</dhcp>
</ip>
<ip family="ipv6" address="2001:db8:ca2:2::1" prefix="64" />
</network>
Isolated network config
This variant provides a completely isolated private network for guests. The guests can talk to each other, and the host OS, but cannot reach any other machines on the LAN, due to the omission of the forward element in the XML description.
仅主机方式:宿主机上的多台guests相互可以通信,和宿主机也可以通信,但是和LAN上的其他机器不能通信(没有 forward字段)
<network>
<name>private</name>
<bridge name="virbr2" />
<ip address="192.168.152.1" netmask="255.255.255.0">
<dhcp>
<range start="192.168.152.2" end="192.168.152.254" />
</dhcp>
</ip>
<ip family="ipv6" address="2001:db8:ca2:3::1" prefix="64" />
</network>
Using an existing host bridge
Since 0.9.4 This shows how to use a pre-existing host bridge "br0". The guests will effectively be directly connected to the physical network (i.e. their IP addresses will all be on the subnet of the physical network, and there will be no restrictions on inbound or outbound connections).
该bridge可以是an existing host bridge 或者 an existing Open vSwitch bridge t
<network>
<name>host-bridge</name>
<forward mode="bridge"/>
<bridge name="br0"/>
</network>
qemu-system-x86_64 -hda /path/to/hda.img -net nic,macaddr=$macaddress -net tap另外kvm还有一种方式:qemu-system-x86_64 -hda /path/to/hda.img -net nic -net userUse case:
- You want a simple way for your virtual machine to access to the host, to the internet or to resources available on your local network.
- You don't need to access your guest from the network or from another guest.
- You are ready to take a huge performance hit.
- Warning: User networking does not support a number of networking features like ICMP. Certain applications (like ping) may not function properly.