KVM的网络实验

KVM网络实验_桥接

1,环境

kvm-server-1:四张网卡,内网和外网各两张,eth1和eth0外网bound0,eth2和eth3做内网bound1,kvm-server内部bond0桥接到br0,bond1桥接到br1,vm1内部两张网卡一张桥接至br0,一张桥接至br1;vm2内部一张网卡桥接br1
kvm-server-2:四张网卡,内网和外网各两张,eth1和eth0内网bound0,eth2和eth3做外网bound1,kvm-server内部bond0桥接到br0,bond1桥接到br1,vm3内部两张网卡一张桥接至br0,一张桥接至br1;vm4内部一张网卡桥接br1


2,目的

kvm-server-1中的vm1可以为外部提供web服务,vm1中使用到mysql服务器,mysql服务器有由kvm-server-2的vm3提供


3,步骤

3.1,外部网络规划

kvm-server-1:添加四张网卡,两张为nat另外两张为仅主机 关闭VMware的dhcp服务
kvm-server-1:添加四张网卡,两张为nat另外两张为仅主机 关闭VMware的dhcp服务


3.2,基础环境准备

#初始化,同步时间
yum install -y chrony vim lrzsz tree tmux lsof tcpdump wget net-tools iotop bc bzip2 zip unzip nfs-utils man-pages bash-completion; systemctl enable --now chronyd; chronyc sources -v; hwclock -w; setenforce 0; systemctl disable --now firewalld; sed -Ei.bak 's@(^SELINUX=)(.*)@\1disabled@' /etc/selinux/config ;


3.3,创建虚拟机

3.3.1,基于pxe创建虚拟机准备环境

#安装pxe环境
[root@kvm-server-1 network-scripts]# ll /data/isos/
total 4194240
-rw-r--r-- 1 root root 4040851456 Aug 25 21:48 CentOS-7-x86_64-DVD-2003.iso
[root@kvm-server-1 network-scripts]# mkdir -pv /var/www/html/centos/7/os/x86_64
[root@kvm-server-1 network-scripts]# mount /data/isos/CentOS-7-x86_64-DVD-2003.iso /var/www/html/centos/7/os/x86_64
mount: /var/www/html/centos/7/os/x86_64: WARNING: device write-protected, mounted read-only.
[root@kvm-server-1 network-scripts]# dnf -y install dhcp-server tftp-server httpd syslinux-nonlinux
[root@kvm-server-1 network-scripts]# cat /etc/dhcp/dhcpd.conf
#
# DHCP Server Configuration file.
# see /usr/share/doc/dhcp-server/dhcpd.conf.example
# see dhcpd.conf(5) man page
#
option domain-name "a.org";
option domain-name-servers 180.76.76.76,223.6.6.6;
default-lease-time 600;
max-lease-time 7200;
log-facility local7;
subnet 10.1.1.0 netmask 255.255.255.0 {
range 10.1.1.100 10.1.1.200;
option routers 10.1.1.2;
next-server 10.1.1.59;
filename "pxelinux.0";
}
[root@kvm-server-1 network-scripts]# systemctl enable --now httpd tftp dhcpd

[root@kvm-server-1 network-scripts]# cp /usr/share/syslinux/{pxelinux.0,menu.c32} /var/lib/tftpboot/
[root@kvm-server-1 network-scripts]#cp /usr/share/syslinux/{ldlinux.c32,libcom32.c32,libutil.c32} /var/lib/tftpboot/
[root@kvm-server-1 network-scripts]# cp /var/www/html/centos/7/os/x86_64/isolinux/{vmlinuz,initrd.img} /var/lib/tftpboot/centos7
[root@kvm-server-1 ~]# vim /var/lib/tftpboot/pxelinux.cfg/default
Error detected while processing /root/.vimrc:
line 46:
E126: Missing :endfunction
Press ENTER or type command to continue
[root@kvm-server-1 ~]# cat /var/lib/tftpboot/pxelinux.cfg/default
default menu.c32
timeout 600
menu title Install CentOS Linux
label linux
menu default
menu label ^Auto Install CentOS Linux 7
kernel centos7/vmlinuz
append initrd=centos7/initrd.img quiet ks=http://10.1.1.49/ks/centos7.cfg
label rescue
menu label ^Rescue a CentOS Linux system
kernel centos7/vmlinuz
append initrd=centos7/initrd.img quiet ks=http://10.1.1.49/ks/centos7.cfg
quiet
label local
menu label Boot from ^local drive
localboot 0xffff
~
[root@kvm-server-1 ~]# cat /var/www/html/ks/centos7.cfg
#platform=x86, AMD64, or Intel EM64T
#version=DEVEL
# Install OS instead of upgrade
install
# Keyboard layouts
keyboard 'us'
# Root password
rootpw --iscrypted $1$t206J5fU$oTe6HgUIUWLVNQIpCBt8b/

# System language
lang zh_CN
# Firewall configuration
firewall --disabled
# System authorization information
auth --useshadow --passalgo=sha512
# Use network installation
url --url=http://10.1.1.49/centos/7/os/x86_64/

# Use graphical install
text
# SELinux configuration
selinux --disabled
# Do not configure the X Window System
skipx
# Run the Setup Agent on first boot
firstboot --enable
ignoredisk --only-use=vda
# Keyboard layouts
keyboard --vckeymap=us --xlayouts='us'
# System language
lang en_US.UTF-8

# Network information
network --bootproto=dhcp --device=ens33 --ipv6=auto --activate
# System services
services --disabled="chronyd"
# System timezone
timezone Asia/Shanghai --isUtc --nontp
# System bootloader configuration
bootloader --append="net.ifnames=0" --location=mbr --boot-drive=vda
# Partition clearing information
clearpart --none --initlabel
# Disk partitioning information
#part swap --fstype="swap" --ondisk=sda --size=2049
#part / --fstype="xfs" --ondisk=sda --size=10240
#part /boot --fstype="xfs" --ondisk=sda --size=1024

part swap --fstype="swap" --ondisk=vda --size=2048
part / --fstype="xfs" --ondisk=vda --size=10240
part /boot --fstype="xfs" --ondisk=vda --size=1024

%packages
@^minimal
@compat-libraries
@core
@debugging
@development
@security-tools
@smart-card
@system-admin-tools
kexec-tools

%end

%addon com_redhat_kdump --enable --reserve-mb='auto'

%end

%anaconda
pwpolicy root --minlen=6 --minquality=1 --notstrict --nochanges --notempty
pwpolicy user --minlen=6 --minquality=1 --notstrict --nochanges --emptyok
pwpolicy luks --minlen=6 --minquality=1 --notstrict --nochanges --notempty
%end

[root@kvm-server-1 network-scripts]#
[root@kvm-server-1 ~]# tree /var/lib/tftpboot/
/var/lib/tftpboot/
├── centos6
├── centos7
│ ├── initrd.img
│ └── vmlinuz
├── centos8
├── ldlinux.c32
├── libcom32.c32
├── libutil.c32
├── menu.c32
├── pxelinux.0
└── pxelinux.cfg
└── default

4 directories, 8 files
[root@kvm-server-1 ~]# killall dnsmasq; systemctl restart dhcpd


3.3.2,创建kvm-server内部网桥

#创建网桥 两台kvm-server做同样配置
[root@kvm-server-1 network-scripts]# cat ifcfg-virbr1
TYPE=bridge
NAME=virbr1
DEVICE=virbr1
ONBOOT=yes
BOOTPROTO=static
NETMASK=255.255.255.0
IPADDR=10.1.1.49
GATEWAY=10.1.1.2
DNS1=119.29.29.29
[root@kvm-server-1 network-scripts]# cat ifcfg-virbr2
TYPE=bridge
NAME=virbr2
DEVICE=virbr2
ONBOOT=yes
BOOTPROTO=static
NETMASK=255.255.255.0
IPADDR=192.168.17.9
GATEWAY=192.168.17.2
DNS1=119.29.29.29
[root@kvm-server-1 network-scripts]#
#将team桥接到网桥
[root@kvm-server-1 network-scripts]# cat ifcfg-kvm-team1
NAME=bond1
DEVICE=bond1
ONBOOT=yes
DEVICETYPE=bond
BOOTPROTO=none
BONDING_OPTS="mode=1 miimon=100"
BRIDGE=virbr2
[root@kvm-server-1 network-scripts]# cat ifcfg-kvm-team0
NAME=bond0
DEVICE=bond0
ONBOOT=yes
DEVICETYPE=bond
BOOTPROTO=none
BONDING_OPTS="mode=1 miimon=100"
BRIDGE=virbr1
#将网卡加入bond
[root@kvm-server-1 network-scripts]# cat ifcfg-team0-eth0
NAME=eth0
UUID=c6875ea5-20cf-4b28-a667-958f58feec3c
DEVICE=eth0
ONBOOT=yes
MASTER=bond0
SLAVE=yes

[root@kvm-server-1 network-scripts]# cat ifcfg-team0-eth1
NAME=eth1
UUID=d4313057-4ef8-495d-91af-2dd3f5b207f2
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=none
MASTER=bond0
SLAVE=yes

[root@kvm-server-1 network-scripts]# cat ifcfg-team1-eth2
NAME=eth2
DEVICE=eth2
ONBOOT=yes
MASTER=bond1
SLAVE=yes

[root@kvm-server-1 network-scripts]# cat ifcfg-team1-eth3-1
NAME=eth3
DEVICE=eth3
ONBOOT=yes
BOOTPROTO=none
MASTER=bond1
SLAVE=yes
UUID=0c76ba11-a2fe-3f1a-886b-63524e29bda9
[root@kvm-server-1 network-scripts]# nmcli connection reload
[root@kvm-server-1 network-scripts]# nmcli connection up kvm-team0
[root@kvm-server-1 network-scripts]# nmcli connection up kvm-team1
[root@kvm-server-1 network-scripts]# nmcli connection up virbr1
[root@kvm-server-1 network-scripts]# nmcli connection up virbr0

[root@kvm-server-1 network-scripts]# cat /proc/net/bonding/bond1
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: eth2
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth2
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:61:66:bb
Slave queue ID: 0

Slave Interface: eth3
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:61:66:c5
Slave queue ID: 0
[root@kvm-server-1 network-scripts]# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 27, 2011)

Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: eth0
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth0
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:61:66:a7
Slave queue ID: 0

Slave Interface: eth1
MII Status: up
Speed: 1000 Mbps
Duplex: full
Link Failure Count: 0
Permanent HW addr: 00:0c:29:61:66:b1
Slave queue ID: 0
[root@kvm-server-2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
link/ether 00:0c:29:9f:12:2b brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
link/ether 00:0c:29:9f:12:2b brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond1 state UP group default qlen 1000
link/ether 00:0c:29:9f:12:35 brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond1 state UP group default qlen 1000
link/ether 00:0c:29:9f:12:35 brd ff:ff:ff:ff:ff:ff
6: eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:9f:12:49 brd ff:ff:ff:ff:ff:ff
inet 10.1.1.59/24 brd 10.1.1.255 scope global noprefixroute eth4
valid_lft forever preferred_lft forever
inet6 fe80::bcbc:5c0c:a23e:92f5/64 scope link noprefixroute
valid_lft forever preferred_lft forever
7: virbr2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:0c:29:9f:12:35 brd ff:ff:ff:ff:ff:ff
inet 192.168.17.10/24 brd 192.168.17.255 scope global noprefixroute virbr2
valid_lft forever preferred_lft forever
8: virbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:0c:29:9f:12:2b brd ff:ff:ff:ff:ff:ff
inet 10.1.1.50/24 brd 10.1.1.255 scope global noprefixroute virbr1
valid_lft forever preferred_lft forever
11: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:c2:bd:2a brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
12: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:c2:bd:2a brd ff:ff:ff:ff:ff:ff
15: virbr3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 6a:c7:06:1c:7a:31 brd ff:ff:ff:ff:ff:ff
inet 10.1.1.99/24 brd 10.1.1.255 scope global noprefixroute virbr3
valid_lft forever preferred_lft forever
inet6 fe80::68c7:6ff:fe1c:7a31/64 scope link
valid_lft forever preferred_lft forever
16: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue master virbr1 state UP group default qlen 1000
link/ether 00:0c:29:9f:12:2b brd ff:ff:ff:ff:ff:ff
17: bond1: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue master virbr2 state UP group default qlen 1000
link/ether 00:0c:29:9f:12:35 brd ff:ff:ff:ff:ff:ff


3.3.3,创建并安装虚拟机

[root@kvm-server-1 network-scripts]# yum -y install qemu-kvm  libvirt libgcrypt  virt-manager virt-instal virt-viewer
[root@kvm-server-1 network-scripts]# qemu-img create -f qcow2 /var/lib/libvirt/images/centos7-pxe.qcow2 30G
Formatting '/var/lib/libvirt/images/centos7-pxe.qcow2', fmt=qcow2 size=32212254720 cluster_size=65536 lazy_refcounts=off refcount_bits=16
[root@kvm-server-1 network-scripts]# virt-install --virt-type kvm --name centos7 --ram 2048 --vcpus 2 --disk bus=virtio,path=/var/lib/libvirt/images/centos7-pxe.qcow2 --graphics vnc,listen=0.0.0.0 --network=bridge:virbr1,model=virtio --pxe


3.3.3.1,自动安装后并获得ip地址并增加一张网卡(新增加的网卡桥接到virbr2)
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:a2:ba:05 brd ff:ff:ff:ff:ff:ff
inet 10.1.1.113/24 brd 10.1.1.255 scope global noprefixroute dynamic eth0
valid_lft 423sec preferred_lft 423sec
inet6 fe80::5054:ff:fea2:ba05/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:8b:36:29 brd ff:ff:ff:ff:ff:ff
inet 192.168.17.91/24 brd 192.168.17.255 scope global noprefixroute eth2
valid_lft forever preferred_lft forever
inet6 fe80::3f97:bcfc:1232:2a79/64 scope link noprefixroute
valid_lft forever preferred_lft forever


3.3.4, kvm-server的网卡情况

[root@kvm-server-2 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
link/ether 00:0c:29:9f:12:2b brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond0 state UP group default qlen 1000
link/ether 00:0c:29:9f:12:2b brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond1 state UP group default qlen 1000
link/ether 00:0c:29:9f:12:35 brd ff:ff:ff:ff:ff:ff
5: eth3: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1500 qdisc fq_codel master bond1 state UP group default qlen 1000
link/ether 00:0c:29:9f:12:35 brd ff:ff:ff:ff:ff:ff
6: eth4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:9f:12:49 brd ff:ff:ff:ff:ff:ff
inet 10.1.1.59/24 brd 10.1.1.255 scope global noprefixroute eth4
valid_lft forever preferred_lft forever
inet6 fe80::bcbc:5c0c:a23e:92f5/64 scope link noprefixroute
valid_lft forever preferred_lft forever
7: virbr2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:0c:29:9f:12:35 brd ff:ff:ff:ff:ff:ff
inet 192.168.17.10/24 brd 192.168.17.255 scope global noprefixroute virbr2
valid_lft forever preferred_lft forever
8: virbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:0c:29:9f:12:2b brd ff:ff:ff:ff:ff:ff
inet 10.1.1.50/24 brd 10.1.1.255 scope global noprefixroute virbr1
valid_lft forever preferred_lft forever
11: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:c2:bd:2a brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
12: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:c2:bd:2a brd ff:ff:ff:ff:ff:ff
15: virbr3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 6a:c7:06:1c:7a:31 brd ff:ff:ff:ff:ff:ff
inet 10.1.1.99/24 brd 10.1.1.255 scope global noprefixroute virbr3
valid_lft forever preferred_lft forever
inet6 fe80::68c7:6ff:fe1c:7a31/64 scope link
valid_lft forever preferred_lft forever
16: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue master virbr1 state UP group default qlen 1000
link/ether 00:0c:29:9f:12:2b brd ff:ff:ff:ff:ff:ff
17: bond1: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc noqueue master virbr2 state UP group default qlen 1000
link/ether 00:0c:29:9f:12:35 brd ff:ff:ff:ff:ff:ff
#虚拟机中的其中一张网卡桥接到virbr2 master virbr2
19: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master virbr2 state UNKNOWN group default qlen 1000
link/ether fe:54:00:68:a6:66 brd ff:ff:ff:ff:ff:ff
#虚拟机中的其中一张网卡桥接到virbr1 master virbr1
20: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master virbr1 state UNKNOWN group default qlen 1000
link/ether fe:54:00:38:03:5a brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe38:35a/64 scope link
valid_lft forever preferred_lft forever


4,验证

另外一台kvm-server做相同配置以后,即可实现实验目的

[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:a2:ba:05 brd ff:ff:ff:ff:ff:ff
inet 10.1.1.113/24 brd 10.1.1.255 scope global noprefixroute dynamic eth0
valid_lft 423sec preferred_lft 423sec
inet6 fe80::5054:ff:fea2:ba05/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:8b:36:29 brd ff:ff:ff:ff:ff:ff
inet 192.168.17.91/24 brd 192.168.17.255 scope global noprefixroute eth2
valid_lft forever preferred_lft forever
inet6 fe80::3f97:bcfc:1232:2a79/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@localhost ~]# ping 192.168.17.101
PING 192.168.17.101 (192.168.17.101) 56(84) bytes of data.
64 bytes from 192.168.17.101: icmp_seq=1 ttl=64 time=2.03 ms
64 bytes from 192.168.17.101: icmp_seq=2 ttl=64 time=1.02 ms
64 bytes from 192.168.17.101: icmp_seq=3 ttl=64 time=2.16 ms
^C
--- 192.168.17.101 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2009ms
rtt min/avg/max/mdev = 1.026/1.741/2.160/0.508 ms
[root@localhost ~]#
#kvm-server2的虚拟机抓包
[root@localhost ~]# tcpdump -i eth0 -nn icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
19:09:39.916708 IP 192.168.17.91 > 192.168.17.101: ICMP echo request, id 2042, seq 1, length 64
19:09:39.916729 IP 192.168.17.101 > 192.168.17.91: ICMP echo reply, id 2042, seq 1, length 64
19:09:40.921888 IP 192.168.17.91 > 192.168.17.101: ICMP echo request, id 2042, seq 2, length 64
19:09:40.921906 IP 192.168.17.101 > 192.168.17.91: ICMP echo reply, id 2042, seq 2, length 64
19:09:41.926188 IP 192.168.17.91 > 192.168.17.101: ICMP echo request, id 2042, seq 3, length 64
19:09:41.926223 IP 192.168.17.101 > 192.168.17.91: ICMP echo reply, id 2042, seq 3, length 64
#由此kvm-server1的虚拟机可以跟kvm-server2的虚拟机通信也可以上外网,而kvm-server2只添加了192.168.17的网段不能上外网