Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Qemu networking

VirtualBox VS Qemu Networking

The following are VB Networking modes and how we can implement them in Qemu:

  • Not Attached: in qemu this is done by specifying -nic none.
  • NAT: this is the default for VB, and it is the way Qemu user networking(SLIRP) is setup.
    • The hypervisor NAT's the traffic from the guest to the outside world.
    • By default the host is accessible from the guest in the address 10.0.2.2.
    • The guest is not accessible from the host by default. Access can be achieved through Port forwarding.
    • -device e1000,netdev=net0 -netdev user,id=net0,hostfwd=tcp::2222:22
    • In Qemu's usermode networking, a userspace networking stack is loaded in the qemu process. It is a standlone implementation of ip, tcp, udp, dhcp and tftp ...
  • NAT Networks: This create a network similar to a home router, the services in the network can reach each other and internet, but they can be reached by outer hosts.
    • This is done using using Bridges and TAP interfaces.
    • We create a bridge with a static IP address and we plug it into the VMs' nics, then we NAT from it. Finally we run dnsmasq on it to act as a DHCP and DNS server.
  • Bridged networking: This is the same as the previous but more flexible.
    • In Qemu the tap device is bridged to a physical network interface so the machines are accessible from the host network.
    • device virtio-net,netdev=network0 -netdev tap,id=network0,ifname=tap0,script=no,downscript=no
  • Internal networking: Same as bridged, but the VMs are not accessible from the host and vice versa.
    • This is achieved in Qemu by droping all the traffic to the bridge on the INPUT iptables chain.
    • iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
    • We either need to assign static IPs or run a DHCP server in one of the VMs.
  • Host-only networking: Hybrid between Host-Only and Bridged, since the VMs can't be accessed by the machines in the host's network, but can be accessed by the hist itself.
    • In Qemu the bridge is created and assigned an IP, and no traffic destined to it is dropped. But it is not connected to any physical interface.
  • Generic networking: VDE networks.

More on Qemu networking in the Arch wiki. And more on VB Networking on their manual.

Qemu networking CLI options

  • Qemu provide two different entities to configure networking for a vm:
    1. The frontend: The nic that the guest sees, it can either be a virtualized network card (e1000) or a paravirtualized device (virtio-net)
    2. The backend: The interface used by Qemu to exchange network packets with the outside world (other vms, the host internet ...).
  • There are 3 options to create network entities -nic, -netdev and -net.
  • -net can either create a frontend or a backend.
    • All frontends and backends created using -net are connected to a hub (previously named vlan). This way all of them will recieve each other's packets.
    • It can not use vhost acceleration.
    • Qemu -net is deprecated in favor of -device + -netdev or -nic for fast and less verbose network configurations.
  • -netdev can only create backends and needs to be coupled with -device.
    • It does not create a shared hub. and every nic is connected to its backend only, which mean packets are not accessible between interfaces.
    • We still can connect to hub using -netdev hubport, however the use of a hub is not required anymore for most usecases.
    • -device can only be used with plugable NICs. Boards with on-board NICs can't be configured with -device.
  • -nic can create both frontends and backends at the same time.
    • It is easier to use than -netdev and can configure onboard NICs, and does not place a hub between interfaces.

More information here

More on Qemu networking

  • In unpriviliged setups, qemu VMs running using the usermode networking can access each other using sockets.

More on Qemu networking and socket mode