Creating a virtual router in KVM

Its been a little while since a did some work on this project and in that time I have upgraded my virtualisation computer to run OpenSuse LEAP 42.3
Mikrotik have also upgraded their software, so I am intending to use version 6.40.2 of the router OS.

Having downloaded the OS file and made it available in the ISO store, before I can run it, I need to create some storage for the router OS to be installed into and to keep its configuration. I will create a 10 Gig virtual hard disk for it as follows:

In the Virtual Machine manager, double click on QEMU/KVM to connect to the hypervisor, then click on the storage tab. Highlight the ‘VMachines’ pool and click on the blue cross where it says ‘Volumes’ to create the virtual hard disk in the VMachines storage pool.

Add a new storage Volume, (NOT Pool)

Edit the name and size of the disk and set it to use the qcow2 format.

Setting the parameters for the new disk

The storage pool now looks like this:

Newly created 10G disk for the router

I can now create the router by returning to the Virtual Machine Manager and clicking on the ‘Create a new virtual machine’ icon at the top left:

Click the New Virtual machine icon, top left.

Configure the new machine to use a local install media, and because the router software is 32-bit, use an i686 architecture.

Local install media and i686 architecture

Click ‘Forward’ and on the next pane, select the ‘Use ISO image’ option and browse the ISO pool for the router downloaded earlier.

Select the Mikrotik router ISO

Click ‘Forward’. I will allocate 2 Gigabytes of RAM to the router (the maximum it currently supports) and two processor cores.

Allocate 2 Gigs of RAM and 2 processor cores

Clicking ‘Forward’ takes me to a pane where I can select the hard disk image I created earlier.

Select the hard disk image created earlier

Clicking ‘Forward’ allows me to name this virtual machine, in this case ‘MRouter’. Also note that by default I am connecting it to the house network, via the bridge connection I configured in an earlier post. Check the box to allow further configuration. There are more networks to add…

Name the machine and connect it to the house network.

Click ‘Forward’ and I get the customisation panel. I will add three more network interfaces and connect them to each virtual network in turn.

Click on ‘Add hardware’ to create new virtual network interfaces

Each new network adapter gets its own unique MAC address and can connect to any of the real or virtual networks available to the Virtual Machine Manager. For example:

Creating a new adapter and connecting it to a network

When all three adapters are added, the virtual machine can be started by clicking on the green tick marked ‘Begin Installation’. I now get a window showing the running virtual machine. Using the on screen instructions I selected various packages to install as follows:

Initial package selection

Press ‘i’ to install… say no to keeping the old configuration and yes to continuing…

Press enter to reboot and…

Waiting for login…

More on what to do in the next post…

Creating virtual networks in KVM

In earlier posts I installed the KVM hypervisor on an openSUSE Leap system and added a bridged network connection. That will allow virtual machines to use IP addresses on my house network. However, what if I want to use ‘private’ networks for the experiments I wish to run? That is easily done so let’s see how to create networks and address ranges as follows:

'management'
192.168.99.0/24
'site1'
192.168.100.0/24
'site2vlan1'
192.168.101.0/24
'site2vlan2'
192.168.102.0/24

Bring up the ‘details’ pane for the hypervisor and select the ‘Virtual Networks’ tab as follows:

The list of virtual networks, currently empty

Clicking on the small blue cross opens the dialog for adding a new network. Let’s define the ‘management’ LAN as follows:

Setting the name of the management LAN

Next, define the IP address and subnet mask (192.168.99.0/24) and untick the ‘Enable DHCPv4’ option. DHCP will be provided by the virtual Mikrotek router.

Setting the IP address range and disabling DHCP

On the next pane, disable IPv6 for the time being.

Disable IPv6 for this network

Finally, select the option to create an isolated network and keep the DNS Domain Name as shown.

Creating an isolated network called ‘management’

Repeating the process for the other networks produces a network list as follows:

The completed list of virtual networks

As a final check to see that everything is working as expected, bring up a console as the root user and type the following commands:

virsh net-list

virsh net-list
 Name                 State      Autostart     Persistent
----------------------------------------------------------
 management           active     yes           yes
 site1                active     yes           yes
 site2vlan1           active     yes           yes
 site2vlan2           active     yes           yes

ip addr

ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether xx:xx:xx:xx:xx:xx brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.101/24 brd 192.168.1.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fd00::1:8ca0:7c31:ae16:2e0e/64 scope global temporary dynamic 
       valid_lft 6233sec preferred_lft 6233sec
    inet6 fd00::1:12bf:48ff:fe88:f355/64 scope global mngtmpaddr dynamic 
       valid_lft 6233sec preferred_lft 6233sec
    inet6 fe80::12bf:48ff:fe88:f355/64 scope link 
       valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:c4:63:38 brd ff:ff:ff:ff:ff:ff
    inet 192.168.99.1/24 brd 192.168.99.255 scope global virbr0
       valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:c4:63:38 brd ff:ff:ff:ff:ff:ff
6: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:53:8a:0c brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.1/24 brd 192.168.100.255 scope global virbr1
       valid_lft forever preferred_lft forever
7: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN group default qlen 1000
    link/ether 52:54:00:53:8a:0c brd ff:ff:ff:ff:ff:ff
8: virbr2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:cf:6f:e2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.101.1/24 brd 192.168.101.255 scope global virbr2
       valid_lft forever preferred_lft forever
9: virbr2-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr2 state DOWN group default qlen 1000
    link/ether 52:54:00:cf:6f:e2 brd ff:ff:ff:ff:ff:ff
10: virbr3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:26:84:24 brd ff:ff:ff:ff:ff:ff
    inet 192.168.102.1/24 brd 192.168.102.255 scope global virbr3
       valid_lft forever preferred_lft forever
11: virbr3-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr3 state DOWN group default qlen 1000
    link/ether 52:54:00:26:84:24 brd ff:ff:ff:ff:ff:ff

The results show the four virtual networks (virbr0 to virbr3), but they also show that four virtual network adapters (virbr0-nic to virbr3-nic) have been created that connect each of these new networks to the host machine itself.

In another post, the virtual Mikrotek router will be installed and a basic configuration applied to allow it to route between the four virtual networks.

Setting up Virtual Machine Manager to work with the KVM hypervisor

I want to use the Virtual Machine Manager application in openSUSE to manage my virtual machines and networks. Before that, I needed to create some areas on the hard disk to store information used by the hypervisor as follows. From the command line in my home directory I typed:

mkdir ISO
mkdir vmachines

This created two directories, one (ISO) for storing bootable images used to install virtual machines and the other (vmachines) to hold the virtual hard disks used by those machines. Now that’s done, I can launch the VMM application from ‘System’ -> ‘Virtual Machine Manager’

‘Front Page’ of Virtual Machine Manager

Double clicking on ‘QEMU/KVM’ promped me to input my root password and connected me to the hypervisor. Then, right clicking on ‘QEMU/KVM’ allowed me to select ‘Details’ which then gave me the following information pane about my hypervisor.

Basic performance details about the hypervisor. Options for this pane can be changed by clicking on ‘File’ near the top-left of the window

I first needed to tell the hypervisor where I was going to put bootable disk images for it to use. Clicking on the ‘Storage’ tab produced this window:

Click on the blue cross at the very bottom left of this window to add a new storage pool

Call the new storage pool ‘ISO’

Naming the new ISO sotrage pool

Then point to the newly created ISO directory created earlier.

Browse to ISO directory created earlier

Next, I created another new storage pool, but this time called it ‘VMachines’ and linked it to the ‘vmachines’ directory created earlier. Now my storage pools look like this:

I now have three storage pools. The ‘default ‘ pool will be unused, but I will put bootable image files in ISO and store virtual hard disks in VMachines

Finally, I will go and fetch a copy of RouterOS for experimenting with Mikrotik routers. The file needed is on the Mikrotik download page. It is possible to fetch the file into the correct location on the hard disk via the command line as follows:

cd ~/ISO
wget https://download2.mikrotik.com/routeros/6.39.1/mikrotik-6.39.1.iso

I could now add that ISO to the storage pool by clicking on the swirly arrow icon which made VMM re-read the contents of the ‘ISO’ storage pool allowing it to find the newly downloaded router software image.

Clicking on the swirly arrow icon has added the mikrotik ‘volume’ to the ISO storage pool. That makes it available to the hypervisor for installing a virtual router

Next time I will install the Mikrotik router as well as create some virtual networks for it to route between.

Installing KVM-based virtualisation on openSuse

Recently I was speaking to a friend about Mikrotik routers and he mentioned that you could download a copy of their RouterOS software to experiment with. I hatched a plan to model a small network with such a router at its core and see what can be done with it in terms of monitoring using SNMP-based tools.

First, I would need to set up a fresh virtualisation platform to play with. I plopped a spare hard drive in to my gaming rig and installed openSUSE LEAP 42.2 on to it. That’s the easy bit of course, but I thought it would be interesting to look in more detail at setting up virtualisation using KVM as the hypervisor and some of the issues I encountered.

The ‘Yast ‘ application has a very useful option for installing a hypervisor. Here’s what it looks like:

Click here to begin configuring a hypervisor

Clicking on this item then gave me an option to choose which hypervisor:

Make sure to tick both KVM related boxes

Part of the installation process includes offering to set up a network ‘bridge’. My PC has one physical network device, ‘eth0’ and it has a static IP address (192.168.1.101) on my house network. The bridge will appear as ‘br0’ and will allow my virtual machines to access the house network using IP addresses in the same range as my other computers (i.e. 192.168.1.x)

Saying ‘yes’ to this option creates the ‘default’ virtual network attached to ‘br0’

 

Let’s check that the network has been created by using the ‘ip’ command line tool to see what the state of my network is…

The IP address has moved from ‘eth0’ to ‘br0’ as expected

Ah, but there’s a problem… when I booted up the computer a little while later, I had no network connection. For some reason the routing table had become confused. The IP address was linked to the bridge ‘br0’ but the default gateway was linked to the original ethernet adapter ‘eth0’. This is easy to fix in Yast under ‘System’ -> ‘Network Settings’. Find the entry on routing and change the device from ‘eth0’ to ‘br0’. Fixed!

Use the dropdown to select the correct interface – br0

In another post I will look at setting up ‘Virtual Machine manager’ and install a copy of RouterOS to play with.