I have a system running QEMU/KVM (via libvirt). One of its VMs needs to have a presence on a subnet that is not local to the VM host. I have a Linux system on the remote subnet. Is there a way to set up some sort of tunneled bridge to cause the VM to appear present on the remote system? This will be a temporary situation (hopefully just until the VM owner can configure their system) and network performance and long-term maintainability aren't really issues.
To give some more concrete information:
My VM host has IP address 192.168.54.155/24. The VM has IP address 192.168.65.71/24. I have a remote system at 192.168.65.254/24. Both the VM host and remote system are running Scientific Linux 6.5. I do not control the network or routing in between the VM host and remote system. I do not have access to the guest OS on the VM. I would like traffic to the VM's IP address to end up at the VM even though its host isn't directly connected to the appropriate network.
I've tried using iproute2
's tunnelling, but Linux won't let me add a tunnel to a bridge. I've considered using some sort of iptables
mangling to route traffic over the tunnel and make the VM think it's on the right network, but I'm not sure whether there are better approaches. What's the best way to accomplish this hack?
You have a couple options, but they're both a pain in the ass.
To help you a bit, you're looking for a 'layer 2 tunnel' (knowing what to search for is half the battle!)
Option 1: Use a 'gretap' tunnel. This is supported naively in most modern linux distributions.
Option 2: Install openvswitch on the host, and configure GRE tunnels between the hosts. You can probably configure openvswitch to do this, but the 'easier' way is to use an OpenFlow controller (like Ryu, which comes with a simple switch module) to join them into one big virtual switch.
I have done option 2, but option 1 would be the easier way (though I never got it functional due to other constraints).