libvirt不仅是UI。有些管理功能需要在虚拟化外做就是他干的工作。
"Node resource operations which are needed for the management and provisioning of domains are also in the scope of the libvirt API, such as interface setup, firewall rules, storage management and general provisioning APIs. Libvirt will also provide the state monitoring APIs needed to implement management policies, obviously checking domain state but also exposing local node resource consumption." http://libvirt.org/goals.html 2016-01-14 15:30 GMT+08:00 惠轶群 <[email protected]>: > 困扰了很久的问题,供大家参考和讨论。 > > 用 libvirt 和 kvm > 部署了一批虚拟机,网络用的macvtap,比较新的网络虚拟化方案,配合比较新的交换机(支持VEPA)基本是完美的(除了ipv6的DAD一定会失败,这个是另外一个事情了)。 > > > 因为虚拟环境中使用了ipv6,所以多播的包很重要,比如RA等,不过虚拟机里面拿不到从交换机过来的多播包,所以ipv6的网络半瘫痪,打开了网卡的allmulti之后才能正常使用,然而v6的子网很大,开allmulti显然很不靠谱。 > > > 最初怀疑是macvtap或macvlan的bug,看完代码发现macvlan的确实现了macvlan设备到物理设备的多播filter列表的同步;而macvtap是在macvlan的后面封装了一个tap设备,简单地看了下代码觉得macvtap并没有实现奇怪的ioctl来管理多播filter地址列表。 > > 到这,我想kvm是通过macvtap来与物理环境通信的,既然macvtap不支持多播filter地址列表,那么显然已经没救了。 > > 今天搜索的时候发现了这样一个[patch]( > http://libvirt.org/git/?p=libvirt.git;a=commit;h=d70cc1fa7219b347a301e132bb927f41958b372d) > ,好像就是在解决多播filter地址列表的问题。但是为什么是libvirt的patch? > > 又找了一下发现在[这里](https://libvirt.org/formatdomain.html#elementsNICS) > 有一个参数叫trustGuestRxFilters,在它为true的时候libvirt会处理kvm的事件,同步多播的filter列表,不过默认是no。 > > 所以这个问题的结论大概应该是(暂时还没验证): > 1. libvirt版本大于1.2.10 > 2. trustGuestRxFilters=yes > 3. 虚拟机的网卡model用virtio(其他model不支持) > > 我不能理解的是: > > libvirt 不是一个UI吗,这事为什么归它管? > > -- > > --- > You received this message because you are subscribed to the Google Groups > "TUNA 主邮件列表" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "TUNA 主邮件列表" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. For more options, visit https://groups.google.com/d/optout.
