On 3/24/26 12:28 PM, [email protected] wrote:
Hello,
I want to set up a NAT network inside a VM (so far as I understand, the
name for that is nested virtualization).
A virtual network (including one with NAT enabled) doesn't require
"nested virtualization" support (which is a term normally used to refer
to hardware *CPU* virtualization for L2 nested VMs that are run within
an L1 virtual machine (that is a VM running on a physical host)). A
libvirt "virtual network" is just a simple way to start up the following
group of functionality as a unit:
1) a Linux host bridge device (which can be used to connect tap devices
to each other and then forward their traffic to a physical network using
IP routing
2) an instance of dnsmasq, to provide 2a) DNS and 2b) DHCP services to
anything connected to the hostbridge in (1)
3) proper packet filtering rules (i.e. nftables or iptables) to
permit/block traffic between the devices connected to the bridge and the
host + physical network.
It is called a "virtual" network because it doesn't have any physical
components, but it doesn't have anything to do with the CPU
virtualization of KVM (which is what "nested virtualization" refers to).
Unfortunately I only have Shell Access to the VM, and am not hosting it.
This shouldn't be a problem (for creating a virtual network within your
guest VM anyway).
I installed debian.
The output of `uname -a`: Linux kvm1 6.12.74+deb13+1-amd64 #1 SMP
PREEMPT_DYNAMIC Debian 6.12.74-2 (2026-03-08) x86_64 GNU/Linux
When I run `kvm-ok` it says "INFO: Your CPU does not support KVM
extensions KVM acceleration can NOT be used".
When I try to load `kvm_intel` into the kernel (even with nested=1
option), it says "modprobe: ERROR: could not insert 'kvm_intel':
Operation not supported".
I can't start a network, there is no `/dev/kvm` device.
None of the above is a roadblock to creating a libvirt virtual network
within the guest VM. It *will* prevent you from running nested VMs with
accelerated CPU virtualization (you can still run nested VMs that use
TCG i.e. software CPU virtualization, but you will be very underwhelmed
by the results).
I installed libvirt with `apt installĀ --no-install-recommends qemu-
system libvirt-clients libvirt-daemon-system`.
I don't use debian, so I don't know which libvirt subpackages those pull
in, but for libvirt virtual network management, you need to have the
package libvirt-daemon-driver-network installed - your inability to
create a virtual network is because that package is missing.
(Additionally if you install libvirt-daemon-config-network that will add
the canonical libvirt "default network" to your config, and attempt to
autostart it when your guest starts. You can either use it as-is, or
edit it with "virsh net-edit" to change the subnet it uses.)
Is there a way to enable libvirt support? For me, or the admins that
host the VMs?
As for *CPU* virtualization (aka KVM), that's not something that you can
enable from your guest VM by itself. To enable nested virt for your
guest (and others), the admins of the physical host should look at
something like this for guidance:
https://docs.fedoraproject.org/en-US/quick-docs/using-nested-virtualization-in-kvm/
Note that any nested guest you may have created prior to enabling nested
virtualization will have been setup for software virtualization, and
remain that way until you change its config or simply recreate it with
nested virt enabled.
(NB: I don't know when that was last updated, and personally don't ever
use nested virt so I'm not certain if those are the best instructions)
