Best practice: Use the tap networking option in QEMU

https://www.ibm.com/support/knowledgecenter/linuxonibm/liaat/liaatbptap.htm

Learn about QEMU networking options and Linux bridge support.

QEMU networking options

QEMU networkingsupport includes the following options:

User

The user option is a networking environment that supports theTCP and UDP protocols. QEMU provides services to the guest operatingsystem such as DHCP, TFTP, SMB, and DNS. QEMU acts as a gateway anda firewall for the guest operating system such that communicationfrom the guest operating system appears to be from the QEMU host.

Youcannot initiate a connection to the guest operating system withouthelp from QEMU. For this type of connection, QEMU provides the redir parameter.The redir parameter redirects TCP or UDP connectionsfrom a specific port on the host to a specific port on the guest operatingsystem.

The user option is the default networking option inQEMU.

Socket

The socket option is used to connect together the network stacksof multiple QEMU processes. You create one QEMU process that listenson a specified port. Then, you create other QEMU processes that connectto the specified port.

Tap

The tap option connects the network stack of the guest operatingsystem to a TAP network device on the host. By using a TAP device,QEMU can perform the following actions:

• Receive networking packets from the host network stack and passthe packets to the guest operating system.
• Receive networking packets from the guest operating system andinject the packets into the host network stack.

Use the tap networking option because it providesfull networking capability to a guest operating system.

Linux bridgesupport

Perform the following tasks to add and remove TAPnetwork devices to and from the bridges when you start and stop aguest operating system:

1. Create the bridges before you start the first guest operatingsystem.
2. If you want the guest operating system to access the physicalnetwork, add an Ethernet device to the bridge.
3. Specify a script for configuring the tap network device and ascript for unconfiguring the tap network device.

Guest operating systems that you add to the same bridgecan communicate with each other. If you want multiple subnets availableto the guest operating systems, define multiple bridges. In this situation,each bridge is for a unique subnet. Each bridge contains the TAP devicesthat are associated with the NICs of the guest operating systems thatare part of the same subnet.

When using the Linux bridge, consider the form of receiveoffload supported by the network adapter. Receive offload aggregatesmultiple packets into a single packet to improve network performance.Many network adapters provide a form of receive offload in the adapter,which is often referred to as large receive offload (LRO). The Linux kernel provides a form ofreceive offload called generic receive offload (GRO). Linux bridges can forward GRO packets. Linux bridges cannot forward LROpackets unless the driver is compliant with GRO. Therefore, in orderfor guest operating systems to use receive offload the network adaptermust support GRO.

QEMU VLAN

QEMU networking uses a networkingtechnology that is like VLAN. A QEMU VLAN is not an 802.1q VLAN. Rather,a QEMU VLAN is a way for QEMU to forward packets to guest operatingsystems that are on the same VLAN. When you define the networkingoptions for a guest operating system, you can specify a VLAN to whichthe network interface is assigned. If you do not specify a VLAN, bydefault QEMU assigns the interface to VLAN 0. In general, if you createmore than one network interface for a guest operating system, assignthe network interfaces to different VLANs.

Example

The following example shows theqemu-kvm options you can use to set up multiple interfaces:

-net nic,model=virtio,vlan=0,macaddr=00:16:3e:00:01:01 
-net tap,vlan=0,script=/root/ifup-br0,downscript=/root/ifdown-br0 
-net nic,model=virtio,vlan=1,macaddr=00:16:3e:00:01:02 
-net tap,vlan=1,script=/root/ifup-br1,downscript=/root/ifdown-br1

Theexample shows two network devices configured for a guest operatingsystem as follows:

• The - net nic command defines a network adapterin the guest operating system. Both network devices are para-virtualizeddevices which is indicated by the model=virtio value.Both devices also have unique MAC addresses which is indicated bythe macaddr values. Each network device is on a differentVLAN. The first device is on VLAN 0 and the second network deviceis on VLAN 1.
• The -net tap command defines how QEMU configuresthe host. Each network device is added to and removed from a differentbridge by using scripts. The first device is added to the br0 bridgeby using the /root/ifup-br0 script and removed fromthe br0 bridge by using the /root/ifdown-br0 script.Similarly, the second network device is added to the br1 bridgeby using the /root/ifup-br1 script and removed fromthe br1 bridge by using the /root/ifdown-br1 script.Each network device is also on a different VLAN. The first deviceis on VLAN 0 and the second network device is on VLAN 1.

Parent topic: Best practices for networking