|
2 | 2 |
|
3 | 3 | Manages the default virtual network for instances using a Linux bridge and TAP devices. |
4 | 4 |
|
| 5 | +## How Linux VM Networking Works |
| 6 | + |
| 7 | +``` |
| 8 | +┌──────────────────────────────────────────────────────────────────────┐ |
| 9 | +│ HOST │ |
| 10 | +│ │ |
| 11 | +│ ┌───────────┐ ┌───────────┐ │ |
| 12 | +│ │ VM 1 │ │ VM 2 │ │ |
| 13 | +│ │ (no net) │ │ 10.100. │ │ |
| 14 | +│ │ │ │ 5.42 │ │ |
| 15 | +│ └───────────┘ └─────┬─────┘ │ |
| 16 | +│ │ │ |
| 17 | +│ ┌────┴────┐ │ |
| 18 | +│ │ TAP │ │ |
| 19 | +│ │ hype-x │ │ |
| 20 | +│ └────┬────┘ │ |
| 21 | +│ ┌───────────────────────────────────────────────────────────────┐ │ |
| 22 | +│ │ LINUX KERNEL │ │ |
| 23 | +│ │ ┌─────────────┐ ┌───────────────┐ │ │ |
| 24 | +│ │ │ Bridge │ routing + iptables │ eth0 │ │ │ |
| 25 | +│ │ │ (vmbr0) │ ─────────────────────────>│ (uplink) │ │ │ |
| 26 | +│ │ │ 10.100.0.1 │ NAT/masquerade │ public IP │ │ │ |
| 27 | +│ │ └─────────────┘ └───────┬───────┘ │ │ |
| 28 | +│ └────────────────────────────────────────────────────┼──────────┘ │ |
| 29 | +│ │ │ |
| 30 | +└───────────────────────────────────────────────────────┼──────────────┘ |
| 31 | + │ |
| 32 | + To Internet |
| 33 | +``` |
| 34 | + |
| 35 | +**Key concepts:** |
| 36 | + |
| 37 | +- **TAP device**: A virtual network interface. Each VM gets one (unless networking is disabled). It's like a virtual ethernet cable connecting the VM to the host. |
| 38 | + |
| 39 | +- **Bridge**: A virtual network switch inside the kernel. All TAP devices connect to it. The bridge has an IP (the gateway) that VMs use as their default route. |
| 40 | + |
| 41 | +- **Linux kernel as router**: The kernel routes packets between the bridge (VM network) and the uplink (physical network). iptables NAT rules translate VM private IPs to the host's public IP for outbound traffic. |
| 42 | + |
| 43 | +**What Hypeman creates:** |
| 44 | +1. One bridge (`vmbr0`) with the gateway IP (e.g., `10.100.0.1`) |
| 45 | +2. One TAP device per networked VM (e.g., `hype-abc123`) |
| 46 | +3. iptables rules for NAT and forwarding |
| 47 | + |
| 48 | +This setup allows for VMs with an attached network to communicate to the internet and for programs on the host to connect to the VMs via their private IP addresses. |
| 49 | + |
5 | 50 | ## Overview |
6 | 51 |
|
7 | 52 | Hypeman provides a single default network that all instances can optionally connect to. There is no support for multiple custom networks - instances either have networking enabled (connected to the default network) or disabled (no network connectivity). |
|
0 commit comments