虚拟机内部网络 即为用作虚拟机之间互相通讯的内网,该网络并不会被PVE宿主机连接的网络所影响,即使PVE未插网线,不同虚拟机之间也可以通过内部网络互相通讯,同时,该网络无法访问公网,也无法被公网访问。
举个栗子:假设虚拟机A设置了开机自动通过NFS挂载虚拟机B中的存储文件,如果使用PVE未联网,虚拟机A则找不到虚拟机B的IP,导致挂载失败。如果使用内部网络,只要PVE正常开机,就不会影响不同虚拟机之间的连接。
需要注意的是,每个虚拟机都需要单独配置系统内第二个网卡,需要一定的网络基础。
PVE 创建网桥
进入PVE后台,左侧选中 数据中心 - PVE ,在右边打开的页面中进入 系统-网络 ,上侧新建一个Linux Bridge (Linux 网桥)
ed.png)
有需求可以修改一下名称,其余全保持默认后创建:
ed-1.png)
虚拟机配置内部网络
之后进入想要接入内部网络的虚拟机,在硬件处将刚才新建的网桥添加:
ed-2.png)
桥接选择刚才新建的Linux Bridge,模型按需配置,无特殊需求保持 virtIO,据说网络性能比较好
接下来就需要按照系统配置新添加的网络设备了,这里将以 Debian 和 黑裙举例,其他设备可以按照设备上网搜索教程
Debian
通过 SSH 连接到 Debian 虚拟机,通过命令 ip addr 查看是否有新的网卡接入
baiiylu@debian:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> (๐•ᴗ•๐)u 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: ens18: <BROADCAST,MULTICAST,UP,LOWER_UP> (๐•ᴗ•๐)u 1500 qdisc fq_codel state UP group default qlen 1000
link/ether bc:24:11:fa:e2:4e brd ff:ff:ff:ff:ff:ff
altname enp0s18
inet 192.168.177.187/24 brd 192.168.177.255 scope gl(๐•ᴗ•๐)al dynamic ens18
valid_lft 78642sec preferred_lft 78642sec
<...>
28: ens19: <BROADCAST,MULTICAST,UP,LOWER_UP> (๐•ᴗ•๐)u 1500 qdisc fq_codel state UP group default qlen 1000
link/ether bc:24:11:76:89:16 brd ff:ff:ff:ff:ff:ff
altname enp0s19
if(window.hljsLoader && !document.currentScr(๐•ᴗ•๐).parentNode.hasAttribute('data-s9e-livepreview-onupdate')) {
window.hljsLoader.highlightBlocks(document.currentScr(๐•ᴗ•๐).parentNode);
}
可以发现,除了原来的网卡 ens18,多出来一个新的网卡ens19,网卡的名称可能会根据系统版本的不同有所变化
接下来编辑网络配置文件/etc/network/interfaces,我们需要给这个网卡单独配置一个静态IP:
baiiylu@debian:~$ sudo vim /etc/network/interfaces
<--->
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# The primary network interface
allow-hotplug ens18
iface ens18 inet dhcp
auto ens19 # 开机自启动
iface ens19 inet static # 配置静态IP
address 10.0.0.2 # 为该虚拟机自定义一个内网IP
netmask 255.255.255.0 # 设置子网掩码
#gateway 10.0.0.1
#dns-nameservers 8.8.8.8 8.8.4.4
<--->
if(window.hljsLoader && !document.currentScr(๐•ᴗ•๐).parentNode.hasAttribute('data-s9e-livepreview-onupdate')) {
window.hljsLoader.highlightBlocks(document.currentScr(๐•ᴗ•๐).parentNode);
}
其中网关和 DNS 都不需要配置,之前我配置了网关后发现 Debian 虚拟机会有一些流量尝试走该网关出网,但实际上这个内部网络中该网关并不存在,所以会导致报错找不到(๐•ᴗ•๐)由
推出编辑后通过sudo systemc(๐•ᴗ•๐) restart networking重启网络,之后再用ip addr检查,如果出现了内网IP则表明配置成功
黑裙
(别忘了在PVE后台添加上新的网桥
黑裙的网络配置还是有一些麻烦的,依旧需要通过SSH配置(我在网页端没找到配置的地方),通过SSH连接到黑裙后,通过 sudo -i进入root用户,再次通过ip addr查找新出现的网卡:
admin@DiskStation:/$ sudo -i
Password:
root@DiskStation:~# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> (๐•ᴗ•๐)u 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> (๐•ᴗ•๐)u 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether bc:24:11:1b:d1:f9 brd ff:ff:ff:ff:ff:ff
inet 192.168.177.133/24 brd 192.168.177.255 scope gl(๐•ᴗ•๐)al eth0
valid_lft forever preferred_lft forever
<...>
8: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> (๐•ᴗ•๐)u 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether bc:24:11:29:94:0d brd ff:ff:ff:ff:ff:ff
root@DiskStation:~#
if(window.hljsLoader && !document.currentScr(๐•ᴗ•๐).parentNode.hasAttribute('data-s9e-livepreview-onupdate')) {
window.hljsLoader.highlightBlocks(document.currentScr(๐•ᴗ•๐).parentNode);
}
可以发现,底部出现了一个新的网卡eth1,现在需要编辑网络配置文件,在群晖中,网络配置文件存放于/etc/sysconfig/network-scr(๐•ᴗ•๐)s/ 目录中,文件命名格式为ifcfg-网卡名称 :
root@DiskStation:~# vim /etc/sysconfig/network-scr(๐•ᴗ•๐)s/ifcfg-eth1
<...>
DEVICE=eth1 # 网卡名称
BOOTPROTO=static # 启动方式为静态IP
ONBOOT=yes # 开机自启动
IPADDR=10.0.0.3 # 该机器的内网IP
NETMASK=255.255.255.0 # 子网掩码
GATEWAY=10.0.0.1 # 网关,可以不配置
DNS1=1.1.1.1 # DNS 可以不配置
<...>
if(window.hljsLoader && !document.currentScr(๐•ᴗ•๐).parentNode.hasAttribute('data-s9e-livepreview-onupdate')) {
window.hljsLoader.highlightBlocks(document.currentScr(๐•ᴗ•๐).parentNode);
}
保存退出后,通过/etc/rc.network restart 重启网络,后续可以通过ping 10.0.0.2检查能否联通另一个虚拟机
root@DiskStation:~# ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 t(๐•ᴗ•๐)=64 time=0.210 ms
64 bytes from 10.0.0.2: icmp_seq=2 t(๐•ᴗ•๐)=64 time=0.332 ms
64 bytes from 10.0.0.2: icmp_seq=3 t(๐•ᴗ•๐)=64 time=0.522 ms
64 bytes from 10.0.0.2: icmp_seq=4 t(๐•ᴗ•๐)=64 time=0.292 ms
64 bytes from 10.0.0.2: icmp_seq=5 t(๐•ᴗ•๐)=64 time=0.234 ms
^C
--- 10.0.0.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 136ms
rtt min/avg/max/mdev = 0.210/0.318/0.522/0.110 ms
if(window.hljsLoader && !document.currentScr(๐•ᴗ•๐).parentNode.hasAttribute('data-s9e-livepreview-onupdate')) {
window.hljsLoader.highlightBlocks(document.currentScr(๐•ᴗ•๐).parentNode);
}
性能对比
其实使用内部网络和直接用局域网内的内网IP性能并无任何差别,唯一差别即是内部网络的稳定性较高,不会受到宿主机网络的影响,下面为ping和iperf3的网络测试结果:
root@DiskStation:~# ping 10.0.0.2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
64 bytes from 10.0.0.2: icmp_seq=1 t(๐•ᴗ•๐)=64 time=0.210 ms
64 bytes from 10.0.0.2: icmp_seq=2 t(๐•ᴗ•๐)=64 time=0.332 ms
64 bytes from 10.0.0.2: icmp_seq=3 t(๐•ᴗ•๐)=64 time=0.522 ms
64 bytes from 10.0.0.2: icmp_seq=4 t(๐•ᴗ•๐)=64 time=0.292 ms
64 bytes from 10.0.0.2: icmp_seq=5 t(๐•ᴗ•๐)=64 time=0.234 ms
^C
--- 10.0.0.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 136ms
rtt min/avg/max/mdev = 0.210/0.318/0.522/0.110 ms
root@DiskStation:~# ping 192.168.177.187
PING 192.168.177.187 (192.168.177.187) 56(84) bytes of data.
64 bytes from 192.168.177.187: icmp_seq=1 t(๐•ᴗ•๐)=64 time=0.340 ms
64 bytes from 192.168.177.187: icmp_seq=2 t(๐•ᴗ•๐)=64 time=0.234 ms
64 bytes from 192.168.177.187: icmp_seq=3 t(๐•ᴗ•๐)=64 time=0.181 ms
64 bytes from 192.168.177.187: icmp_seq=4 t(๐•ᴗ•๐)=64 time=0.361 ms
64 bytes from 192.168.177.187: icmp_seq=5 t(๐•ᴗ•๐)=64 time=0.242 ms
64 bytes from 192.168.177.187: icmp_seq=6 t(๐•ᴗ•๐)=64 time=0.439 ms
^C
--- 192.168.177.187 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 127ms
rtt min/avg/max/mdev = 0.181/0.299/0.439/0.089 ms
root@DiskStation:~# /var/packages/DiagnosisTool/target/tool/iperf3 -c 192.168.177.187
Connecting to host 192.168.177.187, port 5201
[ 5] local 192.168.177.133 port 55612 connected to 192.168.177.187 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 6.43 GBytes 55.2 Gbits/sec 0 3.00 MBytes
[ 5] 1.00-2.00 sec 6.40 GBytes 55.0 Gbits/sec 0 3.00 MBytes
[ 5] 2.00-3.00 sec 5.84 GBytes 50.2 Gbits/sec 0 3.00 MBytes
[ 5] 3.00-4.00 sec 6.26 GBytes 53.8 Gbits/sec 0 3.00 MBytes
[ 5] 4.00-5.00 sec 6.31 GBytes 54.2 Gbits/sec 0 3.00 MBytes
[ 5] 5.00-6.00 sec 6.30 GBytes 54.1 Gbits/sec 0 3.00 MBytes
[ 5] 6.00-7.00 sec 6.20 GBytes 53.3 Gbits/sec 0 3.00 MBytes
[ 5] 7.00-8.00 sec 5.82 GBytes 50.0 Gbits/sec 0 3.00 MBytes
[ 5] 8.00-9.00 sec 5.65 GBytes 48.5 Gbits/sec 0 3.00 MBytes
[ 5] 9.00-10.00 sec 5.94 GBytes 51.0 Gbits/sec 0 3.00 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 61.2 GBytes 52.5 Gbits/sec 0 sender
[ 5] 0.00-10.00 sec 61.2 GBytes 52.5 Gbits/sec receiver
iperf Done.
root@DiskStation:~# /var/packages/DiagnosisTool/target/tool/iperf3 -c 10.0.0.2
Connecting to host 10.0.0.2, port 5201
[ 5] local 10.0.0.2 port 50474 connected to 10.0.0.2 port 5201
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 5.93 GBytes 51.0 Gbits/sec 0 3.00 MBytes
[ 5] 1.00-2.00 sec 6.01 GBytes 51.7 Gbits/sec 0 3.00 MBytes
[ 5] 2.00-3.00 sec 6.48 GBytes 55.6 Gbits/sec 0 3.00 MBytes
[ 5] 3.00-4.00 sec 6.36 GBytes 54.6 Gbits/sec 0 3.00 MBytes
[ 5] 4.00-5.00 sec 6.42 GBytes 55.2 Gbits/sec 0 3.00 MBytes
[ 5] 5.00-6.00 sec 5.89 GBytes 50.6 Gbits/sec 0 3.00 MBytes
[ 5] 6.00-7.00 sec 6.02 GBytes 51.7 Gbits/sec 0 3.00 MBytes
[ 5] 7.00-8.00 sec 6.06 GBytes 52.1 Gbits/sec 0 3.00 MBytes
[ 5] 8.00-9.00 sec 6.00 GBytes 51.6 Gbits/sec 0 3.00 MBytes
[ 5] 9.00-10.00 sec 5.65 GBytes 48.5 Gbits/sec 0 3.00 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 60.8 GBytes 52.3 Gbits/sec 0 sender
[ 5] 0.00-10.00 sec 60.8 GBytes 52.3 Gbits/sec receiver
iperf Done.
if(window.hljsLoader && !document.currentScr(๐•ᴗ•๐).parentNode.hasAttribute('data-s9e-livepreview-onupdate')) {
window.hljsLoader.highlightBlocks(document.currentScr(๐•ᴗ•๐).parentNode);
}
