I have setup a dedicated server using leap 15, with aim of setting up multiple kvm machines with isolated public ips.
Setup for one machine for example note(will have to setup multiple machines): #1 no bridge with yast. #2 setup a bridge with virsh from xml file:
RESULT: #1 The machine will have public ip, and completley isolated. #2 Network performance is bad, issues bad download/upload.note:(host has one port 1GB/S which is exactly what it is if test net speed.)
Question :
I have reading online a lot about macvlan, macvtap, bridges, including opensuse 15 virtualization guide of kvm libvirt. the more i read the more confused i get, i even do not know what am i using on my setup.
My dedicated server provider provides ip’s with its gateways, and a mac for each one, how can i get the best and simplest configs and performance wise while creating multiple kvm machines please?
In general, avoid macvlan and macvtap unless you have special reason to implement, those implement direct hardware access to the NIC. There is no scenario I can think of that can improve your performance. I do implement macvtap when I do pen testing because in that case, I need direct hardware access to operate in promiscuous mode and scanning may require.
Instead, the most common network configuration builds on top of virtual bridge devices like br0 and virbr0.
A network bridging device is a virtual device that represents a network configuration, typically bridging, NAT and Host-Only. If you wish, you can create multiple instances of the same type but configured differently to isolate traffic. Within a particular network configuration, some services can be provided, for instance in a NAT network it’s common to provide a DHCP server (with configured scope).
So, typically you will see defined “virtual networks” and with each virtual network, there will be an associated bridging device… And, any number of Guests can connect to the same bridging device to participate in that network.
An example would be if you use the default br0 device which should have been created when you initially installed KVM, Xen or LXC. That bridging device would have been configured for “network bridging” which means that it’s transparent and allows Guests to see and be seen on the physical network like any other physical host. Multiple Guests can use this same bridging device but each configured with its own MAC address. Performance should be like any other Host on the network since ethernet is serial communications (only one bit can light up the physical network at any moment, there is no such thing as multiple bits in parallel).
If you are having network performance issues,
Then you need to sleuth the cause… Beginning with the Host.
Again, remember that because Ethernet is serial communications, if you have a number of Guests actively using the same, shared physical network connection the throughput would be less than maximum, but that would also happen if each was a real physical machine using the same physical network… if the network is the bottleneck.
And, if your machine is really going to put enormous loads on your NIC, consider a better NIC that supports offloading processing from the CPU.
Hi, i see your point. However i decided to give lxc a go, i mean just lxc not lxc-libvirt way, however i found the docs verry short when it comes to lxc, and i have been googlling some debian destro will have a package to help with lxc-groups libpam-cgroup libpam-cgfs but not in opensuse and i been facing ton of issues; have don the subgid subuid too.
lxc-start: start.c: __lxc_start: 1530 Failed to spawn container "csgo".
lxc-start: conf.c: lxc_map_ids: 2657 newuidmap failed to write mapping "newuidmap: uid range 0-65536) -> 1258512-1324048) not allowed": newuidmap 2267 0 1258512 65536 65536 0 1
lxc-start: conf.c: userns_exec_1: 3825 error setting up {g,u}id mappings for child process "2267"
lxc-start: cgroups/cgfsng.c: recursive_destroy: 1261 Error destroying /sys/fs/cgroup/unified//lxc/csgo
lxc-start: conf.c: lxc_map_ids: 2657 newuidmap failed to write mapping "newuidmap: uid range 0-65536) -> 1258512-1324048) not allowed": newuidmap 2269 0 1258512 65536 65536 0 1
lxc-start: conf.c: userns_exec_1: 3825 error setting up {g,u}id mappings for child process "2269"
lxc-start: cgroups/cgfsng.c: recursive_destroy: 1261 Error destroying /sys/fs/cgroup/systemd//lxc/csgo
lxc-start: conf.c: lxc_map_ids: 2657 newuidmap failed to write mapping "newuidmap: uid range 0-65536) -> 1258512-1324048) not allowed": newuidmap 2271 0 1258512 65536 65536 0 1
lxc-start: conf.c: userns_exec_1: 3825 error setting up {g,u}id mappings for child process "2271"
lxc-start: cgroups/cgfsng.c: recursive_destroy: 1261 Error destroying /sys/fs/cgroup/cpu//lxc/csgo
lxc-start: conf.c: lxc_map_ids: 2657 newuidmap failed to write mapping "newuidmap: uid range 0-65536) -> 1258512-1324048) not allowed": newuidmap 2273 0 1258512 65536 65536 0 1
lxc-start: conf.c: userns_exec_1: 3825 error setting up {g,u}id mappings for child process "2273"
lxc-start: cgroups/cgfsng.c: recursive_destroy: 1261 Error destroying /sys/fs/cgroup/memory//lxc/csgo
lxc-start: conf.c: lxc_map_ids: 2657 newuidmap failed to write mapping "newuidmap: uid range 0-65536) -> 1258512-1324048) not allowed": newuidmap 2275 0 1258512 65536 65536 0 1
lxc-start: conf.c: userns_exec_1: 3825 error setting up {g,u}id mappings for child process "2275"
lxc-start: cgroups/cgfsng.c: recursive_destroy: 1261 Error destroying /sys/fs/cgroup/pids//lxc/csgo
lxc-start: conf.c: lxc_map_ids: 2657 newuidmap failed to write mapping "newuidmap: uid range 0-65536) -> 1258512-1324048) not allowed": newuidmap 2277 0 1258512 65536 65536 0 1
lxc-start: conf.c: userns_exec_1: 3825 error setting up {g,u}id mappings for child process "2277"
lxc-start: cgroups/cgfsng.c: recursive_destroy: 1261 Error destroying /sys/fs/cgroup/rdma//lxc/csgo
lxc-start: conf.c: lxc_map_ids: 2657 newuidmap failed to write mapping "newuidmap: uid range 0-65536) -> 1258512-1324048) not allowed": newuidmap 2279 0 1258512 65536 65536 0 1
lxc-start: conf.c: userns_exec_1: 3825 error setting up {g,u}id mappings for child process "2279"
lxc-start: cgroups/cgfsng.c: recursive_destroy: 1261 Error destroying /sys/fs/cgroup/cpuset//lxc/csgo
lxc-start: conf.c: lxc_map_ids: 2657 newuidmap failed to write mapping "newuidmap: uid range 0-65536) -> 1258512-1324048) not allowed": newuidmap 2281 0 1258512 65536 65536 0 1
lxc-start: conf.c: userns_exec_1: 3825 error setting up {g,u}id mappings for child process "2281"
lxc-start: cgroups/cgfsng.c: recursive_destroy: 1261 Error destroying /sys/fs/cgroup/hugetlb//lxc/csgo
lxc-start: conf.c: lxc_map_ids: 2657 newuidmap failed to write mapping "newuidmap: uid range 0-65536) -> 1258512-1324048) not allowed": newuidmap 2283 0 1258512 65536 65536 0 1
lxc-start: conf.c: userns_exec_1: 3825 error setting up {g,u}id mappings for child process "2283"
lxc-start: cgroups/cgfsng.c: recursive_destroy: 1261 Error destroying /sys/fs/cgroup/blkio//lxc/csgo
lxc-start: conf.c: lxc_map_ids: 2657 newuidmap failed to write mapping "newuidmap: uid range 0-65536) -> 1258512-1324048) not allowed": newuidmap 2285 0 1258512 65536 65536 0 1
lxc-start: conf.c: userns_exec_1: 3825 error setting up {g,u}id mappings for child process "2285"
lxc-start: cgroups/cgfsng.c: recursive_destroy: 1261 Error destroying /sys/fs/cgroup/net_cls//lxc/csgo
lxc-start: conf.c: lxc_map_ids: 2657 newuidmap failed to write mapping "newuidmap: uid range 0-65536) -> 1258512-1324048) not allowed": newuidmap 2287 0 1258512 65536 65536 0 1
lxc-start: conf.c: userns_exec_1: 3825 error setting up {g,u}id mappings for child process "2287"
lxc-start: cgroups/cgfsng.c: recursive_destroy: 1261 Error destroying /sys/fs/cgroup/perf_event//lxc/csgo
lxc-start: conf.c: lxc_map_ids: 2657 newuidmap failed to write mapping "newuidmap: uid range 0-65536) -> 1258512-1324048) not allowed": newuidmap 2289 0 1258512 65536 65536 0 1
lxc-start: conf.c: userns_exec_1: 3825 error setting up {g,u}id mappings for child process "2289"
lxc-start: cgroups/cgfsng.c: recursive_destroy: 1261 Error destroying /sys/fs/cgroup/freezer//lxc/csgo
lxc-start: conf.c: lxc_map_ids: 2657 newuidmap failed to write mapping "newuidmap: uid range 0-65536) -> 1258512-1324048) not allowed": newuidmap 2291 0 1258512 65536 65536 0 1
lxc-start: conf.c: userns_exec_1: 3825 error setting up {g,u}id mappings for child process "2291"
lxc-start: cgroups/cgfsng.c: recursive_destroy: 1261 Error destroying /sys/fs/cgroup/devices//lxc/csgo
lxc-start: tools/lxc_start.c: main: 368 The container failed to start.```
It’s been many many years (5 years?) since 12.3 when openSUSE last distributed LXC not integrated with libvirt, and even then was using a custom YaST LXC manager, so I don’t think it’s likely that you’ll have any success deploying “just” LXC without libvirt. If you want to manage your lLXC by command line, libvirt has its own command line syntax using virsh.
And, it should be noted that LXC deployed using libvirt is substantively different than without libvirt. There is documentation to convert to using libvirt, but not the other way around (dissembling might work but is untried).
I haven’t personally reviewed current LXC documentation, but a quick skim looks OK. You should install LXC using the YaST “Install Hypervisor and Virtualization” module, not picking individual packages on your own so that you have the best foundation and are set up to go.