Wandering Thoughts archives

2024-04-22

Making virtual machine network interfaces inactive in Linux libvirt

Today, for reasons beyond the scope of this entry, I was interested in arranging to boot a libvirt-based virtual machine with a network interface that had no link signal, or at least lacked the virtual equivalent of it. It was not entirely obvious how to do this, and some of the ways I tried didn't work. So let's start with the easier thing to do, which is to set up a network interface that exists but doesn't talk to anything.

The easiest way I know of to do this is to create an 'isolated' libvirt network. An isolated libvirt network is essentially a virtual switch (technically a bridge) that is not connect to the outside world in any way. If your virtual machine's network interface is the only thing connected to this isolated network, it will have link signal but nothing out there to talk to. You can create such a network either through explicitly writing and loading the network XML yourself or through a GUI such as virt-manager (I recommend the GUI).

However, what I wanted was a network interface (a link) that was down, not up but connected to a non-functioning network. This is possible in several different ways through libvirt's various interfaces.

If a virtual machine is running, there are 'virsh' commands that will let you see the virtual machine's interfaces and manipulate their state. 'virsh domiflist <domain>' will give you the interface names, then 'domif-getlink <domain> <interface>' will get its current state and 'domif-setlink <domain> <interface> <state>' will change it. If the virtual machine is not running, you'll need to get the interface's MAC from 'domiflist', then use 'domif-setlink <domain> <iface> <state> --config' to affect the link state when the virtual machine starts up. However, you'll need to remember to later reset things with 'domif-setlink ... up --config' to make the interface be active on future boots.

If you like virt-manager's GUI (which I do), the easier approach for a powered down virtual machine is to go into its hardware list, pick the network device, and untick the 'Link state: active' tickbox (then Apply this change). You can then start the VM, which will come up with the interface behaving as if it had no network cable connected. Later you can tick the box again (and apply it) to reconnect the interface. The same thing can be done by editing the domain XML for the virtual machine to modify virtual link state. I believe this is what 'domif-setlink ... --config' does behind the scenes, although I haven't dumped the XML after such a change to see.

(In general there's a fair amount of interesting things lurking in the virsh manual page. For instance, until today I didn't know about 'virsh console' to connect to the serial console of a virtual machine.)

linux/LibvirtInactiveNetInterfaces written at 23:10:47;


Page tools: See As Normal.
Search:
Login: Password:

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.