| blob | 2448fb09e77fdb73bef7f3872eee9c02bb769055 |
4 <body>
8 </ul>
10 <p>
11 This page provides an introduction to the network XML format. For
12 background information on the concepts referred to here, consult the
14 </p>
18 <p>
19 The root element required for all virtual networks is
22 optional read-only attribute - when examining the live
23 configuration of a network, the
25 number of guest interfaces currently connected via this
26 network). The network XML format is
28 </p>
32 <p>
33 The first elements provide basic metadata about the virtual
34 network.
35 </p>
37 <pre>
45 ...</pre>
47 <dl>
50 a short name for the virtual network. This name should
51 consist only of alpha-numeric characters and is required
52 to be unique within the scope of a single host. It is
53 used to form the filename for storing the persistent
57 a globally unique identifier for the virtual network.
59 If omitted when defining/creating a new network, a random
62 store custom metadata in the form of XML nodes/trees. Applications
63 must use custom namespaces on their XML nodes/trees, with only
64 one top-level element per namespace (if the application needs
65 structure, they should have sub-elements to their namespace
70 a network definition with no IPv6 gateway addresses specified
71 to have guest-to-guest communications. For further information,
72 see the example below for the example with no gateway addresses.
76 be used to set that attribute of the same name for each domain
80 interfaces</a> section of the domain XML documentation for
81 more details. Note that an explicit setting of this attribute
82 in a portgroup or the individual domain interface will
83 override the setting in the network.</dd>
84 </dl>
88 <p>
89 The next set of elements control how a virtual network is
90 provided connectivity to the physical LAN (if at all).
91 </p>
93 <pre>
94 ...
99 ...</pre>
101 <dl>
104 defines the name of a bridge device which will be used to construct
105 the virtual network. The virtual machines will be connected to this
106 bridge device allowing them to talk to each other. The bridge device
107 may also be connected to the LAN. When defining
112 automatically generate a unique name for the bridge device if
113 none is given, and this name will be permanently stored in the
114 network configuration so that that the same name will be used
115 every time the network is started. For these types of networks
116 (nat, route, open, and isolated), a bridge name beginning with the
117 prefix "virbr" is recommended (and that is what is
118 auto-generated), but not enforced.
120 is 'on' or 'off' (default is
122 delay value in seconds (default is 0).
125 <p>
127 element is used to tell libvirt how the bridge's MAC address
128 table (used to determine the correct egress port for packets
129 based on destination MAC address) will be managed. In the
131 automatically adds and removes entries, typically using
132 learning, flooding, and promiscuous mode on the bridge's
133 ports in order to determine the proper egress port for
136 of the MAC table (in the case of the Linux host bridge, this
137 means enabling vlan_filtering on the bridge, and disabling
138 learning and unicast_filter for all bridge ports), and
139 explicitly adds/removes entries to the table according to
140 the MAC addresses in the domain interface configurations.
141 Allowing libvirt to manage the MAC table can improve
142 performance - with a Linux host bridge, for example, turning
143 off learning and unicast_flood on ports has its own
144 performance advantage, and can also lead to an additional
145 boost by permitting the kernel to automatically turn off
146 promiscuous mode on some ports of the bridge (in particular,
147 the port attaching the bridge to the physical
148 network). However, it can also cause some networking setups
149 to stop working (e.g. vlan tagging, multicast,
150 guest-initiated changes to MAC address) and is not supported
151 by older kernels.
153 newer</span>
154 </p>
156 <p>
163 of all virtual networks with these forward modes are placed
164 in the firewalld zone named "libvirt", which permits
165 incoming DNS, DHCP, TFTP, and SSH to the host from guests on
166 the network. This behavior can be changed either by
167 modifying the libvirt zone (using firewalld management
168 tools), or by placing the network in a different zone (which
169 will also be managed using firewalld tools).
171 </p>
172 </dd>
175 <dd>
177 element specifies the Maximum Transmission Unit (MTU) for the
179 of a libvirt-managed network (one with forward mode
182 this will be the MTU assigned to the bridge device when
183 libvirt creates it, and thereafter also assigned to all tap
184 devices created to connect guest interfaces. Network types not
185 specifically mentioned here don't support having an MTU set in
186 the libvirt network config. If mtu size is unspecified, the
187 default setting for the type of device being used is assumed
188 (usually 1500).
189 </dd>
192 <dd>
194 element defines the DNS domain of the DHCP server. This
195 element is optional, and is only used for those networks with
200 <p>
203 this domain will only be resolved by the virtual network's own
204 DNS server - they will not be forwarded to the host's upstream
208 </p>
209 </dd>
212 the virtual network is to be connected to the physical
216 network will be isolated from any other network (unless a
217 guest connected to that network is acting as a router, of
218 course). The following are valid settings
221 assumed):
222 <dl>
224 <dd>
225 All traffic between guests connected to this network and
226 the physical network will be forwarded to the physical
227 network via the host's IP routing stack, after the guest's
228 IP address is translated to appear as the host machine's
229 public IP address (a.k.a. Network Address Translation, or
230 "NAT"). This allows multiple guests, all having access to
231 the physical network, on a host that is only allowed a
232 single public IP address. If a network has any IPv6
233 addresses defined, the IPv6 traffic will be forwarded
234 using plain routing, since IPv6 has no concept of NAT.
235 Firewall rules will allow outbound connections to any
236 other network device whether ethernet, wireless, dialup,
238 firewall rules will restrict forwarding to the named
239 device only. Inbound connections from other networks are
240 all prohibited; all connections between guests on the same
241 network, and to/from the host to the guests, are
246 specify a public IPv4 address and port range to be used for
248 Note that all addresses from the range are used, not just those
249 that are in use on the host.
252 attributes:
253 </p>
254 <pre>
255 ...
261 ...</pre>
262 <p>
263 A single IPv4 address can be set by setting
265 the same value.
266 </p>
267 <p>
270 </p>
271 <pre>
272 ...
278 ...</pre>
279 </dd>
282 <dd>
283 Guest network traffic will be forwarded to the physical
284 network via the host's IP routing stack, but without
286 attribute is set, firewall rules will restrict forwarding
287 to the named device only. This presumes that the local LAN
288 router has suitable routing table entries to return
289 traffic to this host. All incoming and outgoing sessions
290 to guest on these networks are unrestricted. (To restrict
291 incoming traffic to a guest on a routed network, you can
293 on the guest's interfaces.)
295 </dd>
298 <dd>
299 As with mode='route', guest network traffic will be
300 forwarded to the physical network via the host's IP
301 routing stack, but there will be no firewall rules added
302 to either enable or prevent any of this traffic. When
304 cannot be set (because the forward dev is enforced with
305 firewall rules, and the purpose of forward='open' is to
306 have a forwarding mode where libvirt doesn't add any
307 firewall rules). This mode presumes that the local LAN
308 router has suitable routing table entries to return
309 traffic to this host, and that some other management
310 system has been used to put in place any necessary
311 firewall rules. Although no firewall rules will be added
312 for the network, it is of course still possible to add
313 restrictions for specific guests using
315 guests' interfaces.)
317 </dd>
320 <dd>
321 This network describes either 1) an existing host bridge
322 that was configured outside of libvirt (if
325 existing Open vSwitch bridge that was configured outside of
330 interface or group of interfaces to be used for a "direct"
331 connection via macvtap using macvtap's "bridge" mode (if
332 the forward element has one or
336 attachment to physical interface</a> for descriptions of
337 the various macvtap modes). libvirt doesn't attempt to
338 manage the bridge interface at all, thus
341 iptables rules, IP addresses, or DHCP/DNS services are
342 added; at the IP level, the guest interface appears to be
343 directly connected to the physical
345 </dd>
347 <dd>
348 This network uses a macvtap "direct" connection in
349 "private" mode to connect each guest to the network. The
350 physical interface to be used will be picked from among
353 802.1Qbh mode (as indicated by
355 that this requires an 802.1Qbh-capable hardware switch),
356 each physical interface can only be in use by a single
357 guest interface at a time; in modes other than 802.1Qbh,
358 multiple guest interfaces can share each physical
359 interface (libvirt will attempt to balance usage between
362 </dd>
364 <dd>
366 mode to connect each guest to the network (this requires
367 that the physical interfaces used be connected to a
368 vepa-capable hardware switch. The physical interface to be
369 used will be picked from among those listed
372 interfaces can share each physical interface (libvirt will
373 attempt to balance usage between all available
375 </dd>
377 <dd>
378 This network uses a macvtap "direct" connection in
379 "passthrough" mode to connect each guest to the network
381 passthrough"). The physical interface to be used will be
382 picked from among those listed
385 interface can only be in use by a single guest interface
386 at a time, so libvirt will keep track of which interfaces
387 are currently in use, and only assign unused interfaces
388 (if there are no available physical interfaces when a
389 domain interface is being attached, an error will be
390 logged, and the operation causing the attach will fail
391 (usually either a domain start, or a hotplug interface
393 </dd>
395 <dd>
396 This network facilitates PCI Passthrough of a network
397 device. A network device is chosen from the interface
398 pool and directly assigned to the guest using generic
399 device passthrough, after first optionally setting the
400 device's MAC address and vlan tag to the configured value,
401 and optionally associating the device with an 802.1Qbh
403 element. Note that - due to limitations in standard
404 single-port PCI ethernet card driver design - only SR-IOV
405 (Single Root I/O Virtualization) virtual function (VF)
406 devices can be assigned in this manner; to assign a
407 standard single-port PCI or PCIe ethernet card to a guest,
411 <p>
412 To force use of a particular type of device assignment,
416 is a new method of device assignment that is compatible
417 with UEFI Secure Boot) or "kvm" (the legacy device
418 assignment handled directly by the KVM kernel module)
421 device assignment will fail if the requested method of
422 device assignment isn't available on the host. When not
423 specified, the default is "vfio" on systems where the
424 VFIO driver is available and loaded, and "kvm" on older
425 systems, or those where the VFIO driver hasn't been
427 that the default was always "kvm").
428 </p>
431 devices is very similar to the functionality of a
433 difference being that this method allows specifying a MAC
435 for the passed-through device. If these capabilities are
436 not required, if you have a standard single-port PCI,
437 PCIe, or USB network card that doesn't support SR-IOV (and
438 hence would anyway lose the configured MAC address during
439 reset after being assigned to the guest domain), or if you
440 are using a version of libvirt older than 0.10.0, you
441 should use a standard
443 domain's configuration to assign the device to the guest
447 </p>
448 </dd>
449 </dl>
452 one giving the name of a physical interface that can be used
454 <pre>
455 ...
463 ...
464 </pre>
465 <p>
468 attribute - when examining the live configuration of a
470 specifies the number of guest interfaces currently connected
471 via this physical interface.
472 </p>
473 <p>
475 allows a shorthand for specifying all virtual interfaces
476 associated with a single physical function, by using
478 corresponding physical interface associated with multiple
479 virtual interfaces:
480 </p>
481 <pre>
482 ...
486 ...
487 </pre>
489 <p>When a guest interface is being constructed, libvirt will pick
490 an interface from this list to use for the connection. In
491 modes where physical interfaces can be shared by multiple
492 guest interfaces, libvirt will choose the interface that
493 currently has the least number of connections. For those modes
494 that do not allow sharing of the physical device (in
495 particular, 'passthrough' mode, and 'private' mode when using
496 802.1Qbh), libvirt will choose an unused physical interface
497 or, if it can't find an unused interface, fail the operation.</p>
499 <p>
501 mode 'hostdev', the interface pool is specified with a list
506 attributes.
507 </p>
508 <pre>
509 ...
516 ...
517 </pre>
519 Alternatively the interface pool can also be defined using a
521 call out the corresponding physical interface associated with
522 multiple virtual interfaces (similar to passthrough mode):
524 <pre>
525 ...
529 ...
530 </pre>
532 </dd>
533 </dl>
536 <pre>
537 ...
543 ...</pre>
545 <p>
547 quality of service for a particular network
556 a failure to define the network or to create a transient network.
557 </p>
558 <p>
563 </p>
564 <p>
566 the bandwidth only applies to that one interface of the domain.
568 is a total aggregate bandwidth to/from all guest interfaces attached
572 than the aggregate for the entire network, then the aggregate
574 This is because the two choke points are independent of each other
576 is applied on the interface's tap device, while the
578 interface part of the bridge device created for that network.
579 </p>
580 <p>
581 As a subelement of a
589 applied individually to each guest interface defined to be a
592 will override the setting in the portgroup
594 </p>
595 <p>
596 Incoming and outgoing traffic can be shaped independently. The
599 child element. Leaving either of these children elements out
600 results in no QoS applied for that traffic direction. So,
601 when you want to shape only incoming traffic, use
605 where accepted values for each attribute is an integer number.
606 </p>
607 <dl>
609 <dd>
610 Specifies the desired average bit rate for the interface
611 being shaped (in kilobytes/second).
612 </dd>
614 <dd>
615 Optional attribute which specifies the maximum rate at
616 which the bridge can send data (in kilobytes/second).
617 Note the limitation of implementation: this attribute in the
619 filters don't know it yet).
620 </dd>
622 <dd>
623 Optional attribute which specifies the amount of kilobytes that
625 </dd>
627 <dd>
629 element. This attribute guarantees minimal throughput for
630 shaped interfaces. This, however, requires that all traffic
631 goes through one point where QoS decisions can take place, hence
632 why this attribute works only for virtual networks for now
634 forward type of route, nat, or no forward at all). Moreover, the
635 virtual network the interface is connected to is required to have
640 Currently, the Linux kernel doesn't allow ingress qdiscs to have
643 </dd>
644 </dl>
646 <p>
652 </p>
656 <pre>
674 </pre>
676 <p>
677 If (and only if) the network connection used by the guest
678 supports VLAN tagging transparent to the guest, an
680 more VLAN tags to apply to the guest's network
682 connections that support guest-transparent VLAN tagging include
683 1) type='bridge' interfaces connected to an Open vSwitch bridge
685 Functions (VF) used via type='hostdev' (direct device
687 SRIOV VFs used via type='direct' with mode='passthrough'
692 provide their own way (outside of libvirt) to tag guest traffic
693 onto a specific VLAN. Each tag is given in a
697 is supported only on Open vSwitch connections),
699 which implies that the user wants to do VLAN trunking on the
700 interface for all the specified tags. In the case that VLAN
701 trunking of a single tag is desired, the optional
704 single tag from normal tagging.
705 </p>
706 <p>
707 For network connections using Open vSwitch it is also possible
708 to configure 'native-tagged' and 'native-untagged' VLAN modes
715 to be the "native" VLAN for this interface, and
717 traffic for that VLAN will be tagged.
718 </p>
719 <p>
723 that a vlan tag is specified in multiple locations, the setting
730 </p>
734 <pre>
735 ...
761 ...</pre>
763 <p>
765 A portgroup provides a method of easily putting guest
766 connections to the network into different classes, with each
767 class potentially having a different level/type of service.
769 network can have multiple portgroup elements (and one of those
770 can optionally be designated as the 'default' portgroup for the
771 network), and each portgroup has a name, as well as various
772 attributes and subelements associated with it. The currently supported
777 If a domain interface definition specifies a portgroup (by
780 info will be merged into the interface's configuration. If no
781 portgroup is given in the interface definition, and one of the
783 default portgroup will be used. If no portgroup is given in the
784 interface definition, and there is no default portgroup, then
787 specified directly in the domain XML will take precedence over
788 any setting in the chosen portgroup. if
790 (and/or directly in the network definition), the multiple
791 virtualports will be merged, and any parameter that is specified
792 in more than one virtualport, and is not identical, will be
793 considered an error, and will prevent the interface from
794 starting.
795 </p>
796 <p>
797 portgroups also support the optional
799 set that attribute of the same name for each domain interface
803 interfaces</a> section of the domain XML documentation for more
804 details. Note that an explicit setting of this attribute in the
805 portgroup overrides the network-wide setting, and an explicit
806 setting in the individual domain interface will override the
807 setting in the portgroup.
808 </p>
811 <p>
812 Static route definitions are used to provide routing information
813 to the virtualization host for networks which are not directly
814 reachable from the virtualization host, but *are* reachable from
815 a guest domain that is itself reachable from the
817 </p>
819 <p>
821 example</a>, it is possible to define a virtual network
822 interface with no IPv4 or IPv6 addresses. Such networks are
823 useful to provide host connectivity to networks which are only
824 reachable via a guest. A guest with connectivity both to the
825 guest-only network and to another network that is directly
826 reachable from the host can act as a gateway between the
827 networks. A static route added to the "host-visible" network
828 definition provides the routing information so that IP packets
829 can be sent from the virtualization host to guests on the hidden
830 network.
831 </p>
833 <p>
834 Here is a fragment of a definition which shows the static
835 route specification as well as the IPv4 and IPv6 definitions
836 for network addresses which are referred to in the
838 that the third static route specification includes the
840 This particular route would *not* be preferred if there was
841 another existing rout on the system with the same address and
842 prefix but with a lower value for the metric. If there is a
843 route in the host system configuration that should be overridden
844 by a route in a virtual network whenever the virtual network is
845 running, the configuration for the system-defined route should
846 be modified to have a higher metric, and the route on the
847 virtual network given a lower metric (for example, the default
848 metric of "1").
849 </p>
851 <pre>
852 ...
861 <route family="ipv6" address="2001:db9:4:1::" prefix="64" gateway="2001:db8:ca2:2::3" metric='2'/>
862 ...
863 </pre>
867 <p>
868 The final set of elements define the addresses (IPv4 and/or
869 IPv6, as well as MAC) to be assigned to the bridge device
870 associated with the virtual network, and optionally enable DHCP
871 services. These elements are only valid for isolated networks
873 a forward mode of 'route' or 'nat'.
874 </p>
876 <pre>
877 ...
885 <srv service='name' protocol='tcp' domain='test-domain-name' target='.'
901 </pre>
903 <dl>
907 hexadecimal numbers, the groups separated by colons
909 assigned to the bridge device when it is created. Generally
910 it is best to not specify a MAC address when creating a
911 network - in this case, if a defined MAC address is needed for
912 proper operation, libvirt will automatically generate a random
913 MAC address and save it in the config. Allowing libvirt to
914 generate the MAC address will assure that it is compatible
915 with the idiosyncrasies of the platform where libvirt is
917 </dd>
919 <dd> The dns element of a network contains configuration
920 information for the virtual network's DNS
923 <p>
927 setup by libvirt for this network (and any other
931 element) then a DNS server will be setup by libvirt to
932 listen on all IP addresses specified in the network's
933 configuration.
934 </p>
935 <p>
936 The dns element
940 requests for names that are not qualified with a domain
941 (i.e. names with no "." character) will not be forwarded to
942 the host's upstream DNS server - they will only be resolved if
943 they are known locally within the virtual network's own DNS
946 server if they can't be resolved by the virtual network's own
947 DNS server.
948 </p>
951 <dl>
955 forwarder element defines an alternate DNS server to use
956 for some, or all, DNS requests sent to this network's DNS
961 are specified, then all requests that match the given
962 domain will be forwarded to the DNS server at addr. If
964 domains will be resolved locally (or via the host's
965 standard DNS forwarding if they can't be resolved
967 then all DNS requests to the network's DNS server will be
968 forwarded to the DNS server at that address with no
972 </dd>
975 Each txt element defines a DNS TXT record and has two attributes, both
976 required: a name that can be queried via dns, and a value that will be
977 returned when that name is queried. names cannot contain embedded spaces
978 or commas. value is a single string that can contain multiple values
980 </dd>
983 definition of DNS hosts to be passed to the DNS service. The IP
988 </dd>
989 </dl>
990 <dl>
1000 </dd>
1001 </dl>
1002 </dd>
1005 dotted-decimal format, or an IPv6 address in standard colon-separated
1006 hexadecimal format, that will be configured on the bridge device
1007 associated with the virtual network. To the guests this IPv4 address
1008 will be their IPv4 default route. For IPv6, the default route is
1009 established via Router Advertisement. For IPv4 addresses, the
1011 network address, again specified in dotted-decimal format. For IPv6
1012 addresses, and as an alternate method for IPv4 addresses, the
1013 significant bits of the network address can be specified with the
1022 not forward any reverse DNS requests for IP addresses from the network
1026 IPv6) libvirt may be unable to compute the PTR domain automatically.
1031 contain the following elements:
1033 <dl>
1037 specifies the path to the root directory served via TFTP. The
1039 and can only be specified on a single IPv4 address per network.
1041 </dd>
1044 <dd>The presence of this element enables DHCP services on the
1048 address of each type per network. The following sub-elements are
1049 supported:
1050 <dl>
1054 addresses to be provided to DHCP clients. These two addresses
1055 must lie within the scope of the network defined on the parent
1059 </dd>
1063 be given names and predefined IP addresses by the built-in DHCP
1065 address of the host to be assigned a given name (via the
1069 element differs slightly from that for IPv4: there is no
1072 used to identify the host to be assigned the IPv6 address. For
1073 DHCPv6, the name is the plain name of the client host sent by the
1074 client to the server. Note that this method of assigning a
1075 specific IP address can also be used for IPv4 instead of the
1078 </dd>
1081 options to be provided by the DHCP server for IPv4 only. Two
1083 gives the file to be used for the boot image;
1085 TFTP server from which the boot image will be fetched.
1088 is used. The BOOTP options currently have to be the same for
1089 all address ranges and statically assigned addresses. <span
1092 </dd>
1093 </dl>
1094 </dd>
1095 </dl>
1096 </dd>
1097 </dl>
1101 <p>
1102 A special XML namespace is available for passing options directly to the
1103 underlying dnsmasq configuration file. Usage of XML namespaces comes with no
1104 support guarantees, so use at your own risk.
1105 </p>
1107 <p>
1110 underlying dnsmasq instance.
1111 <pre>
1113 ...
1119 </p>
1125 <p>
1126 This example is the so called "default" virtual network. It is
1127 provided and enabled out-of-the-box for all libvirt installations.
1128 This is a configuration that allows guest OS to get outbound
1129 connectivity regardless of whether the host uses ethernet, wireless,
1130 dialup, or VPN networking without requiring any specific admin
1131 configuration. In the absence of host networking, it at least allows
1132 guests to talk directly to each other.
1133 </p>
1135 <pre>
1149 <p>
1150 Below is a variation of the above example which adds an IPv6
1151 dhcp range definition.
1152 </p>
1154 <pre>
1173 <p>
1174 This is a variant on the default network which routes traffic
1175 from the virtual network to the LAN without applying any NAT.
1176 It requires that the IP address range be pre-configured in the
1177 routing tables of the router on the host network. This example
1178 further specifies that guest traffic may only go out via the
1180 </p>
1182 <pre>
1195 <p>
1196 Below is another IPv6 variation. Instead of a dhcp range being
1197 specified, this example has a couple of IPv6 host definitions.
1198 Note that most of the dhcp host definitions use an "id" (client
1199 id or DUID) since this has proven to be a more reliable way
1200 of specifying the interface and its association with an IPv6
1201 address. The first is a DUID-LLT, the second a DUID-LL, and
1203 </p>
1205 <pre>
1226 <p>
1227 Below is yet another IPv6 variation. This variation has only
1228 IPv6 defined with DHCPv6 on the primary IPv6 network. A static
1229 link if defined for a second IPv6 network which will not be
1230 directly visible on the bridge interface but there will be a
1231 static route defined for this network via the specified
1232 gateway. Note that the gateway address must be directly
1236 </p>
1238 <pre>
1250 <route family="ipv6" address="2001:db8:ca2:8::" prefix="64" gateway="2001:db8:ca2:7::4"/>
1255 <p>
1256 This variant provides a completely isolated private network
1257 for guests. The guests can talk to each other, and the host
1258 OS, but cannot reach any other machines on the LAN, due to
1260 description.
1261 </p>
1263 <pre>
1277 <p>
1278 This variation of an isolated network defines only IPv6.
1279 Note that most of the dhcp host definitions use an "id" (client
1280 id or DUID) since this has proven to be a more reliable way
1281 of specifying the interface and its association with an IPv6
1282 address. The first is a DUID-LLT, the second a DUID-LL, and
1284 </p>
1286 <pre>
1303 <p>
1305 This shows how to use a pre-existing host bridge "br0". The
1306 guests will effectively be directly connected to the physical
1307 network (i.e. their IP addresses will all be on the subnet of
1308 the physical network, and there will be no restrictions on
1309 inbound or outbound connections).
1310 </p>
1312 <pre>
1321 <p>
1324 This shows how to use macvtap to connect to the physical network
1325 directly through one of a group of physical devices (without
1326 using a host bridge device). As with the host bridge network,
1327 the guests will effectively be directly connected to the
1328 physical network so their IP addresses will all be on the subnet
1329 of the physical network, and there will be no restrictions on
1330 inbound or outbound connections. Note that, due to a limitation
1331 in the implementation of macvtap, these connections do not allow
1332 communication directly between the host and the guests - if you
1333 require this you will either need the attached physical switch
1334 to be operating in a mirroring mode (so that all traffic coming
1335 to the switch is reflected back to the host's interface), or
1336 provide alternate means for this communication (e.g. a second
1337 interface on each guest that is connected to an isolated
1338 network). The other forward modes that use macvtap (private,
1339 vepa, and passthrough) would be used in a similar fashion.
1340 </p>
1342 <pre>
1356 <p>
1357 A valid network definition can contain no IPv4 or IPv6 addresses. Such a definition
1359 possible to communicate with the virtualization host via this network. However,
1360 this virtual network interface can be used for communication between virtual guest
1362 However, the new ipv6='yes' must be added for guest-to-guest IPv6
1363 communication.
1364 </p>
1366 <pre>
1374 </body>
1375 </html>