Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

vz: support .[]networks.vzNAT networking #1207

Merged
merged 1 commit into from
Nov 27, 2022
Merged

vz: support .[]networks.vzNAT networking #1207

merged 1 commit into from
Nov 27, 2022

Conversation

AkihiroSuda
Copy link
Member

Introduces a new YAML property .[]networks.vzNAT for enabling VZNATNetworkDeviceAttachment. No root privilege is needed.

.[]networks.lima is reserved for future support of socket_vmnet for VZ.

Fix #1161
Replaces #1206

@AkihiroSuda AkihiroSuda added this to the v0.14 milestone Nov 25, 2022
@AkihiroSuda AkihiroSuda mentioned this pull request Nov 25, 2022
Closed
@AkihiroSuda
vz: support .[]networks.vzNAT networking
8767e7b 
Introduces a new YAML property `.[]networks.vzNAT` for enabling `VZNATNetworkDeviceAttachment`.
No root privilege is needed.

`.[]networks.lima` is reserved for future support of `socket_vmnet` for VZ.

Fix issue 1161
Replaces PR 1206

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
@AkihiroSuda
Copy link
Member Author

Looks like the IP is reachable from the host but not from other VZ instances 😞

$ curl 192.168.105.28
curl: (7) Failed to connect to 192.168.105.28 port 80 after 3077 ms: No route to host

This issue does not happen with QEMU + socket_vmnet 🤔

@abiosoft
Copy link
Contributor

Is the IP address configurable?

@AkihiroSuda
Copy link
Member Author

Is the IP address configurable?

No. I don't see the API for that.
https://developer.apple.com/documentation/virtualization/vznatnetworkdeviceattachment?language=objc

@abiosoft
Copy link
Contributor

No. I don't see the API for that. https://developer.apple.com/documentation/virtualization/vznatnetworkdeviceattachment?language=objc

I was surprised to get an IP address in the same IP range used for socket_vmnet (on Colima) without any extra configuration i.e. 192.168.106.x.

@balajiv113
Copy link
Member

Looks like the IP is reachable from the host but not from other VZ instances 😞

$ curl 192.168.105.28
curl: (7) Failed to connect to 192.168.105.28 port 80 after 3077 ms: No route to host

This issue does not happen with QEMU + socket_vmnet 🤔

That's odd, maybe gvisor-tap-vsock routing it via their interface but even then the host network should be able to access the other guest ip.

@AkihiroSuda
Copy link
Member Author

other guest IP

It looks like VZNAT enables vmnet_enable_isolation_key by default and it is not configurable: https://github.com/cirruslabs/softnet/tree/main#working-model

@balajiv113
Copy link
Member

Support for it is there in private API
0x001e7412c18 -[VZNATNetworkDeviceAttachment _setInterfaceIsolationEnabled:]

Reference - https://github.com/Code-Hex/vz/wiki/Private-API-on-macOS-13

Apple might expose it in upcoming versions

@balajiv113
Copy link
Member

I was able to call using this private API, but interestingly VM crashes when i set it to false.

balajiv113
balajiv113 reviewed Nov 27, 2022
View reviewed changes
Copy link
Member

@balajiv113 balajiv113 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Apart from the restrictions of vzNAT the changes looks good to me.

Just one point,
Should we also provide a way to get VM IP from limactl ?? I think its not present as of now as well or maybe document ??

@AkihiroSuda
Copy link
Member Author

Should we also provide a way to get VM IP from limactl ?? I think its not present as of now as well or maybe document ??

limactl shell INSTANCE ip might suffice?

@balajiv113
Copy link
Member

Should we also provide a way to get VM IP from limactl ?? I think its not present as of now as well or maybe document ??

limactl shell INSTANCE ip might suffice?

Ah yes, that should be sufficient 👍

@AkihiroSuda
Copy link
Member Author

I assume this is mergable

@AkihiroSuda AkihiroSuda merged commit 7f9f3fa into lima-vm:master Nov 27, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@balajiv113 balajiv113 balajiv113 left review comments

Assignees
No one assigned
Labels
component/network/vmnet component/vz
Projects
None yet
Milestone
v0.14.0
Development

Successfully merging this pull request may close these issues.

vz: support "vznat" network
3 participants
@AkihiroSuda @abiosoft @balajiv113