search

cirruslabs / tart

macOS and Linux VMs on Apple Silicon to use in CI and other automations
https://tart.run
Other
3.8k stars 110 forks source link

Is it possible to run multiple Linux vms emulating a typical ethernet network? #906

Open DrGo opened 1 week ago

DrGo commented 1 week ago

I would like to emulate a typical small ethernet network in this configuration:

client <--> router <--> ISP

The ISP provides dhcp/dns to the router. The router which has two NICs provides dhcp/dns to the client which has no access to the ISP.

Is it possible to use Tart to setup 2 or 3 vms that emulate this network?

Thanks,

edigaryev commented 1 week ago

Do I understand correctly that you want to run a router on a Linux-based Tart VM, and make sure that clients (also Linux-based Tart VMs) only access ISP through that router?

Would you mind describing your end-goal here? E.g. filtering internet access for a given VM or something else?

DrGo commented 1 week ago

Correct. I would like to simulate as faithfully as possible the kind of common home network situations where a router isolates machines on local networks (iptables with NAT) and serves dhcp (is-dhcp-server) and dns (unbound) while the router itself gets dhcp-assigned address from an ISP router ( could be the host machine or another vm)

Thanks

edigaryev commented 4 days ago

This could be done fully on host using the VZFileHandleNetworkDeviceAttachment, which we actually use to let the Softnet filter Tart VM's network traffic.

However, given the daemon-less nature of Tart, even if we'll have a host-only solution for this at some point, it'll likely require a separate daemon running on the system to orchestrate the networking and take care of dealing the file descriptors to corresponding VMs and routing the traffic.

For now the easiest way to have a setup like you want is probably setting up VLANs on macOS (requires Ethernet interface) and using the created vlan[0-9]+ interfaces as an argument to --net-bridged.

Afterwards, you can fully handle the networking on your switch/router by creating virtual VLAN interfaces and joining them together as you wish, and it should be much faster than the software-only networking.

DrGo commented 4 days ago

very interesting... do you know of any *nix solution that implements something similar to the first solution you suggested? Thanks for your insights and time