ArmoredGate/volt-vmm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Volt VMM (Neutron Stardust): source-available under AGPSL v5.0

Browse Source 
KVM-based microVMM for the Volt platform:
- Sub-second VM boot times
- Minimal memory footprint
- Landlock LSM + seccomp security
- Virtio device support
- Custom kernel management

Copyright (c) Armored Gates LLC. All rights reserved.
Licensed under AGPSL v5.0
This commit is contained in:
Karl Clinger
2026-03-21 01:04:35 -05:00
commit 40ed108dd5
143 changed files with 50300 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

120
networking/README.md Normal file
View File

@@ -0,0 +1,120 @@
# Volt Unified Networking
Shared network infrastructure for Volt VMs and Voltainer containers.
## Architecture
```
┌─────────────────────────────────────────────────────────────────────┐
│ Host (systemd-networkd) │
│ ┌────────────────────────────────────────────────────────────────┐ │
│ │ volt0 (bridge) │ │
│ │ 10.42.0.1/24 │ │
│ │ ┌──────────────────────────────────────────────────────────┐ │ │
│ │ │ Address Pool: 10.42.0.2 - 10.42.0.254 (DHCP or static) │ │ │
│ │ └──────────────────────────────────────────────────────────┘ │ │
│ └────┬──────────┬──────────┬──────────┬──────────┬─────────────┘ │
│ │ │ │ │ │ │
│ ┌────┴────┐┌────┴────┐┌────┴────┐┌────┴────┐┌────┴────┐ │
│ │ tap0 ││ tap1 ││ veth1a ││ veth2a ││ macvtap │ │
│ │ (NovaVM)││ (NovaVM)││(Voltain)││(Voltain)││ (pass) │ │
│ └────┬────┘└────┬────┘└────┬────┘└────┬────┘└────┬────┘ │
│ │ │ │ │ │ │
└───────┼──────────┼──────────┼──────────┼──────────┼───────────────┘
│ │ │ │ │
┌────┴────┐┌────┴────┐┌────┴────┐┌────┴────┐ │
│ VM 1 ││ VM 2 ││Container││Container│ │
│10.42.0.2││10.42.0.3││10.42.0.4││10.42.0.5│ │
└─────────┘└─────────┘└─────────┘└─────────┘ │
┌─────┴─────┐
│ SR-IOV VF │
│ Passthru │
└───────────┘
```
## Network Types
### 1. Bridged (Default)
- VMs connect via TAP devices
- Containers connect via veth pairs
- All on same L2 network
- Full inter-VM and container communication
### 2. Isolated
- Per-workload network namespace
- No external connectivity
- Useful for security sandboxing
### 3. Host-Only
- NAT to host network
- No external inbound (unless port-mapped)
- iptables masquerade
### 4. Macvtap/SR-IOV
- Near-native network performance
- Direct physical NIC access
- For high-throughput workloads
## Components
```
networking/
├── systemd/ # networkd unit files
│ ├── volt0.netdev # Bridge device
│ ├── volt0.network # Bridge network config
│ └── 90-volt-vmm.link # Link settings
├── pkg/ # Go package
│ └── unified/ # Shared network management
├── configs/ # Example configurations
└── README.md
```
## Usage
### Installing systemd units
```bash
sudo cp systemd/*.netdev systemd/*.network /etc/systemd/network/
sudo systemctl restart systemd-networkd
```
### Creating a TAP for Volt VM
```go
import "volt-vmm/networking/pkg/unified"
nm := unified.NewManager("/run/volt-vmm/network")
tap, err := nm.CreateTAP("volt0", "vm-abc123")
// tap.Name = "tap-abc123"
// tap.FD = ready-to-use file descriptor
```
### Creating veth for Voltainer container
```go
veth, err := nm.CreateVeth("volt0", "container-xyz")
// veth.HostEnd = "veth-xyz-h" (in bridge)
// veth.ContainerEnd = "veth-xyz-c" (move to namespace)
```
## IP Address Management (IPAM)
The unified IPAM provides:
- Static allocation from config
- Dynamic allocation from pool
- DHCP server integration (optional)
- Lease persistence
```json
{
"network": "volt0",
"subnet": "10.42.0.0/24",
"gateway": "10.42.0.1",
"pool": {
"start": "10.42.0.2",
"end": "10.42.0.254"
},
"reservations": {
"vm-web": "10.42.0.10",
"container-db": "10.42.0.20"
}
}
```