40ed108dd5
KVM-based microVMM for the Volt platform: - Sub-second VM boot times - Minimal memory footprint - Landlock LSM + seccomp security - Virtio device support - Custom kernel management Copyright (c) Armored Gates LLC. All rights reserved. Licensed under AGPSL v5.0
5.1 KiB
5.1 KiB
Volt Unified Networking
Shared network infrastructure for Volt VMs and Voltainer containers.
Architecture
┌─────────────────────────────────────────────────────────────────────┐
│ Host (systemd-networkd) │
│ ┌────────────────────────────────────────────────────────────────┐ │
│ │ volt0 (bridge) │ │
│ │ 10.42.0.1/24 │ │
│ │ ┌──────────────────────────────────────────────────────────┐ │ │
│ │ │ Address Pool: 10.42.0.2 - 10.42.0.254 (DHCP or static) │ │ │
│ │ └──────────────────────────────────────────────────────────┘ │ │
│ └────┬──────────┬──────────┬──────────┬──────────┬─────────────┘ │
│ │ │ │ │ │ │
│ ┌────┴────┐┌────┴────┐┌────┴────┐┌────┴────┐┌────┴────┐ │
│ │ tap0 ││ tap1 ││ veth1a ││ veth2a ││ macvtap │ │
│ │ (NovaVM)││ (NovaVM)││(Voltain)││(Voltain)││ (pass) │ │
│ └────┬────┘└────┬────┘└────┬────┘└────┬────┘└────┬────┘ │
│ │ │ │ │ │ │
└───────┼──────────┼──────────┼──────────┼──────────┼───────────────┘
│ │ │ │ │
┌────┴────┐┌────┴────┐┌────┴────┐┌────┴────┐ │
│ VM 1 ││ VM 2 ││Container││Container│ │
│10.42.0.2││10.42.0.3││10.42.0.4││10.42.0.5│ │
└─────────┘└─────────┘└─────────┘└─────────┘ │
│
┌─────┴─────┐
│ SR-IOV VF │
│ Passthru │
└───────────┘
Network Types
1. Bridged (Default)
- VMs connect via TAP devices
- Containers connect via veth pairs
- All on same L2 network
- Full inter-VM and container communication
2. Isolated
- Per-workload network namespace
- No external connectivity
- Useful for security sandboxing
3. Host-Only
- NAT to host network
- No external inbound (unless port-mapped)
- iptables masquerade
4. Macvtap/SR-IOV
- Near-native network performance
- Direct physical NIC access
- For high-throughput workloads
Components
networking/
├── systemd/ # networkd unit files
│ ├── volt0.netdev # Bridge device
│ ├── volt0.network # Bridge network config
│ └── 90-volt-vmm.link # Link settings
├── pkg/ # Go package
│ └── unified/ # Shared network management
├── configs/ # Example configurations
└── README.md
Usage
Installing systemd units
sudo cp systemd/*.netdev systemd/*.network /etc/systemd/network/
sudo systemctl restart systemd-networkd
Creating a TAP for Volt VM
import "volt-vmm/networking/pkg/unified"
nm := unified.NewManager("/run/volt-vmm/network")
tap, err := nm.CreateTAP("volt0", "vm-abc123")
// tap.Name = "tap-abc123"
// tap.FD = ready-to-use file descriptor
Creating veth for Voltainer container
veth, err := nm.CreateVeth("volt0", "container-xyz")
// veth.HostEnd = "veth-xyz-h" (in bridge)
// veth.ContainerEnd = "veth-xyz-c" (move to namespace)
IP Address Management (IPAM)
The unified IPAM provides:
- Static allocation from config
- Dynamic allocation from pool
- DHCP server integration (optional)
- Lease persistence
{
"network": "volt0",
"subnet": "10.42.0.0/24",
"gateway": "10.42.0.1",
"pool": {
"start": "10.42.0.2",
"end": "10.42.0.254"
},
"reservations": {
"vm-web": "10.42.0.10",
"container-db": "10.42.0.20"
}
}