I'm trying to SSH into 2 different firecracker VMs on the same host. I am creating the configuration dynamically as seen below. Both VMs should be fully isolated on their own network. I have 2 IPs allocated (1 for TUN and 1 for the VM).
I can SSH into VM1, but not VM2. Is my IP addressing logic incorrect? How can I properly understanding this.
#!/bin/bash
generate_config() {
local machine_number="$1"
local fc_ip="$2"
local tap_ip="$3"
local fc_mac="$4"
local tap_dev="tap_${machine_number}"
local mask_long="255.255.255.252"
local mask_short="/30"
ip link del "$tap_dev" 2> /dev/null || true
ip tuntap add dev "$tap_dev" mode tap
sysctl -w net.ipv4.conf.${tap_dev}.proxy_arp=1 > /dev/null
sysctl -w net.ipv6.conf.${tap_dev}.disable_ipv6=1 > /dev/null
ip addr add "${tap_ip}${mask_short}" dev "$tap_dev"
ip link set dev "$tap_dev" up
local kernel_boot_args="ro console=ttyS0 noapic reboot=k panic=1 pci=off nomodules random.trust_cpu=on"
kernel_boot_args="${kernel_boot_args} ip=${fc_ip}::${tap_ip}:${mask_long}::eth0:off"
cat > "firecracker_config_${machine_number}.json" << EOF
{
"boot-source": {
"kernel_image_path": "/root/setup/kernel",
"boot_args": "${kernel_boot_args}"
},
"drives": [
{
"drive_id": "rootfs",
"path_on_host": "/firecracker/filesystems/rootfs.ext4",
"is_root_device": true,
"is_read_only": false
}
],
"network-interfaces": [
{
"iface_id": "eth0",
"guest_mac": "${fc_mac}",
"host_dev_name": "${tap_dev}"
}
]
}
EOF
}
# Generate configurations for two VMs
generate_config 1 "169.254.0.21" "169.254.0.22" "02:FC:00:00:00:05"
generate_config 2 "170.254.0.21" "170.254.0.22" "03:FC:00:00:00:05"
there is a dev tool that handles this problematic for you, https://github.com/cubewave/cubewave Maybe you could use that to bypass your own network configuration