Remotely Power On Your Libvirt VMs with Wake-on-LAN: A Step-by-Step Guide
Managing a virtual environment often involves optimizing for efficiency and power consumption. You don’t always need every virtual machine running, but you need the ability to bring them online quickly and remotely. This is where Wake-on-LAN (WoL), a feature traditionally associated with physical hardware, becomes an incredibly powerful tool for your libvirt-managed VMs.
By enabling WoL, you can keep your VMs in a powered-off state and start them on-demand by sending a special network packet. This guide will walk you through the simple process of configuring and using Wake-on-LAN for your KVM/QEMU virtual machines.
How Does Wake-on-LAN Work with Libvirt?
Unlike a physical machine that relies on a BIOS/UEFI setting and a network card to listen for a “magic packet,” a virtual machine’s WoL capability is managed entirely by the libvirt daemon on the host.
Here’s the process:
- The libvirt daemon listens on the host’s network bridge interface.
- When a WoL magic packet is broadcast on the network, libvirt inspects it.
- If the packet’s destination MAC address matches a VM configured for WoL, libvirt effectively runs a
virsh startcommand on your behalf. - The virtual machine powers on.
This elegant solution allows you to integrate your VMs into existing network management and automation workflows seamlessly.
Configuring Your Virtual Machine for WoL
Enabling Wake-on-LAN requires a minor change to your VM’s XML configuration. The process is straightforward and does not require the VM to be running.
Step 1: Edit the VM’s XML Configuration
First, you need to open your VM’s configuration file for editing using the virsh command-line tool. Be sure to replace your_vm_name with the actual name of your virtual machine.
virsh edit your_vm_name
This command opens the VM’s XML definition in your default text editor.
Step 2: Add the Wake-on-LAN Flag
Scroll through the XML file until you find the <interface> section that corresponds to the network device you want to enable for WoL. Inside this section, you will add a single line: <wol g='yes'/>.
The g stands for “magic packet,” which is the standard mechanism for WoL.
Before:
<interface type='bridge'>
<mac address='52:54:00:ab:cd:ef'/>
<source bridge='br0'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
</interface>
After:
<interface type='bridge'>
<mac address='52:54:00:ab:cd:ef'/>
<source bridge='br0'/>
<wol g='yes'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
</interface>
Once you’ve added the line, save the file and exit the editor. Libvirt applies this change immediately; there is no need to restart the VM or the libvirt service.
Testing Your Wake-on-LAN Setup
Now that your VM is configured, you can test it.
Step 1: Shut Down the Virtual Machine
For WoL to work, the target machine must be in a powered-off or suspended state. If your VM is running, shut it down gracefully.
virsh shutdown your_vm_name
You can verify its state is “shut off” by running virsh list --all.
Step 2: Get the VM’s MAC Address
You will need the MAC address of the VM’s network interface to send the magic packet. You can find this with the domiflist command.
virsh domiflist your_vm_name
The output will show the interface and its associated MAC address.
Interface Type Source Model MAC
--------------------------------------------------------------
vnet0 bridge br0 virtio 52:54:00:ab:cd:ef
Copy the MAC address shown in the output.
Step 3: Send the Magic Packet
From another computer on the same network, use a WoL utility to send the magic packet. Common tools include wakeonlan and ether-wake. Replace the example MAC address below with your VM’s actual MAC address.
wakeonlan 52:54:00:ab:cd:ef
Step 4: Verify the VM is Running
After sending the packet, check the status of your VM on the host machine.
virsh list --all
You should now see that the VM’s state has changed from “shut off” to “running.”
Security and Network Considerations
- Network Segmentation: Standard WoL operates at Layer 2, meaning the magic packet is sent as a broadcast. This typically works only within the same subnet or VLAN. Waking a VM from a different network requires special router configurations to allow directed broadcasts, which is often disabled for security reasons.
- Security Implications: Anyone on the same local network can send a magic packet to power on your VM. In a trusted home or lab environment, this risk is minimal. However, in a corporate or less secure network, be aware that this provides a mechanism for others on the segment to start the machine. Ensure your VM itself is secure with proper authentication and firewall rules.
- Host Firewall: Ensure your hypervisor’s firewall is not blocking UDP port 9, the standard port used for WoL packets. If you have a restrictive firewall policy, you may need to add a rule to allow incoming WoL traffic on your bridge interface.
Source: https://www.linuxlinks.com/virtwold-wake-on-lan-libvirt-based-vms/
