Host environments

Edit online

These settings and conditions on the involved hosts are relevant for a successful migration.

Concurrency

Maximum number of concurrent connections
If you connect to the destination host using ssh, increase the maximum number of unauthenticated concurrent connections to perform more than 10 concurrent migrations.
  1. On the destination host, modify the OpenSSH SSH daemon configuration file /etc/ssh/sshd_config. The MaxStartups parameter specifies the maximum number of concurrent connections that have not yet been authenticated. The default is 10, which is specified as follows:
    #MaxStartups 10:30:100
    To allow a maximum number of 100 unauthenticated concurrent connections, change the MaxStartups parameter to:
    #MaxStartups 100
  2. Restart the SSH daemon:
    [root@destination]# systemctl restart sshd.service
Migration port range
In a non-tunneled migration which has an URI of the form qemu+ssh://<destination-host>/system, each virtual server that is migrated uses a distinct destination port.

In addition, both tunneled and non-tunneled migrations use a separate destination port for each virtual disk that is to be migrated.

By default, libvirt uses the destination ports in the range from 49152 to 49215 for a migration. If you need more than 64 destination ports concurrently, increase the migration port range.

To allow for a backward migration, you might want to modify the migration port range of the source host, too.

To increase the migration port range:
  • Change the migration_port_max parameter in /etc/libvirt/qemu.conf to a higher value than the default 49215.
  • Make sure that the firewall configuration is changed to reflect the higher destination port number (see Firewall configuration).

Firewall configuration

Make sure that the firewall configuration of the involved systems allows access to all required network resources.

Open the required migration port range in the firewall of the destination host. If you modified the migration port range which is used by libvirt, open the additional destination ports as well.

Example: 
[root@destination]# firewall-cmd --zone=public --add-port=49152-49215/tcp \
--permanent 
[root@destination]# firewall-cmd --reload

Deadlock prevention

Make sure that the migration is not blocked. In particular:
  • Close all tape device nodes and unload online tape drives.
  • A virtual server program should not be blocked by time-consuming or stalled I/O operations, such as rewinding a tape.

Performance considerations

In most cases, live virtual server migration does not directly affect the host system performance. However, it might have an impact if either the source system or the destination system is heavily loaded or constrained in the areas of CPU utilization, paging, or network bandwidth.