1

I have a dedicated bare metal server, which is a KVM host and which has it's own IPv4 address. I just ordered another seperate IPv4 address for a KVM guest and which should be used for the KVM guest only. How I can I use both IPv4 addresses, one connecting to the KVM host, the other one should be used for the KVM guest machine?

Should I create a bridge on the KVM host and share this bridge with the KVM guest? Maybe something like this:

auto eth0
iface eth0 inet manual
auto WANbr0
iface WANbr0 inet static
    hwaddress ether 00:16:3e:00:00:00
    address 1.2.3.4
    netmask 255.255.255.248
    broadcast 1.2.3.7
    gateway 1.2.3.1
    bridge_ports eth0
    bridge_stp off
    bridge_fd 0

I would make the KVM guest use the WANbr0 interface in it's xml file and add the new separate IPv4 in /etc/network/interfaces on the guest machine.

  • Would that work?
  • Is this a good approach or is there another one, a better one?
manifestor
  • 5,329
  • 5
  • 21
  • 33
  • 1
    This depends on how the provider routes the IP address to you, which is information you did not provide. You should obtain this information from them. – Michael Hampton Aug 18 '20 at 19:18
  • @MichaelHampton - thanks for the information. The provider says, that the IP address is bound to the MAC address. Further they say, that I can create new MAC addresses for specific IP addresses if I like to. Is this information useful? – manifestor Aug 20 '20 at 09:09
  • Yes, you can bridge the KVM guest's network interface and then use a distinct MAC address (that the provider assigns) as the KVM guest's MAC address. – Michael Hampton Aug 20 '20 at 11:22
  • @MichaelHampton thank you very much! – manifestor Aug 20 '20 at 12:13
  • @MichaelHampton - I haven't started the setup yet, but now they wrote me, that I should "consider the first support email as irrelevant" and that "our subnets are permanently routed to the main IP of the server" and I should use a separate bridge for the KVMs and activate IP forwarding (net.ipv4.ip_forward). This means, that I should use IPTables/NFTables forwarding rules on the hypervisor to the KVM bridged network, correct? :) – manifestor Aug 25 '20 at 18:10
  • That probably means that any traffic related to you as a customer will go through the host (and its MAC address). Be that routing or any naming (including tricks like proxy arp or ipvlan), the provider expects to see frames coming from that system's MAC address and including one of your allocated IP addresses. I don't see where iptables/nftables come to play for the routing part. – A.B Aug 25 '20 at 18:58

0 Answers0