0

This is for SDN LAB in the GNS3 with Asterisk.

I have KVM physical host in Germany (everyone knows where I guess). I have a GNS3 lab running on Debian VM with some more VMs inside Vbox there. I'm connected to Internet via GNS3 Cloud and it's working for me fine (I can access Internet from the lab/Asterisk).

Now I have two networks:

virsh # net-list

 Name                 State      Autostart     Persistent
----------------------------------------------------------
 br0                  active     yes           yes
 default              active     yes           yes

Where 'br0' is bridged with NIC on the physical server and 'default' is connected to virbr0 assigned 192.168.122.0/24. My Debian VM is connected via virtio.

I would like to run Asterisk inside Virtualbox on Debian VM. I have ordered secondary public IP that I'd like to use for KVM management, while the other will serve VMs, but the host has only 1 NIC.

What is the best solution by means of security? Shall I just create br1 and connect that to Debian VM? Or is it better to use current br0 and have VLANs? I don't remember really why I'm using virbr0 with that VM instead of br0. This solution seems messy at the moment and I'm trying to fix everything without losing access to the host (as I don't have a console).

Michael Hampton
  • 237,123
  • 42
  • 477
  • 940
JorgeRaggs
  • 1
  • 1
  • Do you mean Hetzner? You should [name your service providers](https://meta.serverfault.com/q/963/126632), as they are often relevant. – Michael Hampton Mar 17 '19 at 15:06
  • Oh yes, sorry, It is Hetzner. I was not sure what is the policy on naming these companies. They have a guide (showing how to assign public IPs to VMs), but for some reason I'm unable to create a new bridge = perhaps because it's not linked to a physical interface. What happens though if I have two bridges mapped to the same interface. – JorgeRaggs Mar 17 '19 at 16:00
  • Hm, I'm pretty sure I've seen similar Hetzner-specific questions before. You may want to check out the questions in the [tag:hetzner] tag. – Michael Hampton Mar 17 '19 at 16:01
  • It seems I'm getting further. It does not work when I have a separate MAC address with the secondary IP address. I'm wondering how the flow might be affected though if I'm going to use a single MAC for both IPs (management and VMs) So I cancelled the separate MAC in Hetzner robot and I have the connectivity again for my new bridge interface. I'm still fighting though as VM guest does not seem to connect to the bridge interface. – JorgeRaggs Mar 18 '19 at 19:15

0 Answers0