Ubuntu KVM Virtualization Host: Networking

At our previous article ”Installing Ubuntu KVM Virtualization Host” we have installed a Virtualization Host.

Actually standard installation already made some network configurations for us. As you can see below our virtualization host has a bridge network virbr0. This bridge network will be used by our virtual machines and they will receive an IP number from 192.168.122.0/24 range.
Even though this is a different network then our physical network libvirt will do the necessary arrangements for accessing the Internet. Our virtual machines will be able to access internet.

kok@fhome:~$ ifconfig
eth0      Link encap:Ethernet  HWaddr 00:23:54:21:77:b9
          inet6 addr: fe80::223:54ff:fe21:77b9/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:192915 errors:0 dropped:0 overruns:0 frame:0
          TX packets:99626 errors:0 dropped:0 overruns:0 carrier:2
          collisions:0 txqueuelen:1000
          RX bytes:176580143 (176.5 MB)  TX bytes:26286960 (26.2 MB)
          Interrupt:251 

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:3646 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3646 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:9404099 (9.4 MB)  TX bytes:9404099 (9.4 MB)

virbr0    Link encap:Ethernet  HWaddr 96:6e:cd:22:07:59
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          inet6 addr: fe80::946e:cdff:fe22:759/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:468 (468.0 B)

But can we access our virtual machines? Our Virtual Host will be able to access through the bridge interface but what about the other physical machines at your network? Will they be also able to access our virtual machines? Unfortunately No. Not without some modification.

We can solve this problem two different ways:

• On the virtualization host through a firewall we will  NAT traffic between our physical network and private virtual machine network.
• We define another bridge attached to our physical network. For defining a new bridge you can read one of our previous article “KVM And Bridge Network Definition On Ubuntu“

At my home and office network I am using second approach. I have general firewall so I don’t see any problem with connecting my virtual machines directly to the internal network. But co-location servers at a data center is a different story. There I am using these two solutions in combination.  All of my virtual machines are connected to my virtual network and one of those virtual machines is My firewall appliance. This has two interfaces, one attached to the bridge to the physical network and other one is attached bridge to my private network.

NAT translation and other controls are handled through this virtual appliance. This way my Virtual Host wil have minimal information about my services. I don’t need to any extra application to my host. It will be easier to maintain.

To make it simpler we will use the second approach. Rest of our article series assumes that you have bridge network named br0 and this bridge is attached to your physical network.  We will be publishing several vm-builder based virtual appliances we developed for our own use. (KVM And Bridge Network Definition On Ubuntu)

If you are looking for more information you can check the Ubuntu documentation about KVM Newtworking.

Next step is defining a virtual machine. We will define a Repository Server.

Related posts:

1. Installing Ubuntu KVM Virtualization Host
2. KVM And Bridge Network Definition On Ubuntu
3. Ideal Virtualization Solution using Ubuntu