How to add public ip to kvm vps

kvm-virtualization

I have Hetzner dedicated server where is installed Ubuntu server 16.04.

That server has public ip: 198.51.100.33 (only for explanation).

On that server I have installed KVM.

I have bought additional ip address which I want to add to KVM VPS.

How I can add additional ip address to virtual machine?

I have google it and over 10 times crashed network of host server so I had to connect over remote console Lara to restore network configuration.

Thank you

UPDATE 1:

Host server ip: 198.51.100.160

Ip for VPS: 198.51.100.187

Those are fake IP's, used only for explanation

Here is content of /etc/network/interfaces on host server

### Hetzner Online GmbH installimage

auto lo
iface lo inet loopback
iface lo inet6 loopback

auto eth0
iface eth0 inet static
  address 198.51.100.160
  netmask 255.255.255.192
  gateway 198.51.100.129
  # route 198.51.100.128/26 via 198.51.100.129
  up route add -net 198.51.100.128 netmask 255.255.255.192 gw 198.51.100.129 dev eth0

iface eth0 inet6 static
  address 2a0:4d8:201:231d::2
  netmask 64
  gateway fe80::1

I have added on the bottom this:

auto eth0:1
iface eth0:1 inet static
address 198.51.100.187
gateway 198.51.100.129
netmask 255.255.255.192

After that I have installed virt-manager for kvm on host server and connected over vnc to host server.

Using GUI virt-manager I have created virtual machine.

How to add that second ip to that VPS?

Here is screenshot of choices:

UPDATE 2:

Bought subnet ip 198.51.110.64 / 29

Best Answer

Well. The good choice is using bridge interfaces. The bridge works alike unmanaged switch. You can connect to one bridge several virtual machines. Also you can use VLANs inside one bridge or create each bridge per VLAN.

From debian WiKi:

Bridging puts multiple interfaces into the same network segment. This is very popular when connecting a server to multiple switches for high availability or with virtualization. In the latter case it is usually used to create a bridge in the host (eg. ethX) and put the virtual interfaces of the guests (virbrX) into the bridge.

Basically, bridging is plugging one computer into another computer that already has a connection to a larger network (like the internet) and letting the bridged computer use the networked computer’s connection. To do so though, the networked computer needs to have two ethernet ports, one for the big network, and one for the bridged computer.

Another example scenario for using bridging is to provide redundant networking capabilities. For example using two network interfaces to connect to two spanning tree enabled switches provides a redundant connection in the event of a cable, interface or switch failure. This requires spanning tree to be enabled on both the bridge interface and the switch.

You don't need to add route route add -net 198.51.100.128 netmask 255.255.255.192 gw 198.51.100.129 dev eth0 because network is locally connected to eth0 (eth0 has IP address from this network) and gateway 198.51.100.129 is the same as default gateway IP address.

Before all you need to install bridge-utils:

sudo apt install -y bridge-utils

And allow forwarding IP traffic between interfaces:

sudo echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf

To allow forwarding all IP packets via firewall on the host server you need to add firewall rule:

sudo apt install -y iptables-persistent
sudo iptables -I FORWARD -j ACCEPT
sudo dpkg-reconfigure -y iptables-persistent

You have 198.51.100.160/26 ip address on the eth0 interface of the host server and you need to assign 198.51.100.187/26 ip address on VPS1 virtual machine. You create br0 bridge interface on the host and connect eth0 interface to the bridge. Then connect virtual network interface of VPS1 to the br0 bridge in the settings of VPS1. Inside VPS1 you will assign 198.51.100.187/26 ip address as static by example:

auto eth0
iface eth0 inet static
  address 198.51.100.187
  netmask 255.255.255.192
  gateway 198.51.100.129
  dns-nameservers 8.8.8.8 8.8.4.4

To use second IP subnet 198.51.110.64/29 you can create second bridge interface br1 and assign first IP address 198.51.110.65/29 on it. Then you can connect other VPS machines to this bridge and assign static IP addresses from this network on them but default gateway IP address will be 198.51.110.65/29 there.

To do it change /etc/network/interfaces file on the host server as:

### Hetzner Online GmbH installimage

auto lo
iface lo inet loopback
iface lo inet6 loopback

auto eth0
iface eth0 inet static
  address 198.51.100.160
  netmask 255.255.255.192
  gateway 198.51.100.129
  dns-nameservers 8.8.8.8 8.8.4.4

auto br0
  iface br0 inet manual
  bridge_ports eth0
  bridge_stp off       # disable Spanning Tree Protocol
  bridge_waitport 0    # no delay before a port becomes available
  bridge_fd 0          # no forwarding delay

auto br1
iface br1 inet static
  address 198.51.110.65
  netmask 255.255.255.248
  bridge_stp off       # disable Spanning Tree Protocol
  bridge_waitport 0    # no delay before a port becomes available
  bridge_fd 0          # no forwarding delay

iface eth0 inet6 static
  address 2a0:4d8:201:231d::2
  netmask 64
  gateway fe80::1

Related Solutions

Linux – Issue with multiple bridging for KVM hosts

You have multiple interfaces with addresses on the same subnet with similar netmasks. The odds are a different route is being used for different packets, causing confusion. If you look at the output of

ip route show

You've probably got multiple default gateways as a result. For each set of IPs on the same subnet, give one of them the netmask you have, and the rest a netmask of 255.255.255.255. Those other interfaces will then only be used for packets originating or destined for that address and not others on the subnet.

Linux – KVM/Libvirt bridged/routed networking not working on newer guest kernels

Ok, I have found the solution myself. Apparently, the article on the Hetzner wiki wasn't complete. Redirects were still being sent, resulting in Hetzner (where we have our server) blocking the traffic. I am not sure how it had to do with what kernel version the guests were running, if someone can explain that I would very much like to hear it.

You can find out if you suffer from the same problem by executing the following command:

for file in `find /proc/ -iname send_redirects`; do echo $file; cat $file; done

which outputs something like:

/proc/sys/net/ipv4/conf/all/send_redirects
0
/proc/sys/net/ipv4/conf/default/send_redirects
1
/proc/sys/net/ipv4/conf/lo/send_redirects
1
/proc/sys/net/ipv4/conf/eth0/send_redirects
0
/proc/sys/net/ipv4/conf/br0/send_redirects
1
/proc/sys/net/ipv4/conf/vnet1/send_redirects
1
/proc/sys/net/ipv4/conf/vnet0/send_redirects
1
/proc/sys/net/ipv4/conf/virbr0/send_redirects
1
/proc/sys/net/ipv4/conf/virbr0-nic/send_redirects
1
/proc/sys/net/ipv4/conf/vnet2/send_redirects
1
/proc/sys/net/ipv4/conf/vnet3/send_redirects
1

I have to admit I do not know which ones should or should not be 0, but I have set them all to 0, and now it works fine, so I'll leave it at that.

for file in `find /proc/ -iname send_redirects`; do echo 0 > $file; done

Best Answer

Related Solutions

Linux – Issue with multiple bridging for KVM hosts

Linux – KVM/Libvirt bridged/routed networking not working on newer guest kernels

Related Topic