Although my main VM host here at home uses one NIC for the server and another for the VM’s, this isn’t always practical and sometimes it becomes a downright pain. So, here’s a better way: bridging.
I imagine most of you have used bridging plenty enough, since its the bread and butter of Linux/KVM virtualisation, but its uses are pretty numerous. In this case, we want the host to still be able to access the network exactly as before, but for VMs to use the same physical port to also access the same network. To do this, I’m going to assume you’re using Ubuntu Server 12.04.3 (my hypervisor of choice), and assume you’re doing it locally (more on that later)
ifdown eth0
. Obviously.- First, open up
/etc/network/interfaces
and find the lines that read something likeauto eth2
andiface eth2 inet dhcp
and change theeth2
on both lines to your intended bridge name, such asbr0
. - Directly under the second line, add a new line (indent it for added readability) reading
bridge_ports eth0
- (Optional) Add new lines for any other bridge configuration you want, such as
bridge_stp (on|off)
,bridge_fd 0
,bridge_maxwait 0
, etc etc - Save and close the interfaces file, then issue
ifup br0
.
Now you should be able to still communicate with the network, and you should keep the same IP on your server. Plus, you can now specify new VMs to use the br0 bridge for networking and they will get access to the network directly, no NAT required.
You can also do this remotely, but skip the ifdown and reboot in place of the ifup, and be damned careful you don’t make a mistake!
If you’re struggling conceptually, remember that Linux bridges and Layer 2 switches perform very similar functions. By replacing your main eth0 interface with a br0 bridge, you’ve basically replaced your Ethernet NIC with an Ethernet switch, on which your Ethernet NIC (the outside world) is connected on one port, and your host is connected on another port, and any VMs you add to the bridge just connect to another port. Don’t believe me? Just run brctl showmacs br0 and check out those port-to-MAC mappings, exactly like a real switch.