KVM with use of all IPs – The easy way

Posted on by Aghassi

KVM setup on Ubuntu 10.04 “Lucid Lynx”.

Contents

[Hide]
1 Introduction
2 host
3 Guest (KVM)
4 changes on the host

There are many role models on this wiki, where you can find out how it is possible to use all IP addresses in a network with KVM virtualized machines.

Introduction

A problem with that is that this is not about simple manners: for example for KVM_using_all_IPs_from_subnets you need a private subnet, “br” -interfaces for all virtual machines etc.

Here is a very simple method to use all IP addresses. We have: AA.BB.CC.DD as main IP, with AA.BB.CC.XX as gateway: and we have an additional subnet, DD.EE.FF.160-167.

Host

In /etc/network/interfaces you do:

car br0
 iface br0 inet static
   address AA.BB.CC.DD
   netmask 255.255.255.255
   Gateway AA.BB.CC.XX
   point point AA.BB.CC.XX
   bridge_ports eth0
   bridge_stp off
   bridge_fd 0
   bridge_maxwait 0
   up route add -host DD.EE.FF.160 dev br0
   up route add -host DD.EE.FF.161 dev br0
   up route add -host DD.EE.FF.162 dev br0
# ... And so on, a "route" command for each IP address.

You have to enter all individual IP addresses here: usually you could specify a subnet (route add -net DD.EE.FF.160/28), but then you lost two IP addresses, namely 160 (network) and 167 (broadcast), and that’s not what we want.

Guest (KVM)

The guest machines get a virtual interface set to br0 and a “pointopoint” route to the host machine. You can not send directly to the Hetzner gateway, it must be via the main machine because the Hetzner gateway does not know the network card addresses of the guest machine. Do the following in /etc/network/interfaces:

car eth0
iface eth0 inet static
         address DD.EE.FF.163
         netmask 255.255.255.255
         Gateway AA.BB.CC.DD
         point point AA.BB.CC.DD
         # dns- * options are implemented by the resolvconf package, if installed
         dns-nameservers 213.133.98.98 213.133.99.99
         # dns-search example.com

Finished? Not quite yet. We still need some changes on the host machine.

Changes On The Host

To make sure that the host machine does not send “icmp redirect” messages, we do: 

sysctl -w net.ipv4.conf.eth0.send_redirects=0

Or, better you should put that in /etc/sysctl.d/10-no-icmp-redirects.conf.

# Because of our network setup, the host machine could send ICMP
# "redirect" messages to all guests, telling them to find the hetzner
# gateway directly. That's impossible: Hetzner would throw away the
# traffic from the virtual interfaces because of their non registered
# MAC addresses (i.e. different from the main interface).
net.ipv4.conf.all.send_redirects = 0

Also “ip_forward” must be “1”, so in /etc/sysctl.conf:

net.ipv4.ip_forward = 1

(or: introduce on own “conf” data in /etc/sysctl.d).