I was tasked at work (ISP) to set up a KVM host with 2 VMs running on it; all three should have public IP addresses (host + 2 VMs). I managed to set them all up after doing a bit of digging and finding out how I should go about with the public IP address requirement.
Basically, the physical interface (say, eth0) connected to the uplink switch should be made part of a bridge that also contains the virtual interfaces from the VMs (say, veth0 and veth1) and the IP address for the host machine should be set directly on the bridge (say, virbr0) and NOT on eth0, which is the physical interface (see, https://unix.stackexchange.com/questions/245628/configure-public-ip-addresses-in-kvm-vms). All is working fine and I’m happy with how it turned out.
However I got a hypothetical but very likely future scenario in mind and I’m having trouble finding out how to actually implement it. For a bit of context, right now the host and the VMs are part of the same VLAN in the network. Let’s say I want to add another VM on the host and this VM must belong to a different VLAN (or maybe we need the host machine to be in a different VLAN). This would require the following:
- Trunk port on the uplink switch with relevant VLANs
- Trunk port on the bridge with relevant VLANs
- Access ports on interfaces pointing to the host and the VMs
My concern is which interface should be the trunk port on the server considering that the physical interface eth0 is now part of a bridge as mentioned above and not really a standalone interface pertaining to the KVM host. Where should the relevant VLAN IDs be enabled in this case? I have a feeling that it should be the physical interface eth0 because if I understand correctly the configuration works like so schematically:
UPLINK-Switch-ether29 (trunk)->LinuxBridge-eth0 (trunk):
->virbr0 (access port for host)
->veth0 (access port for VM)
->veth1 (access port for VM)
Please let me know if I’m on the right track or how this scenario would be implemented.
