How to configure a VM host with a single network interface and three VLANs¶

This guide shows how to configure a virtual machine (VM) host using Netplan and the virsh interface. The host in this scenario has a single network interface (NIC) and three VLAN networks.

Prerequisites¶

Ensure the following prerequisites are satisfied.

System¶

Computer with a single network interface card (NIC).
Ubuntu Server installed.
KVM and QEMU installed; see KVM installation.
Administrator privileges.

Networking¶

IPv4:
- VLAN1 untagged (management), IPv4: 192.168.150.0/24
- VLAN40 tagged (guest), IPv4: 192.168.151.0/24
- VLAN41 tagged (dmz), IPv4: 192.168.152.0/24
- DNS1: 1.1.1.1
- DNS2: 8.8.8.8
Switch with VLAN support
Router with VLAN support
- VLAN1 IPv4: 192.168.150.254/24
- VLAN40 IPv4: 192.168.151.254/24
- VLAN41 IPv4: 192.168.152.254/24
- InterVLAN routing, DNS, and DHCP configured
Firewall configured; see UFW.

Disable netfilter for bridged interfaces¶

To allow communication between the host server, its virtual machines, and the devices in the local VLANs, disable netfilter for bridged interfaces:

Add the following lines to the /etc/systemctl.conf configuration file:

net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-arptables = 0

Apply the changes immediately, without rebooting the host.
```
sysctl -p /etc/sysctl.conf
```

Netplan configuration¶

Configure Netplan:

Disable DHCP on the NIC.
Create two VLANs (40 and 41).
Create three bridge interfaces, and assign IPv4 addresses to them:
- br0: bridge on the untagged VLAN1 and the management interface of the server
- br0-vlan40: bridge on vlan40
- br0-vlan41: bridge on vlan41
Configure routes.
Configure DNS.

To achieve this, modify the Netplan configuration file, /etc/netplan/00-installer-config.yaml, as follows:

# network configuration:
# eno1 - untagged vlan1
# eno1-vlan40 - VLAN interface to connect to tagged vlan40
# eno1-vlan41 - VLAN interface to connect to tagged vlan41
# br0 - bridge for interface eno1 on untagged vlan1
# br0-vlan40 - bridge on tagged vlan40
# br0-vlan41 - bridge on tagged vlan41

network:
  version: 2
  ethernets:
    eno1:
      dhcp4: false
  vlans:
    eno1-vlan40:
      id: 40
      link: eno1
    eno1-vlan41:
      id: 41
      link: eno1
  bridges:
    br0:
      interfaces: [eno1]
      dhcp4: false
      addresses: [192.168.150.1/24]
      routes:
        - to: default
          via: 192.168.150.254
          metric: 100
          on-link: true
      nameservers:
        addresses: [1.1.1.1, 8.8.8.8]
        search: []
    br0-vlan40:
      interfaces: [eno1-vlan40]
      dhcp4: false
      routes:
        - to: 0.0.0.0
          via: 192.168.151.254
          metric: 100
          on-link: true
      nameservers:
        addresses: [1.1.1.1, 8.8.8.8]
    br0-vlan41:
      interfaces: [eno1-vlan41]
      dhcp4: false
      routes:
        - to: 0.0.0.0
          via: 192.168.152.254
          metric: 100
          on-link: true
      nameservers:
        addresses: [1.1.1.1, 8.8.8.8]

Test the new network settings:
```
netplan try
```
Apply the configuration:
```
netplan apply
```

Configure virtual networks using `virsh`¶

The next step is to configure virtual networks defined for virsh domains. This is not necessary, but it makes VM deployment and management easier.

Check networking and delete the default network¶

Check existing virtual networks:

virsh net-list --all

There should be one default network as in this example:

Name      State    Autostart   Persistent
--------------------------------------------
default   active   yes         yes

If needed, use the net-info command to gather more details about the default network:

virsh net-info default

Remove the default network:

virsh net-destroy default
virsh net-undefine default

Check network list to confirm the changes have been applied. There should no networks defined now:
```
virsh net-list --all
```

Create bridged networks¶

Create a directory for VM data. For example:
```
mkdir /mnt/vmstore/
cd /mnt/vmstore/
```

Define the bridge interface, br0, for VLAN1 by creating the /mnt/vmstore/net-br0.xml file with the following contents:

<network>
    <name>br0</name>
    <forward mode="bridge" />
    <bridge name="br0" />
</network>

Define the bridge interface, br0-vlan40, for VLAN40 by creating the /mnt/vmstore/net-br0-vlan40.xml file with the following contents:

<network>
    <name>br0-vlan40</name>
    <forward mode="bridge" />
    <bridge name="br0-vlan40" />
</network>

Define the bridge interface, br0-vlan41, for VLAN41 by creating the /mnt/vmstore/net-br0-vlan41.xml file with the following contents:

<network>
    <name>br0-vlan41</name>
    <forward mode="bridge" />
    <bridge name="br0-vlan41" />
</network>

Enable the virtual (bridged) networks. This consists of three steps (performed for each of the networks):

Define the network.
Start the network.
Set the network to autostart.

virsh net-define net-br0.xml
virsh net-define net-br0-vlan40.xml
virsh net-define net-br0-vlan41.xml
virsh net-start br0
virsh net-start br0-vlan40
virsh net-start br0-vlan41
virsh net-autostart br0
virsh net-autostart br0-vlan40
virsh net-autostart br0-vlan41

Test the bridged networks.

Congratulations, the configuration is complete. You can now create a virtual machine, assign the desired network using your preferred VM configuration tool, and run some tests.