Whilst experimenting with KVM guests and netfilter iptables, I cloned some guest systems. The virtual network interfaces of the different guests (old ones and cloned ones) were created with reference to a “virtual network” – a “host only network” in my case. The corresponding bridge was defined via virt-manager.
I found that one cannot always rely on a persistent “N“-number in the name “vnetN” of the interface devices of my virtual guests throughout cloning, further system changes and a reboot. I am not quite sure whether there is also an impact of systemd/udev – as I installed a new version of systemd during my experiments, too. Whatever exact reason: There are obviously conditions under which the name of a previously defined virtual NIC device of a specific guest may change due to a vnet-renumbering.
In my case one of the guests originally had gotten a virtual NIC (tun device) with a defined MAC and a name of “vnet3”. Later on (after cloning and other system changes) the guest’s virtual NIC with the same MAC got a device name “vnet6” – although I had not touched its configuration. That the MAC was kept up is not surprising as it resides in the XML-definition file created for the guest when I configured it with the help of virt-manager.
Such a change of the name of an Ethernet interface may of course become a disaster for the application of NETFILTER rules – especially for IPTABLES rules which directly refer to device names via the “–physdev” option. Your precious firewall rules may become worthless after a renaming of your virtual NIC.
I had to search a while to find an information on how to make the names created by libvirt for tun interfaces of KVM/qemu guests persistent. Stupid me! I should have looked into the libvirt Wiki in the first place:
The trick is to place an additional tag inside the tag for the interface definition in the guest’s XML file. And to follow a naming rule …
In my case I used virsh (virsh edit kali3) to edit the configuration file “kali3.xml” og a guest named “kali3”. You find the guest configuration files in the directory “/etc/libvirt/qemu/” of your Linux host. In the editor I navigated to the relevant interface definition – see the last one in the list below – which I changed :
<interface type='bridge'> <mac address='52:54:00:22:cf:63'/> <source bridge='virbr_vmw'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> <interface type='network'> <mac address='52:54:00:96:db:01'/> <source network='kali2'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/> </interface> <interface type='network'> <mac address='52:54:00:b2:7c:1f'/> <source network='virbr6'/> <target dev='vk61'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x0b' function='0x0'/> </interface>
You see some interface definitions there. All interface definitions include a MAC definition. The MACs were statistically created and assigned when I added the virtual NICs to the guests’ configuration via virt-manager. None of the first definitions contains anything that resembles a device name
definition. However, the interesting supplement can be found in the last interface definition:
The “target” tag allows for the definition of a persistent device name (here: vk61). Note that the documentation says that the name chosen must NOT start with “vnet”.
To apply the changes save the modified configuration files for your guests and restart the libvirtd service :
systemctl restart libvirtd.service
I hope this helps other people who need persistent names of the device interfaces of their KVM guests!