This article will cover the main configuration options of netplan, which is commonly used for distributions like Ubuntu and its descendants. We will cover the recommended base configuration, configuration of additional IPs and their use in a virtualized context.
There are multiple options to choose from:
- Use multiple IP addresses on the HOST without virtualisation
- Use bridging (layer 2) to provide your VMs with IP addresses
- Use routing (layer 3) to provide your VMs with IP addresses
- Combining routing and bridging into a hybrid configuration by utilizing 2 or more network bridges
Example terminology
2001:db8:1234:: # Placeholder for public IPv6 network of the server
10.0.0.168 # Placeholder for main IPv4
10.0.10.135 # Placeholder for additional single IPv4
10.10.10.128/29 # Placeholder for additional IPv4 Network
AA:BB:CC:DD:EE:FF # Placeholder for MAC address of physical interface and main IPv4
00:50:56:00:11:22 # Placeholder for virtual MAC address of additional single IP addressExample of default configuration after fresh Ubuntu 24 installation (Hetzner installimage)
nano /etc/netplan/01-netcfg.yaml
network:
version: 2
renderer: networkd
ethernets:
enp7s0:
addresses:
- 10.0.0.1 # Main IPv4 for the HOST
- 2001:db8:1234::1 # Main IPv6/64 subnet for the HOST
routes:
- on-link: true
to: 0.0.0.0/0
via: 10.0.0.129 # Gateway IPv4 of the main IPv4 address
- to: default
via: fe80::1 # Default Hetzner IPv6 gateway
nameservers:
addresses:
- 185.12.64.2 # Nameservers from installimage process
- 2a01:4ff:ff00::add:1 # Nameservers from installimage process
- 185.12.64.1 # Nameservers from installimage process
- 2a01:4ff:ff00::add:2 # Nameservers from installimage processConfiguring additional single IPv4 addresses and IPv4 subnets (without virtualisation)
Prerequisits:
- Server has 1 physical uplink interface - enp7s0 with MAC address AA:BB:CC:DD:EE:FF
- Server has main IPv4 (enp7s0)
- Server has 1x additional single IPv4 (virtual MAC address was disabled via Robot account)
- Server has 1x additional IPv4 subnet
- Server has a /64 IPv6 subnet for the HOST
Goal:
- Server can communicate via:
- Main IPv4
- Additional single IPv4
- All usable IP addresses of the IPv4 subnet (this includes the net IP)
- IPv6::2/64
- IPv6::3/64
**Implementation:
- All IP addresses and routes are directly configured on the main interface
Step 1 - Configure Netplan on HOST
nano /etc/netplan/01-netcfg.yaml
network:
version: 2
renderer: networkd
ethernets:
enp7s0:
addresses:
- 10.0.0.168/32 # Main IPv4 for the HOST
- 10.0.10.135/32 # The single IPv4 Address for the GUEST
- 10.10.10.128/32 # Net-IP of the IPv4 Subnet (Net IP can be used in this case)
- 10.10.10.129/32 # IP of the IPv4 Subnet
- 10.10.10.130/32 # IP of the IPv4 Subnet
- 10.10.10.131/32 # IP of the IPv4 Subnet
- 10.10.10.132/32 # IP of the IPv4 Subnet
- 10.10.10.133/32 # IP of the IPv4 Subnet
- 10.10.10.134/32 # Last usable IP of the IPv4 Subnet (.135 is reserved for broadcast)
- 2001:db8:1234::2/128 # Main IPv6/64 subnet for the HOST
- 2001:db8:1234::3/128 # Main IPv6/64 subnet for the HOST
routes:
- on-link: true
to: 0.0.0.0/0
via: 10.0.0.129 # Gateway IPv4 of the main IPv4 address
- to: default
via: fe80::1 # Default Hetzner IPv6 gateway
nameservers:
addresses:
- 185.12.64.2 # Nameservers from installimage process
- 2a01:4ff:ff00::add:1 # Nameservers from installimage process
- 185.12.64.1 # Nameservers from installimage process
- 2a01:4ff:ff00::add:2 # Nameservers from installimage processExplanation:
The kernel will not use routes for local additional IPs, even if they are defined. Traffic will not be routed via the main IPv4 for any additional IPs, and you will not see an additional hop for additional IPs. This will, however, not generate abuse. As with any IP, the MAC address is still the allowed MAC address of the main IPv4.
The Hetzner network will correctly forward traffic to additional IPs to your server and the server will properly send traffic to the Hetzner network.