Why do we need an IP address for a bridge?
Solution 1:
You do not need to have an IP configured for a bridge, the same way you do not need to have an IP configured for an ethernet device, on any machine (be it host/guest or whatever).
However, if you have a device/bridge that has no IP address, you cannot expect it to be usable by the party that has it not properly configured (be it host or guest).
So for example, if I have a KVM host with a bridge called "br_vm" which I assign to all KVM guests as their only interface (the guests will most likely call it "eth0"), and if br_vm is not configured at the host, you cannot expect the guests to be able to talk to the host through their eth0 interface.
You ask why you need an IP for a bridge and the answer is you don't. However, if you want to know in which scenarios you would wish to have an IP for the bridge at the host, I can think of a few:
- You want your VMs to communicate to the host, even if for DHCP or DNS only;
- You may want to disable VM-to-VM traffic. If you share that bridge with many VMs, that is something worth considering;
- You may want to have a firewall at the host-level in addition to any firewalling you may have set-up for your VMs. Concentrating all firewall rules on the host can be wise if the policies, zones, etc for all your VMs are about the same. It is easier if all rules, IP addresses, policies, etc are kept in one place (although I would set-up basic firewall on each VM just in case);
And, by the way, you can have dynamic IP addressing on your guest VMs, that has nothing to do with whether or not the host has an IP on the bridge (unless, of course, the host is the DHCP server for the network).
Solution 2:
This is more of a quirk in documentation I find. I'm assuming your host uses the /etc/network/interfaces
file for network configuration.
If, in the bridge interface (br0 for this example) stanza, you specify an address of 0.0.0.0 you get exactly what you're looking for: VM's attached to the bridge are still connected to the network, and retain their own IPs.
However, you then lose the host's "port" on that bridge. If (in the interfaces
file) you specify an IP address, that effectively becomes your host's IP on that bridge, just the same as a management interface on a traditional switch.
Remember that a bridge is just like a standalone switch, but the host is still "managing" it, so adding an IP simply adds an addressed management interface (if that makes sense)
If, like me, your host has two NICs: one for VMs and one for itself, you can put an address of 0.0.0.0 on the "VM bridge" and rely on the other physical NIC for management to get a similar setup.
If that's not what you're asking, let me know and I will edit to suit.