How to Stop KVM IP Drift with DHCP Static MAC‑IP Binding

Have you ever faced a situation where a VM restart changes its IP address, causing service connection failures, broken permission controls, and endless monitoring alerts? This "IP drift" is a common headache for operations engineers.

In a KVM virtualization environment, the default DHCP allocation is convenient but cannot guarantee network stability and predictability, especially for critical services, database nodes, or test environments that require fixed IPs. The solution is DHCP static binding (MAC‑IP binding).

Prerequisite Knowledge: KVM Network and DHCP

Typically, KVM networks are provided by a bridge device (e.g., br0) or NAT mode with an internal DHCP server. When managed with libvirt, the virtual network DHCP is supplied by dnsmasq. By editing libvirt's XML configuration, you can create MAC‑IP bindings.

1. View MAC address and network information

# General commands to check MAC and bridge network
$ virsh net-list
 Name      State    Autostart   Persistent
--------------------------------------------
 default   active   yes         yes
 isolate   active   yes         yes

$ virsh net-dumpxml isolate | grep range
      <range start='172.139.20.2' end='172.139.20.254'/>

$ virsh dumpxml test01 | grep mac
    <mac address='5c:86:1d:17:d6:9c'/>

# kvmmanager way to find
$ kvmmanager get iface test01
+------+---------------+---------+---------+-------------------+
| Name | VmNICHostPeer |  Type   | HostNIC |        MAC        |
+------+---------------+---------+---------+-------------------+
| net0 |    vnet114    | network | isolate | 5c:86:1d:17:d6:9c |
+------+---------------+---------+---------+-------------------+
Note: net0 indicates the first NIC of the VM; the second NIC is net1, and so on.

2. Edit the virtual network configuration

$ sudo virsh net-edit isolate
<network connections='6'>
  <name>isolate</name>
  <uuid>b0d66bb8-799d-41c5-b9a9-495e233d838d</uuid>
  <bridge name='isolate' stp='on' delay='0'/>
  <mac address='52:54:00:0c:67:c6'/>
  <ip address='172.139.20.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='172.139.20.2' end='172.139.20.254'/>
      # test01 host
      <host mac='5c:86:1d:17:d6:9c' ip='172.139.20.166'/>
      # test02 host
      <host mac='96:4e:ff:24:e3:62' ip='172.139.20.119'/>
    </dhcp>
  </ip>
</network>

3. Restart the network

$ virsh net-destroy isolate
Network isolate destroyed
$ virsh net-start isolate
Network isolate started

4. Restart the VMs and verify

$ kvmmanager stop host test{01..02}
[info] test01 is Shutting down...
[info] test02 is Shutting down...

$ kvmmanager start host test{01..02}
[info] test01 is starting...
[info] test02 is starting...

$ kvmmanager get ipaddr
+----------------+--------------------------------------------------+
|      Name      |                     ipaddr                      |
+----------------+--------------------------------------------------+
| net-proxy      | eth0:192.168.122.13/24 eth1:172.139.20.170/24   |
| storage-ceph01 | enp1s0:172.139.20.181/24 enp7s0:192.168.122.6/24 |
| storage-ceph02 | enp1s0:172.139.20.182/24 enp7s0:192.168.122.7/24 |
| storage-ceph03 | enp1s0:172.139.20.183/24 enp7s0:192.168.122.8/24 |
| test01         | enp1s0:172.139.20.166/24                        |
| test02         | enp1s0:172.139.20.119/24                        |
+----------------+--------------------------------------------------+

Tip: The IPs match the configuration, confirming the static binding works as expected.

Conclusion

MAC‑IP binding is a fundamental technique for ensuring stable virtual machine networking and building a highly available, predictable cloud environment. By following the steps above, you can easily set up DHCP static binding in a KVM environment and avoid issues caused by IP changes.