Show examples as

Networks

kcore supports three network types for VMs: NAT, bridge, and VXLAN. Each type creates a Linux bridge (kbr-<name>) and optionally provides DHCP, masquerade, or overlay connectivity.

Supported network types

TypeBehaviour
NAT (default) Linux bridge with dnsmasq DHCP (range .100–.199) and nftables masquerade + DNAT from externalIP. Single-node only.
Bridge Physical NIC (or VLAN sub-interface) added as a bridge port. VMs use upstream DHCP. No local DHCP or NAT.
VXLAN L2 overlay across nodes (VXLAN/UDP 4789). VM addresses are allocated cluster-wide for that network name (no duplicate IPs on the same overlay). Cloud-init applies static addressing; no local dnsmasq. When nodes join or leave, peer forwarding is updated on all participants. Optional outbound NAT. Same logical name on each node shares one VNI and subnet.

VXLAN in a cluster

Default network

A default network is auto-created on every node during installation. It is always NAT type and cannot be deleted or created via kctl.

Create a network

kctl create network private \
  --external-ip 192.168.40.105 \
  --gateway-ip 10.250.0.1 \
  --internal-netmask 255.255.255.0 \
  --type vxlan

List, describe, delete

# One row per logical network name (example)
kctl get networks
# NAME   TYPE   GATEWAY      NETMASK         VLAN  OVERLAY  BRIDGE           NODES
# prod   vxlan  10.100.0.1   255.255.255.0   -     yes      kbr-prod         3

# Full detail: overlay flag, bridge name, every node (VTEP for VXLAN)
kctl describe network prod

# Remove (use --target-node when deleting one node’s copy of a shared name)
kctl delete network prod

VLAN tagging

NAT and bridge networks support VLAN tagging via --vlan-id. When specified, kcore creates a VLAN sub-interface (gatewayInterface.<id>) and uses it as the bridge uplink.

kctl create network vlan-net \
  --type nat \
  --vlan-id 100 \
  --external-ip 192.168.100.10 \
  --gateway-ip 10.100.0.1 \
  --internal-netmask 255.255.255.0

Disable VXLAN on a node

If a node should not participate in VXLAN overlays, pass --disable-vxlan during installation:

kctl node install ... --disable-vxlan

The controller will reject VXLAN network creation requests targeting that node with a FailedPrecondition error.

VM network attachment

Attach a VM to a network at creation time with the --network flag:

kctl create vm web-01 --network private --image ubuntu-24.04 --cpus 2 --memory 4096

VMs on VXLAN networks receive controller-assigned static IPs (unique across the cluster for that overlay name) via cloud-init. VMs on NAT networks receive IPs from dnsmasq DHCP.