diff --git a/roles/common/files/50-virtio-kernel-names.link b/roles/common/files/50-virtio-kernel-names.link
new file mode 100644
index 0000000..f39f26b
--- /dev/null
+++ b/roles/common/files/50-virtio-kernel-names.link
@@ -0,0 +1,10 @@
+# udev 226 introduced predictable interface names for virtio;
+# disable this for upgrades. You can remove this file if you update your
+# network configuration to move to the ens* names instead.
+# See /usr/share/doc/udev/README.Debian.gz for details about predictable
+# network interface names.
+[Match]
+Driver=virtio_net
+
+[Link]
+NamePolicy=onboard kernel
diff --git a/roles/common/files/99-default.link b/roles/common/files/99-default.link
new file mode 100644
index 0000000..e156606
--- /dev/null
+++ b/roles/common/files/99-default.link
@@ -0,0 +1,6 @@
+# This machine is most likely a virtualized guest, where the old persistent
+# network interface mechanism (75-persistent-net-generator.rules) did not work.
+# This file disables /lib/systemd/network/99-default.link to avoid
+# changing network interface names on upgrade. Please read
+# /usr/share/doc/udev/README.Debian.gz about how to migrate to the currently
+# supported mechanism.
diff --git a/roles/common/tasks/Debian.yml b/roles/common/tasks/Debian.yml
index 916fc57..41b3ba3 100644
--- a/roles/common/tasks/Debian.yml
+++ b/roles/common/tasks/Debian.yml
@@ -63,6 +63,15 @@
   copy: src=resume dest=/etc/initramfs-tools/conf.d/resume
   notify: update-initramfs
 
+# TODO template /etc/network/interfaces
+
+- name: Fix network interface names
+  copy: src={{ item }} dest=/etc/systemd/network/{{ item }}
+  with_items:
+  - 50-virtio-kernel-names.link
+  - 99-default.link
+  notify: update-initramfs
+
 - name: Prevent normal users from running su
   lineinfile:
     path: /etc/pam.d/su