📌 9 de Abril, 2024

LXD / Incus: Bridged Networking

Informática · ISP / Redes · Linux

📌 9 de Abril, 2024

LXD / Incus: Bridged Networking

Informática · ISP / Redes · Linux

There are cases where we need LXD / Incus containers to have direct access to the network. In such cases, we want the containers to be assigned an IP address by a router on the network, treating them as individual devices on the network rather than containers inside a host machine that get to the network through NAT.

The general approach to this is to ignore the built in “routed” networking that LXD / Incus sets up and configure systemd to create a network bridge that will hold both the host and the containers network interfaces so they can all get IP addresses from your local network router.

One of my servers has a setup like this. 10-enp5s0.network is the physical network interface of the server and I’ve set br0 as a bridge for everything. Have a look at the config:

Start by settings enp5s0 as part of the br0 bridge and remove any other configuration, static or dynamic IP assignments you might have:

root@host10:/etc/systemd/network# cat 10-enp5s0.network
[Match]
Name=enp5s0

[Network]
Bridge=br0

Now define the br0 bridge:

root@host10:/etc/systemd/network# cat 11-br0.netdev
[NetDev]
Name=br0
Kind=bridge
root@host10:/etc/systemd/network# cat 11-br0.network
[Match]
Name=br0

[Network]
DHCP=ipv4 # -> Requesting an IP for the host

# If you don't require an IP on the host:
[Network]
DHCP=no
LinkLocalAddressing=no
# Ends here ^

[Link]
RequiredForOnline=no
ActivationPolicy=always-up # Required to make sure the bridge will work

Now, create a profile “bridged” containers that looks like the following:

root@host10:/etc/systemd/network# lxc profile show bridged
config:
 (...)
description: Bridged Networking Profile
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: br0
    type: nic
(...)

For eg. my havm virtual machine uses this profile:

root@host10:/etc/systemd/network# lxc config show havm
architecture: x86_64
config:
  image.description: HAVM
  image.os: Debian
(...)
profiles:
- bridged
(...)

Inside the VM the network is configured like this:

root@havm:~# cat /etc/systemd/network/10-eth0.network
[Match]
Name=eth0

[Link]
RequiredForOnline=yes

[Network]
DHCP=ipv4

Enjoy!