There are cases where we need LXD / Incus containers to have direct access to the network. In such cases, we want the containers to be assigned an IP address by a router on the network, treating them as individual devices on the network rather than containers inside a host machine that get to the network through NAT.
The general approach to this is to ignore the built in “routed” networking that LXD / Incus sets up and configure systemd
to create a network bridge that will hold both the host and the containers network interfaces so they can all get IP addresses from your local network router.
One of my servers has a setup like this. 10-enp5s0.network
is the physical network interface of the server and I’ve set br0
as a bridge for everything. Have a look at the config:
Start by settings enp5s0
as part of the br0
bridge and remove any other configuration, static or dynamic IP assignments you might have:
root@host10:/etc/systemd/network# cat 10-enp5s0.network
[Match]
Name=enp5s0
[Network]
Bridge=br0
Now define the br0
bridge:
root@host10:/etc/systemd/network# cat 11-br0.netdev
[NetDev]
Name=br0
Kind=bridge
root@host10:/etc/systemd/network# cat 11-br0.network
[Match]
Name=br0
[Network]
DHCP=ipv4 # -> Requesting an IP for the host
# If you don't require an IP on the host:
[Network]
DHCP=no
LinkLocalAddressing=no
# Ends here ^
[Link]
RequiredForOnline=no
ActivationPolicy=always-up # Required to make sure the bridge will work
Now, create a profile “bridged” containers that looks like the following:
root@host10:/etc/systemd/network# lxc profile show bridged
config:
(...)
description: Bridged Networking Profile
devices:
eth0:
name: eth0
nictype: bridged
parent: br0
type: nic
(...)
For eg. my havm
virtual machine uses this profile:
root@host10:/etc/systemd/network# lxc config show havm
architecture: x86_64
config:
image.description: HAVM
image.os: Debian
(...)
profiles:
- bridged
(...)
Inside the VM the network is configured like this:
root@havm:~# cat /etc/systemd/network/10-eth0.network
[Match]
Name=eth0
[Link]
RequiredForOnline=yes
[Network]
DHCP=ipv4
Enjoy!