Tadeu Bento

LXD / Incus: Bridged Networking

Network routers of ISP. Many wires connect to the network interfaces of powerful Internet servers. Racks with computer equipment in the server room datacenter

There are cases where we need LXD / Incus containers to have direct access to the network. In such cases, we want the containers to be assigned an IP address by a router on the network, treating them as individual devices on the network rather than containers inside a host machine that get to the network through NAT.

The general approach to this is to ignore the built in “routed” networking that LXD / Incus sets up and configure systemd to create a network bridge that will hold both the host and the containers network interfaces so they can all get IP addresses from your local network router.

One of my servers has a setup like this. 10-enp5s0.network is the physical network interface of the server and I’ve set br0 as a bridge for everything. Have a look at the config:

Start by settings enp5s0 as part of the br0 bridge and remove any other configuration, static or dynamic IP assignments you might have:

root@host10:/etc/systemd/network# cat 10-enp5s0.network
[Match]
Name=enp5s0

[Network]
Bridge=br0

Now define the br0 bridge:

root@host10:/etc/systemd/network# cat 11-br0.netdev
[NetDev]
Name=br0
Kind=bridge
root@host10:/etc/systemd/network# cat 11-br0.network
[Match]
Name=br0

[Network]
DHCP=ipv4 # -> Requesting an IP for the host

# If you don't require an IP on the host:
[Network]
DHCP=no
LinkLocalAddressing=no
# Ends here ^

[Link]
RequiredForOnline=no
ActivationPolicy=always-up # Required to make sure the bridge will work

Now, create a profile “bridged” containers that looks like the following:

root@host10:/etc/systemd/network# lxc profile show bridged
config:
 (...)
description: Bridged Networking Profile
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: br0
    type: nic
(...)

For eg. my havm virtual machine uses this profile:

root@host10:/etc/systemd/network# lxc config show havm
architecture: x86_64
config:
  image.description: HAVM
  image.os: Debian
(...)
profiles:
- bridged
(...)

Inside the VM the network is configured like this:

root@havm:~# cat /etc/systemd/network/10-eth0.network
[Match]
Name=eth0

[Link]
RequiredForOnline=yes

[Network]
DHCP=ipv4

Enjoy!

Exit mobile version