1

How to create a non-nat lxd network bridge?

I have tried the below network configs, then ran sudo service networking reload and lxc stop and lxc start for the container in question. I was unable to get the host and the containers to both be on the 10.1.1.1/24 subnet using a non-NAT bridge. When using the default lxdbr0 with NAT everything works fine.

I have tried the below configurations. First without assigning a subnet:

config:
  ipv4.nat: "false"
  ipv6.address: none
description: ""
name: testbr0
type: bridge
used_by:
- /1.0/containers/test
managed: true

The with assigning a subnet:

config:
  ipv4.address: 10.1.1.1/24
  ipv4.nat: "false"
  ipv6.address: none
description: ""
name: testbr0
type: bridge
used_by:
- /1.0/containers/test
managed: true

When to above configurations were used the host lost network connectivity.

How to create a non-nat lxd network bridge (using lxd network)?

Greg
  • 1,557
  • 5
  • 24
  • 35

2 Answers2

0

If you are not using NAT, you must include the external interfaces in your bridge. You would do this he same way you would if you were creating a bridge in Ubuntu, except LXD 3.0 has a configuration option for this. It is bridge.external_interfaces. I also have ipv4.address set to none on the bridge interface. This keeps your LXD host from getting an IP on the bridge interface, if that's the behavior you are looking for.

config:
  bridge.driver: native
  bridge.external_interfaces: eth5
  ipv4.address: none
  ipv4.firewall: "true"
  ipv4.nat: "false"
  ipv6.address: none
  ipv6.nat: "false"

See LXD 3.0 Network API for more details on what you can include int your config.

Here is the output of the brctl command after this config is added:

root@lxd01:~# brctl show rtmp
bridge name     bridge id               STP enabled     interfaces
rtmp            8000.ba657ffc1473       no              eth5
bcrowe306
  • 1
  • 1
0

Here is a MWE:

$ lxc network create nonnatbr                                                                                  
Network nonnatbr created

$ lxc network set nonnatbr ipv4.nat false

$ lxc profile create testprofile
Profile testprofile created

$ lxc profile edit testprofile

$ lxc profile show testprofile

config:
  user.user-data: |
    #cloud-config
    ssh_authorized_keys:
      - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDB4rJv3i6pgeuv62kmXWhscrteOnkEtU0vV3f12O+Ap
description: Default LXD profile
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: nonnatbr
    type: nic
  root:
    path: /
    pool: default
    type: disk
name: testprofile
used_by: []

$ lxc launch --profile testprofile ubuntu:18.04 test1

Creating test1
Starting test1

$ lxc launch --profile testprofile ubuntu:18.04 test2

Creating test2
Starting test2

$ lxc list

+---------------+---------+-----------------------+-----------------------------------------------+------------+-----------+
|     NAME      |  STATE  |         IPV4          |                     IPV6                      |    TYPE    | SNAPSHOTS |
+---------------+---------+-----------------------+-----------------------------------------------+------------+-----------+
| test1         | RUNNING | 10.136.201.157 (eth0) | fd42:ece1:b474:82be:216:3eff:fe78:854f (eth0) | PERSISTENT | 0         |
+---------------+---------+-----------------------+-----------------------------------------------+------------+-----------+
| test2         | RUNNING | 10.136.201.158 (eth0) | fd42:ece1:b474:82be:216:3eff:fe96:d195 (eth0) | PERSISTENT | 0         |
+---------------+---------+-----------------------+-----------------------------------------------+------------+-----------+

$ ssh ubuntu@10.136.201.157                                                                                                   

ubuntu@test1:~$ ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
^C
--- 1.1.1.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1008ms

ubuntu@test1:~$ ping 10.136.201.158
PING 10.136.201.158 (10.136.201.158) 56(84) bytes of data.
64 bytes from 10.136.201.158: icmp_seq=1 ttl=64 time=0.255 ms
64 bytes from 10.136.201.158: icmp_seq=2 ttl=64 time=0.107 ms
^C
--- 10.136.201.158 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1028ms
rtt min/avg/max/mdev = 0.107/0.181/0.255/0.074 ms
mat
  • 510
  • 5
  • 20