LXC Network Configuration

[Linux Hint]

When you start a Linux Container, you may want to use network functions. The question becomes: “Are you trying to network with the host, the wide internet, another container, or maybe all local containers?” Good thing that there are solutions for them all!

Profiles

To make this correct, you need to configure your container. The base configuration is already on your system if you have used a regular distribution. You can further configure this with commands, but most people will use YAML files. The base usually looks like the one below. The file resides in /etc/lxc/default.conf.

lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx

Each container follows the settings according to the default profile and the file mentioned above. You can print the default file as per below. For more configuration, it is best to make new profiles. Each profile will contain some configuration detail, in our case networking. You can change any setting in your container with a profile, and this makes even more sense when you want to run it both locally and on a platform.

$ lxc profile show default

config: {}
description: Default LXD profile
devices:
 eth0:
   name: eth0
   network: lxdbr0
   type: nic
 root:
   path: /
   pool: ros
   type: disk
name: default
used_by:
- /1.0/instances/guiapps
- /1.0/instances/ff

The resulting output is a YAML file. All your profiles will be in the same format. With LXC itself, you can create, remove, and edit your profile. You can see in the file that the default uses the lxdbr0 network and type nic. Now, create a new profile using the following:

$ lxc profile create nicnet

Before any container is running, edit the profile:

$ lxc profile edit nicnet

You use YAML format in the files that create these profiles. Note that the name “eth0” is the internal container name. The “parent” is what you have on your system, and you check it yourself using:

$ ip a

The printout will vary depending on what you have had before. You should also know that you can do the bridging from outside of the container with the brctl tools.

Using it in your container

Once you have created a profile, you want to add it to your container. This is done with the same set of programs ‘lxc’. First, make sure you have a container, in this example, the container is named ‘ff’:

$ lxc profile add ff nicnet

The change takes effect when you restart networking in the container. The easiest and safest is to always add profiles only in stopped containers.

Routed

A bridged connection is one where your container receives a MAC address on the same Ethernet interface as your host. This is what you did earlier in this post. With a few more tricks, you can have your router assign a separate IP address to the container, and you can set this in your container. Although, when you use macvlan, you may run into trouble using Wi-Fi. WPA/WPA2 will not accept the two addresses, so your Wi-Fi will break, as your host will not use the Wi-Fi.

The earlier example uses the brctl tools since lxc has created their own. This gets an address from the host, not the router. You can get the address from the router if you wish. Again, only if you use a wired connection or an insecure Wi-Fi.

When you have made sure that you have a network connection on your host, you can connect that to your container. Change the word parent and set your nictype to macvlan.

config: {}
description: Setting for the network interface
devices:
 eth0:
   name: eth0
   nictype: macvlan
   parent: enp3s0
   type: nic
name: Route
used_by:
- /1.0/instances/guiapps
- /1.0/instances/ff

You will have to make sure the parent value matches your configuration, so make sure you create it dynamically. After this is done, you can start your container and find it in your router’s list of host destinations. Well, they are interfaces, to be technical about it.

Figure 1: The container now shows up in your router

Mobile Profiles

An interesting part of the Linux containers is that you can grab your configurations and dump them into YAML files. To create the files for this, you run the show option in LXC, then pipe into a file. The output follows the YAML standard, and you can then use these files to configure them elsewhere.

$ lxc profile show Route > Route.yml

To use this for a new container, use the set values. Ordinarily, you would set a value at a time, but you already have a file for this.

$ lxc profile create newroute $ lxc profile set newroute user.network.config - < Route.yml

You can see that you must put the values into the namespace 'user.network.config'. This is important to know when you want to add other values unrelated to networking.

Conclusion

Networking with your containers has many options, which can be confusing, but with some research and testing on your own, you can get it to work the way you want. The best part is that you can try one thing at a time using profiles. You will never screw up your current container, just remove the one that did not work and add the old one. This technique works for everything in a container.

View the full article