Linux containers have network configuration similar to plain Linux. In fact, it is plain Linux network configuration! But, user-space lxc tools hides some of steps from you, but allow all reconfigurability you would need. So, let's have a look how to configure two distinct network interfaces, and some options you really want to set...
Let's take a look at configuration for container which uses dual homed network, one internal (on br0 bridge) and another external one (on br1 bridge):lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0 lxc.network.name = eth0 lxc.network.ipv4 = 10.60.0.84/23 lxc.network.mtu = 1500 lxc.network.hwaddr = AC:DE:48:00:00:54 lxc.network.veth.pair = veth84 lxc.network.type = veth lxc.network.flags = up lxc.network.link = br1 lxc.network.name = eth1 lxc.network.mtu = 1500 lxc.network.ipv4 = 193.198.212.253/22 lxc.network.hwaddr = AC:DE:48:00:D4:FD lxc.network.veth.pair = veth212253Names of some options are somewhat confusing, so let's take a look what lxc-start does for us:
- create interface for container named lxc.network.veth.pair with mac lxc.network.hwaddr (both parameters are optional, but if you don't specify them you will get randomly generated values which won't be very useful for debugging or monitoring)
- join that interface into bridge lxc.network.link
- inside container
- interface is named lxc.network.name
- ip address from lxc.network.ipv4 (this allows external IP address configuration of container, with only default route inside container)
- interface status to lxc.network.flags
You will notice that I'm using prefix AC:DE:48 prefix for my mac addresses, which, to best of my knowledge range for private use and used all over IEEE docs (something like private IP range, but for mac addresses). I also have habit of naming interfaces with last octet of IP adress for internal ones, and last two for external one and same notation for mac addresses. Our brain is good at spotting patterns, and if you can read hex this seems just natural...
Leave a comment