Posted on by Leave a comment

Exposing the host LAN to an LXD instance with macvlan

LXD instances can be configured with networking interfaces connected to the same local area network (LAN) as their host server. This allow devices on the same external network as the host to communicate with an instance as if it were another device on their LAN.

The macvlan interface will need to connect through a networking interface on the host server. Using the ip addr command on the server, we can see a list of networking interfaces. I will choose to use the interface labeled eno1.

$ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether a4:ba:db:15:fe:22 brd ff:ff:ff:ff:ff:ff
    inet 192.168.200.2/24 brd 192.168.200.255 scope global eno1
       valid_lft forever preferred_lft forever

We need to create a new profile that creates a networking interface that uses macvlan. We will name it macvlan-eno1 to describe the purpose of the profile. To create the profile use the following command:

$ lxc profile create macvlan-eno1

The new profile now can be modified to include a new networking interface that will use eno1. The default profile used by instances already creates a device named eth0. For this how-to we will create a second interface for our instances named eth1. We can choose to edit the profile directly using an editor (lxc profile edit macvlan-eno1) or add a new network device using LXC command-line options.

Choosing the later option, we can create the new networking device within the profile and define our settings. The device will have to identify the parent networking interface card as well as define the type of interface. To create the new device run the following command:

$ lxc profile device add macvlan-eno1 eth1 nic nictype=macvlan parent=eno1

To view the contents of the profile we can run the command:

$ lxc profile show macvlan-eno1
config: {}
description: ""
devices:
  eth1:
    nictype: macvlan
    parent: eno1
    type: nic
name: macvlan-eno1
used_by: []

If you are launching a new instance you can use the –-profile (or -p) option to add profiles to the instance as it is created. But if the instance already exists you will have to append the new profile to the container. Let’s assume we have an instance named container1. To append the macvlan-eno1 profile to this instance use the following command:

$ lxc profile add container1 macvlan-eno1

To show the applied configuration use the following command:

$ lxc config show container1 -e

The profile configuration can be removed from the instance. To remove the profile use the following command:

$ lxc profile remove container1 macvlan-eno1

When you remove the profile from the instance, the profile still exists and can be used for other instances. If you want to permanently remove the profile it can be deleted with the following command:

$ lxc profile delete macvlan-eno1
Leave a Reply

Your email address will not be published. Required fields are marked *