Translation(s): English - Français
Please find alternative network setups for containers on the LXC mainpage.
VLAN + bridge + LXC
host configuration
Assuming the host is on a regular private local network, and you place the guest inside the .123 VLAN, here's what /etc/network/interfaces may look like :
auto eth0
iface eth0 inet static
address 192.168.1.12
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 192.168.1.1
iface eth0.123 inet manual
auto br0.123
iface br0.123 inet manual
bridge_ports eth0.123
bridge_fd 0
bridge_maxwait 0VLAN configuration is part of the vlan package and is described in the vlan-interfaces(5) man page (which also describes alternative configuration formats). The bridge_* options are in bridge_utils_interfaces(5), part of bridge-utils. Descriptions of Linux VLANs and bridging.
The resulting configuration should look like:
host$ ip addr show _: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether __:__:__:__:__:__ brd ff:ff:ff:ff:ff:ff inet 192.168.1.12/24 brd 192.168.1.255 scope global eth0 inet6 ____::___:____:____:____/64 scope link valid_lft forever preferred_lft forever _: br0.123: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN link/ether __:__:__:__:__:__ brd ff:ff:ff:ff:ff:ff inet6 ____::___:____:____:____/64 scope link valid_lft forever preferred_lft forever _: eth0.123@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP link/ether __:__:__:__:__:__ brd ff:ff:ff:ff:ff:ff inet6 ____::___:____:____:____/64 scope link valid_lft forever preferred_lft forever host$ ip route show 192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.12 default via 192.168.1.1 dev eth0
IP address on the bridge
Alternatively, one may place the IP address on the bridge instead of the physical device, so the configuration becomes:
iface eth0.123 inet manual
auto br0.123
iface br0.123 inet static
bridge_...
...
address ...There is no explicit eth0 line.
The resulting configuration should look like:
host$ ip addr show _: eth0: ... link/ether ... inet6 ... _: br0.123: ... link/ether ... inet 192.168.1.12/24 brd 192.168.1.255 scope global br0.123 inet6 ... _: eth0.123@eth0: ... ... host$ ip route show 192.168.1.0/24 dev br0.123 proto kernel scope link src 192.168.1.12 default via 192.168.1.1 dev br0.123
guest configuration
Then, you'd configure the LXC container/guest with something like :
lxc.utsname = guestvm lxc.network.type = veth lxc.network.flags = up lxc.network.link = br0.123 lxc.network.name = eth0 lxc.network.ipv4 = 192.168.2.1/24 lxc.network.veth.pair = vethvm1
where 192.168.2.x would be on the 123 VLAN.
To the guest, this will then be transparent : inside the guest, a single eth0 will be available, with 192.168.2.1/24 IP address (and no VLAN).
You'll probably need ebtables firewalling to control the traffic through the bridge.
Attention : if you receive the following message inside the guest upon network start : RTNETLINK answers: File exists, then you may need to comment the lxc.network.ipv4 line in the guest's config, and add a full auto eth0 + iface eth0 inet static ... inside the guest's /etc/network/interfaces (the guest's ifupdown's network configuration on boot will try to up an already up interface which has already been set to an IP, hence the error message).
(VLAN + bridge + LXC) x n
Instructions for adding more VLANs/bridges/LXCs.
host configuration
Create one bridge with an IP address, as above:
iface eth0.123 inet manual
auto br0.123
iface br0.123 inet static
bridge_...
...
address ...For each additional VLAN + bridge pair, add them without an address:
iface eth0.124 inet manual
auto br0.124
iface br0.124 inet manual
bridge_...
guest configuration
Containers are configured as in the one-VLAN case.
With multiple bridges, it becomes possible to configure a container with multiple ports, each connected to a different bridge (and thus, typically, a different VLAN). (Of course it's also possible—though fairly pointless—to connect multiple ports to the same bridge.) See lxc.conf(5) for details.