How To Set Up a Network Bridge for LXD Containers
Most of our web applications run in LXD containers. Not without reason LXD is one of the most important features of Ubuntu Server for me. There are many ways to access a web application in an LXD container from outside. For example, you can use a reverse proxy to control access to the containers. Another possibility is to set up a network bridge so that the containers are in the same network as the container host (the Ubuntu server). In this article I would like to describe how to set up a network bridge for LXD containers.
Network Bridge for LXD Containers
To set up a network bridge under Ubuntu, you need to install the bridge-utils:
$ apt install bridge-utils
Then you can set up the network bridge.
Ubuntu 16.04
Up to Ubuntu 16.04 Ubuntu uses ifupdown to set network connection settings. The configuration is done in the files under /etc/network/. A simple network bridge – to get the containers into the host network – might look like this:
$ cat /etc/network/interfaces # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). source /etc/network/interfaces.d/* # The loopback network interface auto lo iface lo inet loopback # The main Bridge auto br0 iface br0 inet dhcp bridge-ifaces enp4s0 bridge-ports enp4s0 up ip link set enp4s0 up # The primary network interface iface enp4s0 inet manual
In this example the bridge gets its address from a DHCP server. The real network card enp4s0 is set to manual mode and assigned to the bridge.
Ubuntu 18.04
As of Ubuntu 18.04 Netplan is used to configure the network connections. The configuration files can be found under /etc/netplan/. A definition for the bridge could look like this:
$ cat /etc/netplan/50-cloud-init.yaml # This file is generated from information provided by # the datasource. Changes to it will not persist across an instance. # To disable cloud-init's network configuration capabilities, write a file # /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following: # network: {config: disabled} network: ethernets: enp3s0: dhcp4: no version: 2 bridges: br0: dhcp4: no addresses: - 10.10.10.5/24 gateway4: 10.10.10.254 nameservers: addresses: - 10.10.10.254 interfaces: - enp3s0
In the upper part you configure the real network card (enp3s0) and don’t assign an address to it. Then the definition of the network bridge follows. It is set up like a static network connection and also contains the key interfaces. There you define which real network card should be “bridged”. You will find further (more complex) examples of network bridges on the official website.
Now the following command applies the changes to the network settings:
$ netplan apply --debug
Assign Network Bridge
Once you have finished setting up the network bridge and it gets the correct IP address, you have to tell the LXD container to get its IP address from the network bridge. This can be done with the following command:
$ lxc config device add containername eth0 nic nictype=bridged parent=br0 name=eth0
With name=eth0 you define under which name the network card can be found in the container. Now you can configure eth0 in the container as you like. From now on the container will get an IP address from the host network.
Conclusion
You can set up a simple network bridge quit easily and assign it to a container. This allows other users on the network to access a web application without the need to set up a reverse proxy on the container host. More complex scenarios are also possible (VLANs, multiple bridges to get containers into different networks, etc.), but this would go beyond the scope of this short article.
0 Comments