...
macvlan with Additional IP - allows you to have, a dedicated network interfaces (to the outside world) but actually only use one real physical network card. Unlike using a bridge this will not have the cpu overhead and need for your network card to work in promiscuous mode. This article builds on the work done in the introductory LXC article.
I actually use both techniques together.
...
The containers can reach the network and each other, but not the host. Even though the host may be on the same network. I am not sure why this is the case (maybe security?) but do not see have a need to solve with any this use case at the moment. macvlan Macvlan has many modes, but from my readings bridge mode is most appropriate.
...
One interesting limitation I encountered is that other containers cannot resolve to the Additional Public IP. Not sure why and looking into fixing this.
...
Make the container aware of the mvlan0 by modifying the config file located in /var/lib/lxc/[container]/config. In this example, I named the container web so the location will be /var/lib/lxc/web/config,.
Code Block | ||
---|---|---|
| ||
# The directory itself is root only so for ease of browsing you might want to switch to root sudo su - |
Modify the config file,We will be adding a network card for the container. First step is to use the hellion website to generate a Random Locally Administered Unicast MAC Address. Then, modify the config file by adding a network card for the container.
Code Block | ||
---|---|---|
| ||
# Template used to create this container: /usr/share/lxc/templates/lxc-ubuntu # Parameters passed to the template: # For additional config options, please look at lxc.container.conf(5) # Common configuration lxc.include = /usr/share/lxc/config/ubuntu.common.conf # Container specific configuration lxc.rootfs = /var/lib/lxc/web/rootfs lxc.mount = /var/lib/lxc/web/fstab lxc.utsname = web lxc.arch = amd64 # Network configuration # macvlan for external IP lxc.network.type = macvlan lxc.network.macvlan.mode = bridge lxc.network.flags = up lxc.network.link = mvlan0 lxc.network.hwaddr = 00:16:3e:8d:4f:51 lxc.network.name = eth0 # Interface using LXC dhcp to communicate with other containers lxc.network.type = veth lxc.network.flags = up lxc.network.link = lxcbr0 lxc.network.hwaddr = 00:16:3e:a2:7d:54 lxc.network.name = eth1 |
...