AWS: How to assign an Elastic IP to an individual container

mliassides · April 16, 2022, 8:02pm

Hi there - This is a very new area for me, so I apologize in advance for naivety and stupidity. I’m going round in circles trying to solve this so I thought I should swallow my pride and ask for help.

I successfully setup LXD on an EC2 instance (using Amazon Linux 2) and using the default bridge settings was able to launch two containers, each with an IP assigned by the bridge. I can ping out of the containers and following these instructions I was able to setup routes through to each container - How To Install and Configure LXD on Ubuntu 20.04 | DigitalOcean

Everything works fine other than both containers use the host IP address outbound where I need each to have its own public IP address. I have separate Elastic IPs in AWS, along with corresponding private ipv4 addresses, but I can’t figure out how to assign them to a container. At present they all show under eth0 (the host network interface). I’ve read numerous posts about different methods to assign container IP addresses and have also seen mention of challenges with AWS. My head is spinning and I can’t see the wood for the trees anymore!

Any help would be greatly appreciated. Thank you!

roka · April 19, 2022, 3:02am

Easiest way to do it is add NIC to your EC2 instance with elastic AWS IP and then pass them as physical interface to the containers you create. You can read more about it in Instance configuration - LXD documentation

mliassides · April 19, 2022, 3:23am

Thank you so much for your response.

I did try this approach today, and was able to move assign the second NIC to the container successfully. The container showed as having the private ipv4 address assigned to it and I was able to ping it externally. I couldn’t access the internet or ping out from the container though and I couldn’t figure out why. I will try again tomorrow reading through the instructions you sent in more detail.

tomp · April 19, 2022, 3:58pm

Using that setup please show lxc config show <instance> --expanded and ip a and ip r both on the LXD host and inside the container.

mliassides · April 20, 2022, 7:33pm

Thank you for your response. After much trial and error (and Googling) I was able to get everything running perfectly. It took quite a while with the learning curve (me not the product) but I’m very happy with the setup now. Thank you again!

dontlaugh · April 24, 2022, 6:50pm

Relates to this post, as well https://discuss.linuxcontainers.org/t/aws-best-way-to-give-container-its-own-ip-from-attached-eni-nic

Also, this very recent Youtube video has given me some additional ideas Accessing services running in LXD instances - YouTube

AWS allows setting routes at the VPC and subnet level. So what I really want to try is routing to an entire container subnet via an ENI/virtual NIC attached in the manner Marcus mentions above.

Based on the Youtube video, this seems to be possible if the attached NIC is created as an LXD network with a dedicated network bridge as the parent. This scheme might also work well for LXD clusters with Fan Overlay networking.

Setting up routes in AWS is not difficult, but it is definitely something you would want to automate with the aws CLI or terraform or similar, since there are several steps involved.

tomp · April 25, 2022, 7:50am

Using that approach, you could route a single /32 to an EC2 VM and then use a routed NIC on the LXD instance to have it pass in a single external IP into the instance without needing a separate bridge.

jianzhicvs · May 15, 2022, 1:38pm

Hello, I have encountered the same problem recently. I searched a lot of relevant information and still can’t solve it. How to assign an elastic IP to an individual container.

tomp · May 16, 2022, 7:33am

Have you assigned it to the EC2 instance?