Confusion About Hosting DHCP Server inside Linux Container

Hello all. I have a few questions about networking in LXD and hosting a DHCP server in a container. I’m not sure if what I’m trying to do is even possible.

I have Ubuntu Server 20.04 installed as my host OS. I would like to run DHCP in a Linux Container to provide address information for a guest network I’m building at my job. Normally I would just launch a new container and use a macvlans profile for the container to speak directly to the rest of the network. However, I realized then that the host OS would not be able to get a lease assigned since the host OS can’t communicate over the network to a container networked using macvlans.

I’m not sure if I’m making any sense. I’ve been researching this for hours now and am running on lots of caffeine. Is it possible for a container to be the sole DHCP server for a network and the host OS still get leases assigned so that it can continue to communicate on the network and acquire updates, etc? Perhaps I’m just going about this the wrong way?

Any help would be appreciated, and I’ll do the best I can to clarify any information.

Hi!

Having the DHCP server in a LXD container is an issue when you want it to serve the host as well. Because the host has to boot up properly and then the container starts.

You can bypass the macvlan feature of non-communication between host and specific container if you use a public bridge instead.
But still it looks better to have static IP for the host so that it does not have a requirement for the container that depends on it.

Thank you. I had considered doing a static IP for the host, but didn’t know if establishing host-guest communication and getting an assigned IP was a “better way”. Statically assigning seems like it’s potentially less of a headache so I will go that route. Thank you for the advice.

Can I tack on another question into this thread? I have the host set as static and created the container using a macvlans profile. I just now got the scope list from my network admin that I need to create in DHCP and there are almost 30 VLANs he wants this DHCP server to handle requests for. What’s the best way to manage the virtual interfaces for this? Will creating more interfaces using macvlans work?

You can specify the vlan property on a macvlan device, this will create a VLAN interface on the host’s parent device (if not already existing), and then create a macvlan interface ontop of that to pass into the container. You could add all of these different VLANs as separate macvlan devices with different vlan values set and these would then be passed into the container as separate interfaces.

You could also potentially use a separate bridge interface that is connected your external trunk port, and then use a bridged NIC with the tagged vlans set in vlan.tagged property, I believe you could then create the vlan interfaces ontop of bridged NIC device inside the container.

See

https://linuxcontainers.org/lxd/docs/master/instances#nic-macvlan

Thank you for that information. Here’s what I’ve attempted to do now:

I wanted to try creating macvlan devices with vlan values set so I looked at my interface which is eno4 and attempted to create a network with the following command

lxc network create VLAN1100 --type=macvlan parent=eno4 vlan=1100

This returns that the network is created and it shows up in lxc network list. However it fails to attach to an instance. The container is called guest-dhcp and here is the command I’m using.

lxc network attach VLAN1100 guest-dhcp

This returns the message “Failed to start device ‘VLAN100’: Parent device ‘VLAN1100’ doesn’t exist”

I specified eno4 as the parent in the command, and when I view the network using edit it shows “parent: eno4”. What am I missing here? Also, is this the incorrect way to create vlan tags on the macvlan devices? I tried to use the links you provided to determine the correct method.

Ah it maybe that using vlans with macvlan networks doesn’t work at this time, I’ll take a look at that.

However an alternative way which might actually be easier for your setup is to just add macvlan nic devices to your container:

lxc config device add c1 eth0 nic nictype=macvlan parent=parentinterface vlan=1234

Okay, good to know I wasn’t doing anything completely wrong there. I tried adding the interface as a device using the example you listed and that worked. I will continue to build the needed interfaces that way. Thank you again for the help. I appreciate it.

This should enable the original lxc network attach behaviour you were using: