How to expose an Incus (VM) to the network as if it were it's own device aka assign an own IP (not bridging) in IncusOS? Including mDNS support? MacVLan parent not selectable?

Use case

I am still at setting up Home Assistant and it has two cool (network) features:

  • AFAIK it advertises homassistant as the hostname, so you can reach it under homeassistant.local.
  • It uses things like mDNS (or apparently other methods) to auto-discover other (IoT etc.) devices. This has not worked for me in bridge mode (or I am too dumb to see it).

Also:

  • With MQTT etc. it can have quite a lot of ports to expose, which is cumbersome if you reach it under the same IP as the Incus host.

Problem

The default network (in IncusOS) is a NAT bridge apparently. However, for this VM, IMHO, a different networking would be great, but I was unable to configure it.

Tried solutions

MacVLan

I found How to use my local lan instead of incus network? Ipv4 and ipv6? - #4 by simos which seems to be exactly what I want.

Also the doc seems to describe Macvlan as exactly what I want.
However, in the Incus-UI aka the GUI, I need to provide one required parameter named parent.
The problem is: what parent network(?) should I add here? If I could, I would add my ethernet interface, but the second problem is: In the UI the dropdown is empty – I literally cannot create and configure a macvlan network:

Keep the bridge but configure it

Initially when I read I could just disable nat in the bridge options, I thought this setting could help achieve my goal. Problem is: It does not, I guess it just routes/“bridges” nothing from the “outside LAN” then.

I however also found this article, but it looks really like a vibdecoded/LLMed website and I do not really think all makes sense there. Aka there is a YAML config in the (low resolution) screenshot (that is to be added in the GUI) that is totally different from what is shown before.

Questions

So what is the suggested approach here? What may I be doing wrong?

Have you tried to use the „routed“ option?

I use it for my reverse proxy and some other containers and it works pretty well. In my case I use the physical NIC as parent…

In my case to propagate broadcast traffic to incus instance, I used pure L2 bridge inteface.

I am sorry, but which “routed” option? Neither macvlan network nor bridge network do have that setting/property?

Hmm okay, need to find out how to (best) configure it via the Incus-(G)UI.

„Routed“ is a nictype like bridged or macvlan. It required to define a static IP from your network. Take a look at Type: nic - Incus documentation

Might be not available in the UI but the cli supports it.

You could try a OVN bridge instead, it seems to work for this guy on Proxmox Linux Bridge - VLAN & Multicast | Proxmox Support Forum

Maybe the sysctl there work for you and you need to disable the incus Firewall

I would, if I would know how. See my OP. I think the issue is just that I don’t know how to configure it.

Also note Incus-OS has no shell access, so I cannot just run arbitrary commands. I can use the in us cli remotely, or I can use the web UI.

Didn’t see anything about OVN but yeah your right about sysctl in IncusOS maybe there’s something like Tuneables in Proxmox ve?

Okay thank you all! It’s quite embarrassing, but it was really only one command to create a macvlan network:

$ incus network create IncusName:macvlan --type=macvlan parent=enp2s0f0                    
Network IncusOS:macvlan created

You can look up the network name (enp2s0f0) on IncusOS’ GUI under OS → Network (/ui/os/network)

This was enough and the network just “magically” shows up in Incus(OS) GUI! You can then just assign it as usual.

The thing is, as shown in my OP, the GUI did not show this respectively allow you to select a parent. I guess this is a bug, so I opened:

Okay, I stand corrected. Do not create a macvlan in IncusOS!

As @stgraber warned me:

macvlan interacts differently with each NIC vendor driver making its behavior rather inconsistent. Since IncusOS does quite a bunch of weird stuff with networking, […], we really can’t predict how that will conflict with various NIC drivers.

So you can go through Incus […], but it’s perfectly possible that the next version of IncusOS will change [… something…,] which could lead to your system completely failing to come online.

(Highlighting by myself)

Actually, all it takes for the use case to solve, is already documented in the IncusOS documentation:

Here is also the short summary.

My two cents about this:

  1. Understand these YAML configurations first. You can edit them via CLI or in the UI (OS → network).
  2. Especially, as for assigning the roles, please note to not edit the shown state: part in the YAML, but the config: part! If you use the wrong one, you will not see an error, but just no reaction. state: can be ignored, it’s just reflecting… well… the current state.
  3. Thus you can do everything in the GUI (which is great!), you just need to know how and enabling/adding the instances role for your network interface is the key here! You can then just select that as a “parent” in the UI.
  4. Personally, I also would not name each interface with the same name as the docs say, to not get lost in what is what.

Edit: This thread shows exactly the same solution: