Hi- I am looking for some basic guidance. I have setup the standard br0 bridge on incus host so I can get ips (192.1.x.x) for containers/vms on my home network. That works fine.
I have one incus managed bridge lxdbr0 (from previous lxd install) and I created a second unmanged bridge (openbr1) that I created for an openwrt container. The unmanged bridge works fine and I can get Ips from the openwrt container.
I want my reverse proxy container (Traefik) to have communication to both the incus managed bridge (lxdbr0) and unmanged bridge (openbr1) created for the openwrt container.
By default, your container will use profile “default”, and will get a nic called “eth0” connects to lxd bridge “lxdbr0”. You can just add a new nic to container: lxc config device add instance eth1 nic name=eth1 nictype=bridged parent=openbr1
If you use incus, change lxc to incus.
But instance will not automatically use the new nic. Depend on your container os, config /etc/network/interfaces or /etc/systemd/network/eth1.network or whatever the file is to use the new nic. Here is an example of systemd network:
There are some information missing here, or I am not getting it.
How does openbr1 connect with the rest of your network?
How do you get IPs from the openwrt container?
Catfish- Thanks so much. Everything is simple when you know the answer :). Now it makes perfect sense, Since incus does know about the unmanaged bridge, you much tell the container in the container network configuration as well as add the device.
I also had another solution where within the openwrt gui you can define a forward rule to forward the container’s ip on the openbr0 bridge back to the lxdbr0 bridge. With that approach you have to do it for every container vs your solution at the container level.
Any thoughts between the two approaches?
It is also interesting that incus’ default behavior is to allow any incus managed bridges to communicate with each other.
Why setup separate incus bridges, if you will allow them to communicate?
How do you decide if you should create a seperate incus network bridge or just have everything on the default bridge which in my case is lxdbr0?
Hi Simos- I always appreciate your response. I defined an blank bridge interface on the host and then within openwrt container configured it to provide IPs. Happy to send you more info if you are interested.
Also had some questions in my response to Catfish above. Always interested in any of your thoughts.
I’ve never tried forward rule way, so no comment on that. But if you tried what I posted, it can be done with cloud-init, so no manual needed.
All incus managed bridges are natted. So, an instance in incusbr0 need a router to communicate with another instance in incusbr1. Whether they can communicate with each other is depend on you.
Well, you can separate them with Project. By default, you use default project, so all instances in same project can communicate with each other.
If I want an instance isolated, it will be in a new project. If I want an instance in my lan, it will attach to my unmanged bridge. If nothing specificate, it will use default bridge.
Thanks Catfish- I was able to get the bridge communication working using your guidance. I am going to look into cloud-init to maybe automate.
I appreciate your comment on leveraging incus projects as a way to separate some of my containers. I am going to look into how to effectively utilize projects. I did setup a project for some “test” stuff but not sure if it will be good to separate my production containers into categories. Maybe a project for Home Assistant stuff.
Yes, projects are flexible and configable. You can think project like acl or vlan or box. It’s like organize your toolbox, put bolts in a box, put nuts in a box, and so on.