LXD bridged nic can't get IP from DHCP

ikz · July 12, 2019, 9:39am

I’m trying to build a development environment on MacOS with LXD.
The setup:
hyperkit (successor of xhyve port, not exactly, but still) with ubuntu 16.04 as guest VM.
For LXD ubuntu is a host.
From MacOS there is a bridged nic 192.168.64.0/24. Ubuntu gets an IP address.
LXD (3.0.3-0ubuntu1~16.04.1) + ZFS + LXD bridge network.

What I want is to get access from MacOS host inside containers, without needing to login into Ubuntu.

I’m trying to do this

eth0:
  name: eth0
  nictype: bridged
  parent: lxdbr0
  type: nic
eth1:
  name: eth1
  nictype: bridged
  parent: br0
  type: nic

eth0 gets an IP from lxdbr0, but eth1 can’t get an IP.

br0       Link encap:Ethernet  HWaddr 0e:79:1a:e7:94:93
          inet addr:192.168.64.26  Bcast:192.168.64.255  Mask:255.255.255.0
          inet6 addr: fe80::c79:1aff:fee7:9493/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1


 musical-whale | RUNNING | 10.242.80.83 (eth0) | fd42:a689:134b:3738:216:3eff:feb7:6df3 (eth0) | EPHEMERAL | 0         |

The question is – how can I assign an 2 IP addresses to a container. 1 from bridged network from ubuntu host, that is bridged with MacOS and the second from internal network.
The next step is to use avahi daemon to ssh into containers by names.

I’ve read about user and groups mapping, but do not understand clearly whether I need that or not…
Thanks.

simos · July 12, 2019, 2:42pm

With the bridged interface br1 the container sends a DHCP request to that interface for a DHCP lease. LXD is NOT involved in any way here.

It is up to the DHCP server on that bridge to respond to the request and for the container to receive and act on it.

You are describing how to get a container to receive a public IP address (well, from same source as host).
With VMware and virtual box, the first step is to set the setting “promiscuous” to the VM network interface. It is likely your virtualization software stumbles on that. Does it have such a setting?

In any case you can debug this using tshark/tcpdump.

ikz · July 12, 2019, 4:36pm

Thanks for the reply.
I’ve read several articles about VMware and VirtualBox, but trying to achieve the same with Hyperkit. I’ve added promiscuous mode to bridged network in hyperkit vm. But is seems that lxd container sends a dhcp request, but not getting an IP. Maybe you know some workarounds, how to achieve this?

br0       Link encap:Ethernet  HWaddr 0e:79:1a:e7:94:93
       inet addr:192.168.64.26  Bcast:192.168.64.255  Mask:255.255.255.0
      inet6 addr: fe80::c79:1aff:fee7:9493/64 Scope:Link
      UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
      RX packets:6213 errors:0 dropped:0 overruns:0 frame:0
      TX packets:4307 errors:0 dropped:0 overruns:0 carrier:0
      collisions:0 txqueuelen:1000
      RX bytes:8095918 (8.0 MB)  TX bytes:517603 (517.6 KB)

PROMISC

but on MacOS

 $ sudo ifconfig bridge100 promisc
   ifconfig: promisc: bad value

ikz · July 12, 2019, 4:39pm

the syslog tells this

Jul 12 14:57:36 musical-whale dhclient[374]: Listening on LPF/eth1/00:16:3e:da:8c:84
Jul 12 14:57:36 musical-whale ifup[156]: Listening on LPF/eth1/00:16:3e:da:8c:84
Jul 12 14:57:36 musical-whale ifup[156]: Sending on   LPF/eth1/00:16:3e:da:8c:84
Jul 12 14:57:36 musical-whale ifup[156]: Sending on   Socket/fallback
Jul 12 14:57:36 musical-whale ifup[156]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67     interval 3 (xid=0x7ef1b825)
Jul 12 14:57:36 musical-whale dhclient[374]: Sending on   LPF/eth1/00:16:3e:da:8c:84
Jul 12 14:57:36 musical-whale dhclient[374]: Sending on   Socket/fallback
Jul 12 14:57:36 musical-whale dhclient[374]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 3 (xid=0x7ef1b825)
Jul 12 14:57:39 musical-whale dhclient[374]: DHCPDISCOVER on eth1 to 255.255.255.255 port 67 interval 6 (xid=0x7ef1b825)

simos · July 12, 2019, 8:42pm

On Virtualbox, apart from setting the network interface setting to promiscuous (in the VB settings), you also need to set the host network interface to promiscuous mode as well (with ifconfig, etc). Sounds weird but it is a workaround. Give it a try because your capture resembles the same case with Virtualbox (when you ommit to ifconfig to promisc.)

ikz · July 19, 2019, 11:14am

ok, I couldn’t achieve the same behaviour with hyperkit. Made a setup with VB in promiscuous mode + host network.
But with this setup there are 2 problems. 1st, it takes some time to lease IP address after new container started. And sometimes traffic is not routed correctly, container restart helps with that.

I’ll try later to made it work with hyperkit. Thanks for help.