Managed network dependency resolution on incusd start

candlerb · June 17, 2025, 7:44am

Not answering your question here, but I just wanted to point out that there is a middle ground, which is to use VLAN-aware bridges.

Here’s the configuration from my home server:

# /etc/netplan/01-netcfg.yaml
network:
  version: 2
  ethernets:
    enp1s0:
      wakeonlan: true
      dhcp4: false
      accept-ra: false
      link-local: []
  bridges:
    br0:
      # See https://bugs.launchpad.net/netplan/+bug/1782221
      macaddress: xx:xx:xx:xx:xx:xx   # Copy MAC address of enp1s0
      interfaces: [enp1s0]
      parameters:
        stp: false
        forward-delay: 0
      dhcp4: false
      accept-ra: false
      addresses:
        - 10.12.255.13/24
        - "xxxx:xxxx:xxxx:xxxx::13/64"
      routes:
        - to: default
          via: 10.12.255.1
        - to: default
          via: "xxxx:xxxx:xxxx:xxxx::1"
      nameservers:
        addresses: [10.12.255.1]
        search: [example.com]

# /etc/systemd/network/10-netplan-br0.netdev.d/vlan.conf
[Bridge]
MulticastSnooping=false
VLANFiltering=true

# /etc/systemd/network/10-netplan-br0.network.d/vlan.conf
[BridgeVLAN]
VLAN=2-3
VLAN=248-256
PVID=255
EgressUntagged=255

# /etc/systemd/network/10-netplan-enp1s0.network.d/vlan.conf
[BridgeVLAN]
VLAN=2-3
VLAN=248-256

The above config gives me tagged VLANs on the enp1s0 port. The server’s own IP address is on VLAN 255, which is still tagged on the external port, but because of settings PVID and EgressUntagged, I can apply the local address to br0 directly, rather than br0.255.

Then in incus, I create interfaces or profiles which attach to any VLAN of interest without having to touch the network config any further, for example:

# incus profile show br255
config: {}
description: Bridge to vlan 255
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: br0
    type: nic
    vlan: "255"
  root:
    path: /
    pool: default
    type: disk
name: br255

It’s slightly annoying that I can’t put all the config in netplan so I need those auxiliary files under /etc/systemd/network/, but apart from that it works really well, and is way simpler than trying to get my head around OVN.

Useful commands:

ip [-d] [-j -p] link show type bridge
ip [-d] [-j -p] link show br0
ip [-d] [-j -p] link show master br0
bridge -compressvlans vlan show
bridge link show