Need some help properly configuring a static IP using a bridge to my network in LXD

I’ve read several other threads on here that fall pretty much in line with this topic but none of them have lead me to a solution. I’m coming at this as a long time quasi-Solaris admin, by way of building servers to support my primary function as a DB Systems architect, that is used to building out non-prod environments using Solaris Zones. I feel like LXC/LXD is my best bet for being able to recreate that type of environment in a x86/Linux world. I’m completely hung up on the network bridging at this point though. We’re working with OEL8 as the host running on VMWare. LXD installation was done via snap using and --channel=4.0/stable so I’m running 4.0.5 right now. I want to assign a static IP to the container that is in the same /24 subnet as my host and I think I’ve successfully created a bridge called br11 with my host’s ens192 interface as the slave. I think things are in good shape there as the bridge interface is showing the IP that was originally assigned to ens192 and I’m still able to connect the the host over SSH and the host is still able to get to the outside world, run yum update and so on. Just looking for help and insight here. I feel like I’m right on the verge of getting this to work but I’m just missing something. Let me know what I need to provide to get some help troubleshooting this. Thanks.

This is how I do it.

echo "Setting network bridge dhcp address and SUBNET"
lxc network set lxdbr0 ipv4.address 10.229.218.254/24

lxc config device add $CONTAINER_NAME eth0 nic nictype=bridged parent=lxdbr0 name=eth0

IPADDRESS=10.229.218.220
lxc config device set $CONTAINER_NAME eth0 ipv4.address $IPADDRESS

Thanks @pascal_dher. From your first echo line it says setting bridge dhcp address. I’m not wanting any actual dhcp for the subnet I’m working in. All of the addresses I’m working with are set aside as a static pool on our corporate network. When you set the address as shown above on your bridge will it also try to hand out dhcp addresses on that subnet?

@pascal_dher thanks again for in the input and this at least led me down another avenue and I learned some things. I was able to figure out how to restrict the DHCP pool for the managed bridge adapter and I was able to get IPs assigned to containers but I still can’t access the containers if I’m not on the host and I’m really not looking to maintain small pools of DHCP addresses on the bridge. I really appreciate you insight but I think I’ll have to keep working on it.

I think it comes down to the network bridge, whether it’s NAT’ed etc.
Perhaps you can use this one

1 Like

Hi!
There are several ways for a container to get an IP address from the LAN (i.e. the same network as the host). This includes the bridge that you are using, macvlan, routed, ipvlan.

In the case of the bridge and macvlan, the container should be able to get an IP address from the LAN’s router through DHCP. And you would setup the static IP assignment on the router’s DHCP configuration so that it is aware of the assignment as well.

But in the case of virtualisation (VMWare), the DHCP request and/or DHCP lease is filtered out and you have to enable the appropriate VMWare option to make it work. Others reported they managed to make it work with VMWare. On VirtualBox, the option is called “Promiscuous mode”.

Having said that, if you disregard the automatic IP address assignment (which is not a requirement in your case), you can setup the network configuration manually inside the container. If the container still cannot get access to the LAN, then there might be an issue with port security and VMWare. Because with either bridge or macvlan, VMWare sees that two different MAC addresses are being served from the same guest and may not want to that. See more at Configure the Security Policy for a vSphere Standard Switch or Standard Port Group

@simos thanks so much for the response. I’ll take a look into the VMWare note as soon as I get a chance.

@simos as of right now I’m working on this in a VMWare environment because that’s what I’ve got available. Do you happen to know offhand it Oracle’s OVM virtual platform has a similar capability for its switches to be set in a promiscuous mode? If you don’t have any experience with it no big deal just thought I’d ask since you have some much virtual networking experience. Thanks again.

I expect that it does as it is a common feature, though I have not verified it.

I have verified that it works with Oracle VM VirtualBox (a couple of years ago). Specifically, you enable the Promiscuous mode in the VirtualBox settings, then enable the PROMISC flag on the host’s network interface.