Routed network — IP address in use on parent network


I have a dedicated server with a public IP (e.g., and have the range allocated to me.

I’m using the routed method to assign external IPs to each container:

lxc profile device add default eth0 nic nictype=routed parent=enp34s0
lxc config device override mta eth0 ipv4.address=

When starting the container, I get:

Error: Failed to start device "eth0": IP address "" in use on parent network "enp34s0"

The address is not in active use, but I bet it’s because it’s in the same /24. ip a shows:

    inet brd scope global enp34s0

How could I work around this? Thanks in advance!

No, its because something is responding to an ARP solicitation for that address on the parent network (which suggests there is another device on the network that has that IP).

You can set ipv4.neighbor_probe=false on the routed NIC, see:

However if there is another device also claiming that IP, then when LXD adds a proxy ARP entry onto the parent it may cause connectivity problems for that device and your container as they will be competing over that address.

Thanks! But actually this never worked out.

lxc profile show default

ipv4.neighbor_probe: “false”
nictype: routed
parent: enp34s0
type: nic

lxc start c1
Error: Failed to start device “eth0”: IP address “” in use on parent network “enp34s0”

$ ip a
2: enp34s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 2c:f0:5d:a6:99:8a brd ff:ff:ff:ff:ff:ff
inet brd scope global enp34s0

Would you have any other suggestions on how to get routed working?

What does lxc config show <instance> --expanded show for the affected instance?

Thanks again for the reply.

# lxc config show c1 --expanded

  image.architecture: amd64
  image.description: ubuntu 18.04 LTS amd64 (release) (20230112)
  image.label: release
  image.os: ubuntu
  image.release: bionic
  image.serial: "20230112"
  image.type: squashfs
  image.version: "18.04"
  security.nesting: "true"
  volatile.apply_template: create
  volatile.base_image: d78ff45458cdb18817988a9abb8c9ce7ebb81b87282cc0aebf66872321d77dba 9b3e384f-29e8-421a-a8bc-583fcb029b02
  volatile.eth0.hwaddr: 00:16:3e:ef:86:fa eth0
  volatile.idmap.base: "0"
  volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]' '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
  volatile.uuid: 48c377b0-6e11-432e-9bee-a4bb0017d973
    nictype: routed
    parent: enp34s0
    type: nic
    path: /
    pool: default
    type: disk
ephemeral: false
- default
stateful: false
description: ""

(I changed the IP to be prefixed with 1.2.3 instead of the actual external IP)

Ah OK, I think I know what is happening, but to confirm can you show lxc config show c1 (without the --expanded bit).

I expect thats happened is that you’ve defined the routed eth0 on the profile with ipv4.neighbor_probe: “false” but your actual container has its own routed eth0 with different settings (it needs to because it needs to have ipv4.address: set).

So you need to apply the ipv4.neighbor_probe directly to the instance using:

lxc config device set c1 eth0 ipv4.neighbor_probe=false

Effectively the eth0 in the profile isn’t being used and could be removed entirely.