Secondary Network | Getting Started Help

Hi everyone. I have a couple of questions. I want to use LXD/LXC in order to host a DHCP and DNS servers (one per container), and I hope to keep logs of the DHCP and DNS. My thought is to use syslog from the containers to an internal network - not on the host necessarily, but on the same network as the host. The DHCP and DNS container will be on a different, public network, and the host will be on an in-band network for management away from the clients that are using the DHCP and DNS on the containers.

Is it possible to create a secondary network between the containers and host network that would allow the containers to send their logs directly to the syslog server on the in-band network? Perhaps a host-only network where the containers can see out past the host and the host and containers can see each other, but past the host nothing can see the containers on that network?

The server has four interfaces. eth1 is for the host (in-band network)

eth2 - physical pass-through to the DHCP with a public IP to the range being allocated.

eth3 - physical pass-through to the DNS with a public IP to the range being allocated.

eth4 - unassigned.

Thanks,

Much appreciated!

Hi!

This is not clear. You want to create multiple containers, and each will have a pair of DHCP & DNS services?
Or, you want to create just two containers, one for DHCP and one for DNS?
You allude later that there might be a single container with both DHCP and DNS.

This container will get an IP address from the LAN? You can use either bridged networking or macvlan. Probably bridged networking if you want the container to access the host.

Normally in LXD, the host is the computer that runs the LXD server, and it runs the containers. A host is associated with its containers. You also mention clients, which I assume you refer to some other separate computers which will be clients to the DHCP/DNS services.

For the communication between the host and the DHCP/DNS container, you can use proxy device as shown at https://github.com/lxc/lxd/blob/master/doc/containers.md#type-proxy In this way, you can avoid networking altogether (i.e. use Unix socket for the communication between the host and the container).

Alternatively, you can assign eth1 to the DHCP/DNS container as an additional nic according to https://github.com/lxc/lxd/blob/master/doc/containers.md#type-nic (use nic=physical). By doing so, the NIC will disappear from the host and will appear in the DHCP/DNS container as an additional network interface. You can then configure as the destination for syslog events.