VLAN tagging on container?

Zerowalker · March 16, 2023, 5:18am

Is it possible to set a VLAN tag on a container?
I have tried MacVLAN but it doesn’t seem to behave as i expected.

I got a LXD Host (which runs in Hyper-V if that matters) which has access to the network like normal, no VLAN tagging going on,
and it normally just bridges it to the containers so they get their ip from the DHCP.

I want a container to have access to both that and a VLAN network, but i seem to be a bit stuck.

k4my4b · March 16, 2023, 3:54pm

@Zerowalker you can vlan tag interfaces as long as the parent is a bridge (AFAIK)

lxc config device set <yourcontainer> eth<N> vlan=<X>

<...>
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: br0
    type: nic
    vlan: "8"
<...>

Zerowalker · March 20, 2023, 5:08am

will try that

Zerowalker · March 20, 2023, 7:06am

hmm can’t seem to get it to work.
I enabled VLAN Filtering and did as you suggested, but the container doesn’t get any ip.

I was able to get it to work on the host by making a vlan interface with netplan on the bridge,
so i know that it should work.

Do i need to do something in the container?
It currently doesn’t do anything on the nic except tell it to use dhcp, as i want the interface to be untagged, forcing the specified vlan, which i think is what the config you mentioned is supposed to do?

k4my4b · March 20, 2023, 4:36pm

@Zerowalker
Nothing needs to be done on the container side apart from setting the vlan tag through LXD and making sure eth0 or whatever else interface is configured to request a DHCP lease (this will depend on the distro/container and/or how you have networking configured within it)
On the host bridge you need to enable VLAN filtering and on the bridge carrier interface (e.g. eno1 or bond0) you need to forward VLANs that you want to pass through.

bridge -comp vlan show

port              vlan-id  
bond0             1 PVID Egress Untagged
                  2-4094
br0               1 PVID Egress Untagged
veth29488b58      20 PVID Egress Untagged
vethed412c9d      17 PVID Egress Untagged
veth6cd63b4d      10 PVID Egress Untagged
veth08d083ba      15 PVID Egress Untagged
tap41f90378       1 PVID Egress Untagged
veth579e9941      3 PVID Egress Untagged
veth1eadd650      8 PVID Egress Untagged
vethfbaf0de8      16 PVID Egress Untagged
vethabe0a876      21 PVID Egress Untagged
vethbe6c58df      10 PVID Egress Untagged
tapf418b1e0       1 PVID Egress Untagged

yup

Zerowalker · March 21, 2023, 6:05am

It was the “forward VLANs” part i was missing, allowing the one i am using made it work:)

Thanks!