3

TL:DR How can I make a bridge permanent (survive reboot) without adding a network device to the bridge config in /etc/network/interfaces?

Hi, I just started playing around with lxc on ubuntu 14.04.

The setup I would like to accomplish is, one container with haproxy, one with nginx.

I will dnat external requests via iptables to the haproxy and from there to nginx.

All of the containers will be in their own subnet. Routing/packetfiltering between the containers will be done by the host.

I've managed half of the setup so far.

I created two bridges with brctl and added IPs to the bridges.

br-haproxy: 10.100.0.1/24 br-nginx: 10.100.3.1/24

I then added the respective bridge to the corresponding container via the lxc config.

nginx got br-nginx haproxy got br-haproxy

Then I configured IP addresses in the containers.

haproxy: 10.100.0.10/24 GW 10.100.0.1 nginx: 10.100.3.10/24 GW 10.100.3.1

I was now able to ping between the two containers and so on. I now denied access by setting the forward policy from iptables to deny. I was now able to control traffic between the two containers via iptables.

Ok so far so good. What I now want to achieve is, make the bridges permanent. I added the bridgeconfig to /etc/network/interfaces but since I don't have a network device to add to the bridge I left this part out.

When I now try to initiate the bridge I get an error stating that the device e.g. br-haproxy couldn't be found.

I figured out, that the problem is the missing device in the bridge config. When I add eth0 from the host to the bridge config I can initiate the bridge and it comes up quite nice. But that's not what I need.

LXC dynamically creates and adds the interfaces from the container on startup of the container to the corresponding bridge.

So here comes my question. How can I make the bridges permanent without adding a network device to the bridge on boot?

Hope I made it somewhow clear what the problem is. :-)

Thanks in advance.

Improve this question
2
  • I then added the respective bridge to the corresponding container via the lxc config.: could you please comment on how you did this configuration (I have this exact question pending) Commented Mar 13, 2016 at 18:21
  • Hm, I gues you mean the network config for a lxc container. Here is some sort of template I use. # Network configuration lxc.network.type = veth lxc.network.flags = up lxc.network.name = eth0 lxc.network.link = br-squid lxc.network.ipv4 = 10.100.2.10/24 <-- you need to adjust the ip lxc.network.ipv4.gateway = 10.100.2.1 <-- and here as well lxc.network.hwaddr = 00:16:3e:b4:7d:43 <-- will be created automatically on creation Commented Mar 14, 2016 at 20:31

1 Answer 1

Reset to default
2

What about if you use bridge_ports none to get this working on boot, without the need to add members to this interface?

auto br-haproxy iface br-haproxy inet static bridge_ports none bridge_fd 0 bridge_waitport 0 address 10.100.0.1 netmask 255.255.255.0

bridge_fd and waitport are set to avoid forwarding delay whenever a member port is put online, and avoid delay on waiting a port to be online.

Improve this answer
2
  • Awesome that did the trick. You're the best. Didn't know that there was an argument like "none". Should have thought about that. Works like a charm. Solved. :-) Commented Dec 30, 2015 at 17:34
  • Yeah. I have to crawl through websites to find out this option, that is not documented at all. :P Commented Jan 4, 2016 at 16:22

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.