LXD Network Overview¶
LXC vs LXD¶
- LXC - Low-level container runtime
- LXD - High-level management layer for LXC
- This guide focuses on LXD (the common way to use LXC)
Network Types¶
Managed Bridge (Default)¶
LXD manages a bridge with NAT:
┌─────────────────────────────────────────────────────────────┐
│ Host │
│ │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ lxdbr0 bridge │ │
│ │ 10.10.10.1/24 │ │
│ │ (managed by LXD) │ │
│ │ │ │
│ │ ┌────────┐ ┌────────┐ │ │
│ │ │ veth0 │ │ veth1 │ │ │
│ └────┴───┬────┴──┴───┬────┴───────────────────────────┘ │
│ │ │ │
│ ┌────────▼────────┐ ┌▼───────────────┐ │
│ │ Container 1 │ │ Container 2 │ │
│ │ 10.10.10.10 │ │ 10.10.10.11 │ │
│ └─────────────────┘ └────────────────┘ │
│ │
│ eth0 ─────────────────────────────────▶ Internet │
│ NAT: 10.10.10.0/24 masquerade │
└─────────────────────────────────────────────────────────────┘
External Bridge¶
Using a pre-existing bridge:
macvlan¶
Direct network access with separate MAC:
Physical NIC¶
Dedicated NIC for container:
Initial Setup¶
Install LXD¶
Default Network Configuration¶
During lxd init:
Would you like to create a new local network bridge? (yes/no) [default=yes]: yes
What should the new bridge be called? [default=lxdbr0]: lxdbr0
What IPv4 address should be used? (CIDR subnet notation, "auto" or "none") [default=auto]: auto
What IPv6 address should be used? (CIDR subnet notation, "auto" or "none") [default=auto]: none
View Network¶
config:
ipv4.address: 10.10.10.1/24
ipv4.nat: "true"
ipv6.address: none
description: ""
name: lxdbr0
type: bridge
managed: true
status: Created
Managing Networks¶
Create Network¶
# Managed bridge
lxc network create mynet
# With specific config
lxc network create mynet \
ipv4.address=10.20.0.1/24 \
ipv4.nat=true \
ipv6.address=none
Edit Network¶
# Interactive edit
lxc network edit lxdbr0
# Set specific option
lxc network set lxdbr0 ipv4.address 10.10.10.1/24
Delete Network¶
Network Options¶
IPv4 Configuration¶
lxc network set lxdbr0 ipv4.address 10.10.10.1/24
lxc network set lxdbr0 ipv4.nat true
lxc network set lxdbr0 ipv4.dhcp true
lxc network set lxdbr0 ipv4.dhcp.ranges 10.10.10.100-10.10.10.200
DNS Configuration¶
Firewall¶
# Enable LXD firewall management
lxc network set lxdbr0 ipv4.firewall true
# Or disable (manage manually)
lxc network set lxdbr0 ipv4.firewall false
Container Network Configuration¶
Attach to Network¶
# At creation
lxc launch ubuntu:22.04 mycontainer --network lxdbr0
# Or add device
lxc network attach lxdbr0 mycontainer eth0
Static IP¶
Multiple NICs¶
Profiles¶
Default Profile¶
config: {}
description: Default LXD profile
devices:
eth0:
name: eth0
network: lxdbr0
type: nic
root:
path: /
pool: default
type: disk
name: default
Custom Profile¶
# Create profile
lxc profile create isolated
# Add network device
lxc profile device add isolated eth0 nic network=isolated-net
# Apply to container
lxc profile add mycontainer isolated
Proxy Devices¶
Expose container ports via host.
TCP Proxy¶
# Forward host:8080 to container:80
lxc config device add mycontainer myproxy proxy \
listen=tcp:0.0.0.0:8080 \
connect=tcp:127.0.0.1:80
With bind=host¶
# Proxy runs on host (UFW applies!)
lxc config device add mycontainer myproxy proxy \
listen=tcp:0.0.0.0:8080 \
connect=tcp:127.0.0.1:80 \
bind=host
Remove Proxy¶
DNS Resolution¶
Container to Container¶
Containers can resolve each other by name:
From Host¶
Troubleshooting¶
Container Has No Network¶
# Check container's devices
lxc config show mycontainer | grep -A5 devices
# Check network is running
lxc network list
# Check in container
lxc exec mycontainer -- ip addr
lxc exec mycontainer -- ip route