<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Fri, Jun 16, 2017 at 5:01 PM, Michel Jansens <span dir="ltr"><<a href="mailto:michel.jansens@ulb.ac.be" target="_blank">michel.jansens@ulb.ac.be</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word">Thanks a lot Stéphane for this information,<div><br></div><div>I succeeded in attaching a bridge device from a specific vlan following your advise from <a href="https://github.com/lxc/lxd/issues/2551" target="_blank">https://github.com/lxc/<wbr>lxd/issues/2551</a></div><div>command I used is: <span style="font-family:Monaco;font-size:10px;background-color:rgb(255,255,255)">lxc config device add welcome-lemur eth1 nic nictype=macvlan parent=brvlan3904 name=eth1</span></div><div><span style="font-family:Monaco;font-size:10px;background-color:rgb(255,255,255)"><br></span></div><div>In /etc/network/interfaces I added:</div><div><br></div><div><div style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;background-color:rgb(255,255,255)"><span style="font-variant-ligatures:no-common-ligatures">#vlan 3904 interface on enp1s0f0</span></div><div style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;background-color:rgb(255,255,255)"><span style="font-variant-ligatures:no-common-ligatures">auto vlan3904</span></div><div style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;background-color:rgb(255,255,255)"><span style="font-variant-ligatures:no-common-ligatures">iface vlan3904 inet manual</span></div><div style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;background-color:rgb(255,255,255)"><span style="font-variant-ligatures:no-common-ligatures">        vlan_raw_device enp1s0f0</span></div></div><div style="margin:0px;line-height:normal;background-color:rgb(255,255,255)"><span style="font-variant-ligatures:no-common-ligatures"><div style="font-family:Monaco;font-size:10px;margin:0px;line-height:normal"><span style="font-variant-ligatures:no-common-ligatures">#add a bridge for vlan3904</span></div><div style="font-family:Monaco;font-size:10px;margin:0px;line-height:normal"><span style="font-variant-ligatures:no-common-ligatures">auto brvlan3904</span></div><div style="font-family:Monaco;font-size:10px;margin:0px;line-height:normal"><span style="font-variant-ligatures:no-common-ligatures">iface  brvlan3904 inet  manual</span></div><div style="font-family:Monaco;font-size:10px;margin:0px;line-height:normal"><span style="font-variant-ligatures:no-common-ligatures">       bridge_ports vlan3904</span></div><div style="font-family:Monaco;font-size:10px"><span style="font-variant-ligatures:no-common-ligatures"><br></span></div><div style="font-family:Monaco;font-size:10px"><span style="font-family:Helvetica;font-size:12px"><br></span></div><div>I managed to add the brvlan3904 to multiple containers, but this doesn’t create an interface for each container in the brvlan3904 bridge, </div></span></div></div></blockquote><div><br></div><div><br></div><div>That's what macvlan does. It works for some usecase (and can be easier, since you DON'T need to create a bridge), but can cause some problems (e.g. host can't connect to container's macvlan interface).</div><div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="word-wrap:break-word"><div style="margin:0px;line-height:normal;background-color:rgb(255,255,255)"><span style="font-variant-ligatures:no-common-ligatures"><div>and I don’t know what the security consequences are… </div><div>Is This OK like this?</div><div style="font-family:Monaco;font-size:10px"><span style="font-family:Helvetica;font-size:12px"><br></span></div><div style="font-family:Monaco;font-size:10px"><span style="font-family:Helvetica;font-size:12px"><br></span></div></span></div><div>Alternatively, to mimic how lxc br0 bridge looks (one interface for each container with vethXXXXXX like names), I tried to add more ports to the bridge,with dummy interfaces: </div><div><br></div><div><div style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;background-color:rgb(255,255,255)"><span style="font-variant-ligatures:no-common-ligatures">ip link add welcomelemur type dummy</span></div></div><div style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;background-color:rgb(255,255,255)"><span style="font-variant-ligatures:no-common-ligatures">brctl addif brvlan3904 welcomelemur</span></div><div style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;background-color:rgb(255,255,255)"><span style="font-variant-ligatures:no-common-ligatures">ifconfig welcomelemur up</span></div><div style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;background-color:rgb(255,255,255)"><span style="font-variant-ligatures:no-common-ligatures">lxc config device add welcome-lemur eth1 nic nictype=macvlan parent=brvlan3904 name=eth1</span></div><div style="margin:0px;font-size:10px;line-height:normal;font-family:Monaco;background-color:rgb(255,255,255)"><span style="font-variant-ligatures:no-common-ligatures"><span style="font-family:Helvetica;font-size:12px"><br></span></span></div><div style="margin:0px;line-height:normal;background-color:rgb(255,255,255)"><span style="font-variant-ligatures:no-common-ligatures">But this gave me: </span><span style="font-family:Monaco;font-size:10px">error: Failed to create the new macvlan interface: exit status 2</span></div><div>I tried using nictype=veth instead of mtacvlan but got '<span style="font-family:Monaco;font-size:10px;background-color:rgb(255,255,255)">error: Bad nic type: veth</span><font face="Monaco" size="2">’</font> </div><div><br></div><div>How should I do this properly?</div><div><br></div></div></blockquote><div><br></div><div><br></div><div>Did you want "nictype=bridged"?</div><div><br></div><div><a href="https://github.com/lxc/lxd/blob/master/doc/containers.md#type-nic">https://github.com/lxc/lxd/blob/master/doc/containers.md#type-nic</a><br></div><div><br></div><div>-- </div><div>Fajar</div></div></div></div>