[lxc-users] Ubuntu container IP address

Guido Jäkel G.Jaekel at DNB.DE
Thu Nov 19 21:24:07 UTC 2015 

On 19.11.2015 21:42, Robert Koretsky wrote:
> I have successfully installed and created/started an LXC  container on
> Ubuntu 15.10, but cannot get it to be visible on my home network. I do an
> ifconfig on both the host and in the container, and see the IPv4 address of
> lxcbr0 as 10.0.3.1, but after reading many, many convoluted and complex
> references, cannot figure out how to get my router to assign the container
> an IP address, like 192.168.0.20 say, that is accessible from my home
> network. One of these references even had a 100-line long bash script to
> totally reconfigure iptables, and I'm not even sure if that would have
> accomplished even part of what I wanted!
> 

Dear Robert,

a bridge is a layer 2 device and need no IP. In the case of the Linux software bride, this bridge is attached to a physical NIC of the LXC host and this NIC is switched into layer 2 mode with this, too. This figuratively means, that the "layer 2 input connector" of the TCP stack of the host now disconnected from the NIC and may be reconnected to a "special port" on the bridge by assigning the layer 3 information (IP,netmask,...) to the bridge device instead of the former used NIC.

If your PC got the IP configuration information for (say) eth0 via DHCP, now you have to re-configure it to let the bridge device for it because any IP configuration on eth0 is useless in that case. At this step, your host should act as before.

Now, if you want to let your router assign an IP address to a container, you need to configure the container to use DHCP. If you want to have a non-changing IP, you have to setup your container configuration to use a non-changing MAC. And maybe to configure your router in a to announce fixed IP addresses for specific MACs instead of a pool. This happens inside the container; it uses a software NIC (veth) on the L2 bottom of it's TCP stack. The containers veths layer 1 facility is a virtual wire and by the help of the lxc starter, it is connected with another veth created on the LXC host. The layer 2 of this veth is attached to the bridge.

If your other PCs, the LXC host and the containers all get an IP out of the same subnet like 192.168.0/24, they were able to communicate to each other as requested.


@Others: I hope this picture is a reasonable compromise between a educational sketch and the reality in deep. Because -- as like as all other features what build up in sum the phenotype we call "Container" -- in the genotype, we have one namespaced TCP stack and not a stack per namespace.


greetings 

Guido

More information about the lxc-users mailing list