[lxc-users] LAN for LXD containers (with multiple LXD servers)?

Micky Del Favero micky at mesina.net
Sun Sep 18 11:32:11 UTC 2016


Tomasz Chmielewski <mangoo at wpkg.org> writes:

> While I can imagine setting up many OpenVPN tunnels between all LXD
> servers (LXD1-LXD2, LXD1-LXD3, LXD2-LXD3) and constantly adjusting the
> routes as containers are stopped/started/migrated, it's a bit of a
> management nightmare. And even more so if the number of LXD servers
> grows.
>
> Hints, discussion?

If you use the same subnet for the container as in your example
10.10.10.0/24 there's no routing nightmare, you have only to setup
openvpn in bridge mode and so you'll need only 2 tunnels: LXD1-LXD2 and
LXD2-LXD3, obviously if LXD2 will go offline you'll have a problem.

If you'll have many containers using the same subnet for all will be
impossible so you'll need to managed routing between hosts to be able to
reach every container.

I'm about to design and deploy similar setup: many LXD hosts running
containers that can be started on a hosts and eventually migrated to
another host in the same or in a different datacenter.

I'm thinking not to use the same subnet for all containers but to use a
different subnet for every host, so following your example it will be
like the following:

LXD1: IP 1.2.3.4, Europe    LXD2: IP 2.3.4.5, Asia
container1, 10.10.10.10     container4, 10.10.20.10
container2, 10.10.10.11     container5, 10.10.20.11
container3, 10.10.10.12     container6, 10.10.20.12

LXD3: IP 3.4.5.6, US
container7, 10.10.30.10
container8, 10.10.30.11
container9, 10.10.30.12

on every hosts a dhcp server is use to dynamically configure network on
starting container and, based on container's hostname, to dynamically
update dns servers so containers will be always reachable via hostname.

Routing problem remains, I'll probably choose to deploy some tunnels
between hosts to connect each other, then running an OSPF daemon for
dynamic routing management.

Ciao, Micky
-- 
The sysadmin has all the answers, expecially "No"


More information about the lxc-users mailing list