radar231.com/docs/posts/lxd-bridged-profile.md

---
hide:
  - navigation
created: 2021-09-26 20:04
updated: 2023-05-03 16:46
tags:
  - LXD
---

# LXD Bridged Profile

## References

* <https://developers.redhat.com/blog/2018/10/22/introduction-to-linux-interfaces-for-virtual-networking#bridge>
* <https://wiki.debian.org/BridgeNetworkConnections>
* <https://linux.die.net/man/8/brctl>
* <https://linux.die.net/man/1/nmcli>
* <https://major.io/2015/03/26/creating-a-bridge-for-virtual-machines-using-systemd-networkd/>
* <https://netplan.io/>
    * <https://netplan.io/examples/#configuring-network-bridges>

## Introduction

When you start using LXD containers, eventually you'll want to have your container appear directly on your main network. By default, LXD sets up a bridge, usually named lxdbr0, that it connects all containers to. This bridge has a DHCP server, and is set up to use NAT for network addressing of containers. This works fine when using containers for testing or development, but when you want to set up a container for production use you'll probably want to set up a bridged profile for your production containers.

I won't go over the many ways of creating network bridges on Linux servers. I've included a few links in the References section with some alternatives. Likely you'll required the bridge-utils package and will have to perform the initial bridge interface creation using brctl.

## Bridged Network Configuration

### Ubuntu

Here's an example of adding a bridge to an Ubuntu server via a netplan configuration. Chances are that if you've been around netplan for a while, you've probably taken the default dhcp netplan configuration and set it up for a static IP.

```
$ cat /etc/netplan/server.yaml

network:
  version: 2
  renderer: networkd
  ethernets:
    enp3s0:
      dhcp4: no
      dhcp6: no

  bridges:
    br0:
      dhcp4: no
      dhcp6: no
      interfaces: [enp3s0]
      addresses: [192.168.7.10/24]
      gateway4: 192.168.7.1
      nameservers:
        addresses:
        - 192.168.7.83
        - 192.168.7.84
      parameters:
        stp: true
        forward-delay: 4
```

### Debian

This is an example configuration as used on a Debian based server.

```
$ cat /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

auto lo enp3s0 br0

iface lo inet loopback
iface enp3s0 inet manual

iface br0 inet static
    dhcp4 no
    dhcp6 no
    bridge_ports enp3s0
    address 192.168.7.10/24
    gateway 192.168.7.1
    dns-nameservers 192.168.7.83 192.168.7.84
    dns-search lan
```

### systemd-network

This is an example configuration for a system using the systemd-networkd networking configuration.

```
$ ls -1 /etc/systemd/network
br0.netdev
br0.network
enp3s0.network

$ cat /etc/systemd/network/enp3s0.network 
[Match]
Name=enp3s0

[Network]
Bridge=br0

$ cat /etc/systemd/network/br0.netdev 
[NetDev]
Name=br0
Kind=bridge

$ cat /etc/systemd/network/br0.network 
[Match]
Name=br0

[Network]
DHCP=false
Address=192.168.20.90/24
Gateway=192.168.20.1
DNS=192.168.20.21
DNS=192.168.20.22
Domains=lan
```

## LXD bridge profile 

Regardless of how you set up a bridge, once you've created it you can then use it in an LXD profile to allow your containers to be directly connected to your main network, rather than the default NAT network.

The way I do this is to create a bridged configuration file first, and then apply it to a newly created profile.

```
$ cat bridged.cnf 
config: {}
description: Profile settings for a bridged container
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: br0
    type: nic
  root:
    path: /
    pool: default
    type: disk
name: bridged
used_by:

$ lxc profile create bridged

$ lxc profile edit bridged <bridged.cnf

$ lxc profile show bridged
config: {}
description: Profile settings for a bridged container
devices:
  eth0:
    name: eth0
    nictype: bridged
    parent: br0
    type: nic
  root:
    path: /
    pool: default
    type: disk
name: bridged
used_by:
```

Once you have a bridged profile created, the next step is to apply it to newly created containers.

```
$ lxc launch images:ubuntu/focal --profile bridged u2004
Creating u2004
Starting u2004                            

$ lxc list
+---------+---------+------------------------------+------+-----------------+-----------+
|  NAME   |  STATE  |             IPV4             | IPV6 |      TYPE       | SNAPSHOTS |
+---------+---------+------------------------------+------+-----------------+-----------+
| u2004   | RUNNING | 192.168.7.126 (eth0)         |      | CONTAINER       | 0         |
+---------+---------+------------------------------+------+-----------------+-----------+
```

Once the container starts up it will have an IP on your main network, supplied by your DHCP server. If required, you can configure a static IP in the same manner as normally performed for the specific distribution in the container.
initial checkin 2023-11-10 20:29:26 -05:00			`---`
			`hide:`
			`- navigation`
			`created: 2021-09-26 20:04`
			`updated: 2023-05-03 16:46`
			`tags:`
			`- LXD`
			`---`

			`# LXD Bridged Profile`

			`## References`

			`* <https://developers.redhat.com/blog/2018/10/22/introduction-to-linux-interfaces-for-virtual-networking#bridge>`
			`* <https://wiki.debian.org/BridgeNetworkConnections>`
			`* <https://linux.die.net/man/8/brctl>`
			`* <https://linux.die.net/man/1/nmcli>`
			`* <https://major.io/2015/03/26/creating-a-bridge-for-virtual-machines-using-systemd-networkd/>`
			`* <https://netplan.io/>`
			`* <https://netplan.io/examples/#configuring-network-bridges>`

			`## Introduction`

			When you start using LXD containers, eventually you'll want to have your container appear directly on your main network. By default, LXD sets up a bridge, usually named lxdbr0, that it connects all containers to. This bridge has a DHCP server, and is set up to use NAT for network addressing of containers. This works fine when using containers for testing or development, but when you want to set up a container for production use you'll probably want to set up a bridged profile for your production containers.

			`I won't go over the many ways of creating network bridges on Linux servers. I've included a few links in the References section with some alternatives. Likely you'll required the bridge-utils package and will have to perform the initial bridge interface creation using brctl.`

			`## Bridged Network Configuration`

			`### Ubuntu`

			`Here's an example of adding a bridge to an Ubuntu server via a netplan configuration. Chances are that if you've been around netplan for a while, you've probably taken the default dhcp netplan configuration and set it up for a static IP.`

			```
			`$ cat /etc/netplan/server.yaml`

			`network:`
			`version: 2`
			`renderer: networkd`
			`ethernets:`
			`enp3s0:`
			`dhcp4: no`
			`dhcp6: no`

			`bridges:`
			`br0:`
			`dhcp4: no`
			`dhcp6: no`
			`interfaces: [enp3s0]`
			`addresses: [192.168.7.10/24]`
			`gateway4: 192.168.7.1`
			`nameservers:`
			`addresses:`
			`- 192.168.7.83`
			`- 192.168.7.84`
			`parameters:`
			`stp: true`
			`forward-delay: 4`
			```

			`### Debian`

			`This is an example configuration as used on a Debian based server.`

			```
			`$ cat /etc/network/interfaces`

			`# This file describes the network interfaces available on your system`
			`# and how to activate them. For more information, see interfaces(5).`

			`source /etc/network/interfaces.d/*`

			`auto lo enp3s0 br0`

			`iface lo inet loopback`
			`iface enp3s0 inet manual`

			`iface br0 inet static`
			`dhcp4 no`
			`dhcp6 no`
			`bridge_ports enp3s0`
			`address 192.168.7.10/24`
			`gateway 192.168.7.1`
			`dns-nameservers 192.168.7.83 192.168.7.84`
			`dns-search lan`
			```

			`### systemd-network`

			`This is an example configuration for a system using the systemd-networkd networking configuration.`

			```
			`$ ls -1 /etc/systemd/network`
			`br0.netdev`
			`br0.network`
			`enp3s0.network`

			`$ cat /etc/systemd/network/enp3s0.network`
			`[Match]`
			`Name=enp3s0`

			`[Network]`
			`Bridge=br0`

			`$ cat /etc/systemd/network/br0.netdev`
			`[NetDev]`
			`Name=br0`
			`Kind=bridge`

			`$ cat /etc/systemd/network/br0.network`
			`[Match]`
			`Name=br0`

			`[Network]`
			`DHCP=false`
			`Address=192.168.20.90/24`
			`Gateway=192.168.20.1`
			`DNS=192.168.20.21`
			`DNS=192.168.20.22`
			`Domains=lan`
			```

			`## LXD bridge profile`

			`Regardless of how you set up a bridge, once you've created it you can then use it in an LXD profile to allow your containers to be directly connected to your main network, rather than the default NAT network.`

			`The way I do this is to create a bridged configuration file first, and then apply it to a newly created profile.`

			```
			`$ cat bridged.cnf`
			`config: {}`
			`description: Profile settings for a bridged container`
			`devices:`
			`eth0:`
			`name: eth0`
			`nictype: bridged`
			`parent: br0`
			`type: nic`
			`root:`
			`path: /`
			`pool: default`
			`type: disk`
			`name: bridged`
			`used_by:`

			`$ lxc profile create bridged`

			`$ lxc profile edit bridged <bridged.cnf`

			`$ lxc profile show bridged`
			`config: {}`
			`description: Profile settings for a bridged container`
			`devices:`
			`eth0:`
			`name: eth0`
			`nictype: bridged`
			`parent: br0`
			`type: nic`
			`root:`
			`path: /`
			`pool: default`
			`type: disk`
			`name: bridged`
			`used_by:`
			```

			`Once you have a bridged profile created, the next step is to apply it to newly created containers.`

			```
			`$ lxc launch images:ubuntu/focal --profile bridged u2004`
			`Creating u2004`
			`Starting u2004`

			`$ lxc list`
			`+---------+---------+------------------------------+------+-----------------+-----------+`
			`\| NAME \| STATE \| IPV4 \| IPV6 \| TYPE \| SNAPSHOTS \|`
			`+---------+---------+------------------------------+------+-----------------+-----------+`
			`\| u2004 \| RUNNING \| 192.168.7.126 (eth0) \| \| CONTAINER \| 0 \|`
			`+---------+---------+------------------------------+------+-----------------+-----------+`
			```

			`Once the container starts up it will have an IP on your main network, supplied by your DHCP server. If required, you can configure a static IP in the same manner as normally performed for the specific distribution in the container.`