LXC Macvlan networking

LXC Macvlan networking gets a post of its own because frankly its a bit esoteric and not well documented.

Macvlan basically allows a single physical interface to be associated with multiple IPs and MAC addresses. Macvlan has 4 modes and offers various levels of isolation but we will mainly focus on bridge mode here. You can use macvlan in bridge mode to connect containers or VMs to the host network so they will be on the same layer 2 network as your host.

This is similar to using a direct host bridge but macvlan is supposed to be more efficient than using using a normal bridge. Also keep in mind with macvlan in bridge mode the containers can reach the network and each other but not the host.

Let's create a macvlan bridge on the host and bring it up.

ip link add mvlan0 link eth0 type macvlan mode bridge
ifconfig mvlan0 up

Now you can connect multiple containers to the 'mvlan0' interface and they will get their IPs directly from the router connected to your host or you can assign them static IPs. The network section of the container config file will look like below.

lxc.network.type = macvlan
lxc.network.macvlan.mode = bridge
lxc.network.flags = up
lxc.network.link = mvlan0
lxc.network.name = eth0
lxc.network.hwaddr = 00:16:3e:41:11:65
lxc.network.mtu = 1500

The macvlan mode may be useful for assigning public IPs with specific mac addresses to containers with providers like OVH who insist on this or to experiment with isolation. If you uncomment the 'lxc.network.macvlan.mode = bridge" the containers will be isolated and will not be able to reach other.

Recommended Posts

Leave a Comment


Register | Lost your password?