LXC IP Deconfliction

LXC IP Deconfliction

LXC IP Deconfliction

You may have a scenario where the IP of your LXC VM conflicts with a openvpn connection such as a 10. (Class A setup).  Because LXC uses 10. by default as well we want to move the plumbing.  Here is one way that worked.

lxc network list

After that you can edit it with:

lxc network edit lxcnet

And set it up as:

There are a lot of moving parts here that can make things break:

  • If you notice the - /1.0/profiles/default it is the 'stamp' profile that will assign to created VM's

When we inspect that profile we can see it's back connection to the lxcnet:

lxc profile default edit

parent:lxcnet

Now our VM 'bb' is left in dhcp mode, and it works.

But it didn't.  If you pay close attention the VM is sitting inside the 3. domain and it's bridge is sitting inside the 4. domain.  But it can ping all the way to the 192.168.2 network across this mix of domains.

Fix This!

Inside /etc/default/lxc-net we will also have some default settings:

Now when we start the VM we have corrected settings:

Still questions remain...

lxcbr0 seems to be doing the heavy lifting and the nat - yet at the same time lxcnet is showing it is being used.

Did we find the culprit?

Maybe it seems to be residing in the default profile:

Fixed it!

This actually worked.  

Delete lxcnet, and change profile to have it use lxcbr0

It still served an IP to the VM cleanly was able to ping out and deleted an extraneous bridge.

However another 'gotcha' pops up, because lxcbr0 is no longer managed you can no longer edit it.

The answer was finally revealed -lxc network create makes it managed by default

lxc network create bob

and

lxc network edit bob
Linux Rocks Every Day