Post by JÃ¤kel, Guido
you'll know that a bridge acts at network layer 2, i.e. dealing just with the MACs.
In the typical usecase you want to bridge the hosts outside network to
the containers. To archive this, you attach the hostside of the
containers virtual NICs (which you can imagine as a "short wire" between
the namespaces) to the bridge and also the hosts real NIC. While
attaching to the bridge, the NICs are switches to "promiscuous mode",
i.e. they don't care of matching IP addresses at layer 3 and accept any
But now, how to connect the host with the outerworld, where to place the
hosts layer 3 config? That's why you put this parameter set to the Linux
software bridge: To act as an outgoing device of the hosts "IP stack".
If you leave this empty, the bridge is isolated from the host. If you
don't attach a physical NIC to the bridge, it's isolated from the outer
From that Serge suggested to instanciate a bridge, attach the parties to
it (layer 2) and choose some adequate layer3 network configuration to
route IP traffic between them.
BTW: If you're dealing with VLANs, you may "first" attach vlan devices to
your physical NIC on a trunk and "then" attach a couple of bridges to
this vlan devices. This will allow you to host isolated sets of
containers in different VLAN's, e.g. for staging purposes.
From: lxc-users [mailto:lxc-users-bounces at lists.linuxcontainers.org] On
Behalf Of Anjali Kulkarni
Sent: Wednesday, August 13, 2014 7:40 PM
To: LXC users mailing-list
Subject: Re: [lxc-users] Cannot create a macvlan private bridge on lx
Yes, but does this not go through the host? That is, the host's
eth0(management) has to be in this bridge? I want to be able to create
multiple such bridges, so I cannot add the eth0 of host to every such
This works already, I want a "private" bridge between VM and container,
which does not go through the host.
lxc-users mailing list
lxc-users at lists.linuxcontainers.org