Type: `nic`¶

Note

The nic device type is supported for both containers and VMs.

NICs support hotplugging for both containers and VMs (with the exception of the ipvlan NIC type).

Network devices, also referred to as Network Interface Controllers or NICs, supply a connection to a network. LXD supports several different types of network devices (NIC types).

`nictype` vs. `network`¶

When adding a network device to an instance, there are two methods to specify the type of device that you want to add: through the nictype device option or the network device option.

These two device options are mutually exclusive, and you can specify only one of them when you create a device. However, note that when you specify the network option, the nictype option is derived automatically from the network type.

nictype

When using the nictype device option, you can specify a network interface that is not controlled by LXD. Therefore, you must specify all information that LXD needs to use the network interface.

When using this method, the nictype option must be specified when creating the device, and it cannot be changed later.

network

When using the network device option, the NIC is linked to an existing managed network. In this case, LXD has all required information about the network, and you need to specify only the network name when adding the device.

When using this method, LXD derives the nictype option automatically. The value is read-only and cannot be changed.

Other device options that are inherited from the network are marked with a “yes” in the “Managed” field of the NIC-specific device options. You cannot customize these options directly for the NIC if you’re using the network method.

See About networking for more information.

Available NIC types¶

The following NICs can be added using the nictype or network options:

bridged: Uses an existing bridge on the host and creates a virtual device pair to connect the host bridge to the instance.
macvlan: Sets up a new network device based on an existing one, but using a different MAC address.
sriov: Passes a virtual function of an SR-IOV-enabled physical network device into the instance.
physical: Passes a physical device from the host through to the instance. The targeted device will vanish from the host and appear in the instance.

The following NICs can be added using only the network option:

ovn: Uses an existing OVN network and creates a virtual device pair to connect the instance to it.

The following NICs can be added using only the nictype option:

ipvlan: Sets up a new network device based on an existing one, using the same MAC address but a different IP.
p2p: Creates a virtual device pair, putting one side in the instance and leaving the other side on the host.
routed: Creates a virtual device pair to connect the host to the instance and sets up static routes and proxy ARP/NDP entries to allow the instance to join the network of a designated parent interface.

The available device options depend on the NIC type and are listed in the following sections.

`nictype`: `bridged`¶

Note

You can select this NIC type through the nictype option or the network option (see Bridge network for information about the managed bridge network).

A bridged NIC uses an existing bridge on the host and creates a virtual device pair to connect the host bridge to the instance.

Device options¶

NIC devices of type bridged have the following device options:

boot.priority

Boot priority for VMs

Key:	`boot.priority`
Type:	integer
Managed:	no

A higher value for this option means that the VM boots first.

host_name

Name of the interface inside the host

Key:	`host_name`
Type:	string
Default:	randomly assigned
Managed:	no

hwaddr

MAC address of the new interface

Key:	`hwaddr`
Type:	string
Default:	randomly assigned
Managed:	no

ipv4.address

IPv4 address to assign to the instance through DHCP

Key:	`ipv4.address`
Type:	string
Managed:	no

Set this option to none to restrict all IPv4 traffic when security.ipv4_filtering is set.

ipv4.routes

IPv4 static routes for the NIC to add on the host

Key:	`ipv4.routes`
Type:	string
Managed:	no

Specify a comma-delimited list of IPv4 static routes for this NIC to add on the host.

ipv4.routes.external

IPv4 static routes to route to NIC

Key:	`ipv4.routes.external`
Type:	string
Managed:	no

Specify a comma-delimited list of IPv4 static routes to route to the NIC and publish on the uplink network (BGP).

ipv6.address

IPv6 address to assign to the instance through DHCP

Key:	`ipv6.address`
Type:	string
Managed:	no

Set this option to none to restrict all IPv6 traffic when security.ipv6_filtering is set.

ipv6.routes

IPv6 static routes for the NIC to add on the host

Key:	`ipv6.routes`
Type:	string
Managed:	no

Specify a comma-delimited list of IPv6 static routes for this NIC to add on the host.

ipv6.routes.external

IPv6 static routes to route to NIC

Key:	`ipv6.routes.external`
Type:	string
Managed:	no

Specify a comma-delimited list of IPv6 static routes to route to the NIC and publish on the uplink network (BGP).

limits.egress

I/O limit for outgoing traffic

Key:	`limits.egress`
Type:	string
Managed:	no

Specify the limit in bit/s. Various suffixes are supported (see Units for storage and network limits).

limits.ingress

I/O limit for incoming traffic

Key:	`limits.ingress`
Type:	string
Managed:	no

Specify the limit in bit/s. Various suffixes are supported (see Units for storage and network limits).

limits.max

I/O limit for both incoming and outgoing traffic

Key:	`limits.max`
Type:	string
Managed:	no

This option is the same as setting both limits.ingress and limits.egress.

Specify the limit in bit/s. Various suffixes are supported (see Units for storage and network limits).

limits.priority

skb->priority value for outgoing traffic

Key:	`limits.priority`
Type:	integer
Managed:	no

The skb->priority value for outgoing traffic is used by the kernel queuing discipline (qdisc) to prioritize network packets. Specify the value as a 32-bit unsigned integer.

The effect of this value depends on the particular qdisc implementation, for example, SKBPRIO or QFQ. Consult the kernel qdisc documentation before setting this value.

maas.subnet.ipv4

MAAS IPv4 subnet to register the instance in

Key:	`maas.subnet.ipv4`
Type:	string
Managed:	yes

maas.subnet.ipv6

MAAS IPv6 subnet to register the instance in

Key:	`maas.subnet.ipv6`
Type:	string
Managed:	yes

mtu

MTU of the new interface

Key:	`mtu`
Type:	integer
Default:	parent MTU
Managed:	yes

name

Name of the interface inside the instance

Key:	`name`
Type:	string
Default:	kernel assigned
Managed:	no

network

Managed network to link the device to

Key:	`network`
Type:	string
Managed:	no

You can specify this option instead of specifying the nictype directly.

parent

Name of the host device

Key:	`parent`
Type:	string
Managed:	yes
Required:	if specifying the `nictype` directly

queue.tx.length

Transmit queue length for the NIC

Key:	`queue.tx.length`
Type:	integer
Managed:	no

security.ipv4_filtering

Whether to prevent the instance from spoofing an IPv4 address

Key:	`security.ipv4_filtering`
Type:	bool
Default:	`false`
Managed:	no

Set this option to true to prevent the instance from spoofing another instance’s IPv4 address. This option enables security.mac_filtering.

security.ipv6_filtering

Whether to prevent the instance from spoofing an IPv6 address

Key:	`security.ipv6_filtering`
Type:	bool
Default:	`false`
Managed:	no

Set this option to true to prevent the instance from spoofing another instance’s IPv6 address. This option enables security.mac_filtering.

security.mac_filtering

Whether to prevent the instance from spoofing a MAC address

Key:	`security.mac_filtering`
Type:	bool
Default:	`false`
Managed:	no

Set this option to true to prevent the instance from spoofing another instance’s MAC address.

security.port_isolation

Whether to respect port isolation

Key:	`security.port_isolation`
Type:	bool
Default:	`false`
Managed:	no

Set this option to true to prevent the NIC from communicating with other NICs in the network that have port isolation enabled.

vlan

VLAN ID to use for non-tagged traffic

Key:	`vlan`
Type:	integer
Managed:	no

Set this option to none to remove the port from the default VLAN.

vlan.tagged

VLAN IDs or VLAN ranges to join for tagged traffic

Key:	`vlan.tagged`
Type:	integer
Managed:	no

Specify the VLAN IDs or ranges as a comma-delimited list.

Configuration examples¶

Add a bridged network device to an instance, connecting to a LXD managed network:

lxc network create <network_name> --type=bridge
lxc config device add <instance_name> <device_name> nic network=<network_name>

Note that bridge is the type when creating a managed bridge network, while the device nictype that is required when connecting to an unmanaged bridge is bridged.

Add a bridged network device to an instance, connecting to an existing bridge interface with nictype:

lxc config device add <instance_name> <device_name> nic nictype=bridged parent=<existing_bridge>

See How to create a network and Configure devices for more information.

`nictype`: `macvlan`¶

Note

You can select this NIC type through the nictype option or the network option (see Macvlan network for information about the managed macvlan network).

A macvlan NIC sets up a new network device based on an existing one, but using a different MAC address.

If you are using a macvlan NIC, communication between the LXD host and the instances is not possible. Both the host and the instances can talk to the gateway, but they cannot communicate directly.

Device options¶

NIC devices of type macvlan have the following device options:

boot.priority

Boot priority for VMs

Key:	`boot.priority`
Type:	integer
Managed:	no

A higher value for this option means that the VM boots first.

gvrp

Whether to use GARP VLAN Registration Protocol

Key:	`gvrp`
Type:	bool
Default:	`false`
Managed:	no

This option specifies whether to register the VLAN using the GARP VLAN Registration Protocol.

hwaddr

MAC address of the new interface

Key:	`hwaddr`
Type:	string
Default:	randomly assigned
Managed:	no

maas.subnet.ipv4

MAAS IPv4 subnet to register the instance in

Key:	`maas.subnet.ipv4`
Type:	string
Managed:	yes

maas.subnet.ipv6

MAAS IPv6 subnet to register the instance in

Key:	`maas.subnet.ipv6`
Type:	string
Managed:	yes

mtu

MTU of the new interface

Key:	`mtu`
Type:	integer
Default:	parent MTU
Managed:	yes

name

Name of the interface inside the instance

Key:	`name`
Type:	string
Default:	kernel assigned
Managed:	no

network

Managed network to link the device to

Key:	`network`
Type:	string
Managed:	no

You can specify this option instead of specifying the nictype directly.

parent

Name of the host device

Key:	`parent`
Type:	string
Managed:	yes
Required:	if specifying the `nictype` directly

vlan

VLAN ID to attach to

Key:	`vlan`
Type:	integer
Managed:	no

Configuration examples¶

Add a macvlan network device to an instance, connecting to a LXD managed network:

lxc network create <network_name> --type=macvlan parent=<existing_NIC>
lxc config device add <instance_name> <device_name> nic network=<network_name>

Add a macvlan network device to an instance, connecting to an existing network interface with nictype:

lxc config device add <instance_name> <device_name> nic nictype=macvlan parent=<existing_NIC>

See How to create a network and Configure devices for more information.

`nictype`: `sriov`¶

Note

You can select this NIC type through the nictype option or the network option (see SR-IOV network for information about the managed sriov network).

An sriov NIC passes a virtual function of an SR-IOV-enabled physical network device into the instance.

An SR-IOV-enabled network device associates a set of virtual functions (VFs) with the single physical function (PF) of the network device. PFs are standard PCIe functions. VFs, on the other hand, are very lightweight PCIe functions that are optimized for data movement. They come with a limited set of configuration capabilities to prevent changing properties of the PF.

Given that VFs appear as regular PCIe devices to the system, they can be passed to instances just like a regular physical device.

VF allocation

The sriov interface type expects to be passed the name of an SR-IOV enabled network device on the system via the parent property. LXD then checks for any available VFs on the system.

By default, LXD allocates the first free VF it finds. If it detects that either none are enabled or all currently enabled VFs are in use, it bumps the number of supported VFs to the maximum value and uses the first free VF. If all possible VFs are in use or the kernel or card doesn’t support incrementing the number of VFs, LXD returns an error.

Note

If you need LXD to use a specific VF, use a physical NIC instead of a sriov NIC and set its parent option to the VF name.

Device options¶

NIC devices of type sriov have the following device options:

boot.priority

Boot priority for VMs

Key:	`boot.priority`
Type:	integer
Managed:	no

A higher value for this option means that the VM boots first.

hwaddr

MAC address of the new interface

Key:	`hwaddr`
Type:	string
Default:	randomly assigned
Managed:	no

maas.subnet.ipv4

MAAS IPv4 subnet to register the instance in

Key:	`maas.subnet.ipv4`
Type:	string
Managed:	yes

maas.subnet.ipv6

MAAS IPv6 subnet to register the instance in

Key:	`maas.subnet.ipv6`
Type:	string
Managed:	yes

mtu

MTU of the new interface

Key:	`mtu`
Type:	integer
Default:	kernel assigned
Managed:	yes

name

Name of the interface inside the instance

Key:	`name`
Type:	string
Default:	kernel assigned
Managed:	no

network

Managed network to link the device to

Key:	`network`
Type:	string
Managed:	no

You can specify this option instead of specifying the nictype directly.

parent

Name of the host device

Key:	`parent`
Type:	string
Managed:	yes
Required:	if specifying the `nictype` directly

security.mac_filtering

Whether to prevent the instance from spoofing a MAC address

Key:	`security.mac_filtering`
Type:	bool
Default:	`false`
Managed:	no

Set this option to true to prevent the instance from spoofing another instance’s MAC address.

vlan

VLAN ID to attach to

Key:	`vlan`
Type:	integer
Managed:	no

Configuration examples¶

Add a sriov network device to an instance, connecting to a LXD managed network:

lxc network create <network_name> --type=sriov parent=<sriov_enabled_NIC>
lxc config device add <instance_name> <device_name> nic network=<network_name>

Add a sriov network device to an instance, connecting to an existing SR-IOV-enabled interface with nictype:

lxc config device add <instance_name> <device_name> nic nictype=sriov parent=<sriov_enabled_NIC>

See How to create a network and Configure devices for more information.

`nictype`: `physical`¶

Note

You can select this NIC type through the nictype option or the network option (see Physical network for information about the managed physical network).
You can have only one physical NIC for each parent device.

A physical NIC provides straight physical device pass-through from the host. The targeted device will vanish from the host and appear in the instance (which means that you can have only one physical NIC for each targeted device).

Device options¶

NIC devices of type physical have the following device options:

boot.priority

Boot priority for VMs

Key:	`boot.priority`
Type:	integer
Managed:	no

A higher value for this option means that the VM boots first.

gvrp

Whether to use GARP VLAN Registration Protocol

Key:	`gvrp`
Type:	bool
Default:	`false`
Managed:	no

This option specifies whether to register the VLAN using the GARP VLAN Registration Protocol.

hwaddr

MAC address of the new interface

Key:	`hwaddr`
Type:	string
Default:	randomly assigned
Managed:	no

maas.subnet.ipv4

MAAS IPv4 subnet to register the instance in

Key:	`maas.subnet.ipv4`
Type:	string
Managed:	no

maas.subnet.ipv6

MAAS IPv6 subnet to register the instance in

Key:	`maas.subnet.ipv6`
Type:	string
Managed:	no

mtu

MTU of the new interface

Key:	`mtu`
Type:	integer
Default:	parent MTU
Managed:	no

name

Name of the interface inside the instance

Key:	`name`
Type:	string
Default:	kernel assigned
Managed:	no

network

Managed network to link the device to

Key:	`network`
Type:	string
Managed:	no

You can specify this option instead of specifying the nictype directly.

parent

Name of the host device

Key:	`parent`
Type:	string
Managed:	yes
Required:	if specifying the `nictype` directly

vlan

VLAN ID to attach to

Key:	`vlan`
Type:	integer
Managed:	no

Configuration examples¶

Add a physical network device to an instance, connecting to an existing physical network interface with nictype:

lxc config device add <instance_name> <device_name> nic nictype=physical parent=<physical_NIC>

Adding a physical network device to an instance using a managed network is not possible, because the physical managed network type is intended to be used only with OVN networks.

See Configure devices for more information.

`nictype`: `ovn`¶

Note

You can select this NIC type only through the network option (see OVN network for information about the managed ovn network).

An ovn NIC uses an existing OVN network and creates a virtual device pair to connect the instance to it.

SR-IOV hardware acceleration

To use acceleration=sriov, you must have a compatible SR-IOV physical NIC that supports the Ethernet switch device driver model (switchdev) in your LXD host. LXD assumes that the physical NIC (PF) is configured in switchdev mode and connected to the OVN integration OVS bridge, and that it has one or more virtual functions (VFs) active.

To achieve this, follow these basic prerequisite setup steps:

Set up PF and VF:

Activate some VFs on PF (called enp9s0f0np0 in the following example, with a PCI address of 0000:09:00.0) and unbind them.
Enable switchdev mode and hw-tc-offload on the PF.
Rebind the VFs.

echo 4 > /sys/bus/pci/devices/0000:09:00.0/sriov_numvfs
for i in $(lspci -nnn | grep "Virtual Function" | cut -d' ' -f1); do echo 0000:$i > /sys/bus/pci/drivers/mlx5_core/unbind; done
devlink dev eswitch set pci/0000:09:00.0 mode switchdev
ethtool -K enp9s0f0np0 hw-tc-offload on
for i in $(lspci -nnn | grep "Virtual Function" | cut -d' ' -f1); do echo 0000:$i > /sys/bus/pci/drivers/mlx5_core/bind; done

Set up OVS by enabling hardware offload and adding the PF NIC to the integration bridge (normally called br-int):

ovs-vsctl set open_vswitch . other_config:hw-offload=true
systemctl restart openvswitch-switch
ovs-vsctl add-port br-int enp9s0f0np0
ip link set enp9s0f0np0 up

VDPA hardware acceleration

To use acceleration=vdpa, you must have a compatible VDPA physical NIC. The setup is the same as for SR-IOV hardware acceleration, except that you must also enable the vhost_vdpa module and check that you have some available VDPA management devices :

modprobe vhost_vdpa && vdpa mgmtdev show

Device options¶

NIC devices of type ovn have the following device options:

acceleration

Enable hardware offloading

Key:	`acceleration`
Type:	string
Default:	`none`
Managed:	no

Possible values are none, sriov, or vdpa. See SR-IOV hardware acceleration for more information.

boot.priority

Boot priority for VMs

Key:	`boot.priority`
Type:	integer
Managed:	no

A higher value for this option means that the VM boots first.

host_name

Name of the interface inside the host

Key:	`host_name`
Type:	string
Default:	randomly assigned
Managed:	no

hwaddr

MAC address of the new interface

Key:	`hwaddr`
Type:	string
Default:	randomly assigned
Managed:	no

ipv4.address

IPv4 address to assign to the instance through DHCP

Key:	`ipv4.address`
Type:	string
Managed:	no

ipv4.routes

IPv4 static routes to route for the NIC

Key:	`ipv4.routes`
Type:	string
Managed:	no

Specify a comma-delimited list of IPv4 static routes to route for this NIC.

ipv4.routes.external

IPv4 static routes to route to NIC

Key:	`ipv4.routes.external`
Type:	string
Managed:	no

Specify a comma-delimited list of IPv4 static routes to route to the NIC and publish on the uplink network.

ipv6.address

IPv6 address to assign to the instance through DHCP

Key:	`ipv6.address`
Type:	string
Managed:	no

ipv6.routes

IPv6 static routes to route to the NIC

Key:	`ipv6.routes`
Type:	string
Managed:	no

Specify a comma-delimited list of IPv6 static routes to route to the NIC.

ipv6.routes.external

IPv6 static routes to route to NIC

Key:	`ipv6.routes.external`
Type:	string
Managed:	no

Specify a comma-delimited list of IPv6 static routes to route to the NIC and publish on the uplink network.

name

Name of the interface inside the instance

Key:	`name`
Type:	string
Default:	kernel assigned
Managed:	no

nested

Parent NIC name to nest this NIC under

Key:	`nested`
Type:	string
Managed:	no

Configuration examples¶

An ovn network device must be added using a managed network. To do so:

lxc network create <network_name> --type=ovn network=<parent_network>
lxc config device add <instance_name> <device_name> nic network=<network_name>

See How to set up OVN with LXD for full instructions, and How to create a network and Configure devices for more information.

`nictype`: `ipvlan`¶

Note

This NIC type is available only for containers, not for virtual machines.
You can select this NIC type only through the nictype option.
This NIC type does not support hotplugging.

An ipvlan NIC sets up a new network device based on an existing one, using the same MAC address but a different IP.

If you are using an ipvlan NIC, communication between the LXD host and the instances is not possible. Both the host and the instances can talk to the gateway, but they cannot communicate directly.

LXD currently supports IPVLAN in L2 and L3S mode. In this mode, the gateway is automatically set by LXD, but the IP addresses must be manually specified using the ipv4.address and/or ipv6.address options before the container is started.

DNS

The name servers must be configured inside the container, because they are not set automatically. To do this, set the following sysctls:

When using IPv4 addresses:
```
net.ipv4.conf.<parent>.forwarding=1
```

When using IPv6 addresses:

net.ipv6.conf.<parent>.forwarding=1
net.ipv6.conf.<parent>.proxy_ndp=1

Device options¶

NIC devices of type ipvlan have the following device options:

gvrp

Whether to use GARP VLAN Registration Protocol

Key:	`gvrp`
Type:	bool
Default:	`false`

This option specifies whether to register the VLAN using the GARP VLAN Registration Protocol.

hwaddr

MAC address of the new interface

Key:	`hwaddr`
Type:	string
Default:	randomly assigned

ipv4.address

IPv4 static addresses to add to the instance

Key:	`ipv4.address`
Type:	string

Specify a comma-delimited list of IPv4 static addresses to add to the instance. In l2 mode, you can specify them as CIDR values or singular addresses using a subnet of /24.

ipv4.gateway

IPv4 gateway

Key:	`ipv4.gateway`
Type:	string
Default:	`auto` (`l3s`), `-` (`l2`)

In l3s mode, the option specifies whether to add an automatic default IPv4 gateway. Possible values are auto and none.

In l2 mode, this option specifies the IPv4 address of the gateway.

ipv4.host_table

Custom policy routing table ID to add IPv4 static routes to

Key:	`ipv4.host_table`
Type:	integer

The custom policy routing table is in addition to the main routing table.

ipv6.address

IPv6 static addresses to add to the instance

Key:	`ipv6.address`
Type:	string

Specify a comma-delimited list of IPv6 static addresses to add to the instance. In l2 mode, you can specify them as CIDR values or singular addresses using a subnet of /64.

ipv6.gateway

IPv6 gateway

Key:	`ipv6.gateway`
Type:	string
Default:	`auto` (`l3s`), `-` (`l2`)

In l3s mode, the option specifies whether to add an automatic default IPv6 gateway. Possible values are auto and none.

In l2 mode, this option specifies the IPv6 address of the gateway.

ipv6.host_table

Custom policy routing table ID to add IPv6 static routes to

Key:	`ipv6.host_table`
Type:	integer

The custom policy routing table is in addition to the main routing table.

mode

IPVLAN mode

Key:	`mode`
Type:	string
Default:	`l3s`

Possible values are l2 and l3s.

mtu

The MTU of the new interface

Key:	`mtu`
Type:	integer
Default:	parent MTU

name

Name of the interface inside the instance

Key:	`name`
Type:	string
Default:	kernel assigned

parent

Name of the host device

Key:	`parent`
Type:	string
Required:	yes

vlan

VLAN ID to attach to

Key:	`vlan`
Type:	integer

Configuration examples¶

Add an ipvlan network device to an instance, connecting to an existing network interface with nictype:

lxc stop <instance_name>
lxc config device add <instance_name> <device_name> nic nictype=ipvlan parent=<existing_NIC>

Adding an ipvlan network device to an instance using a managed network is not possible.

See Configure devices for more information.

`nictype`: `p2p`¶

Note

You can select this NIC type only through the nictype option.

A p2p NIC creates a virtual device pair, putting one side in the instance and leaving the other side on the host.

Device options¶

NIC devices of type p2p have the following device options:

boot.priority

Boot priority for VMs

Key:	`boot.priority`
Type:	integer

A higher value for this option means that the VM boots first.

host_name

Name of the interface inside the host

Key:	`host_name`
Type:	string
Default:	randomly assigned

hwaddr

MAC address of the new interface

Key:	`hwaddr`
Type:	string
Default:	randomly assigned

ipv4.routes

IPv4 static routes for the NIC to add on the host

Key:	`ipv4.routes`
Type:	string

Specify a comma-delimited list of IPv4 static routes for this NIC to add on the host.

ipv6.routes

IPv6 static routes for the NIC to add on the host

Key:	`ipv6.routes`
Type:	string

Specify a comma-delimited list of IPv6 static routes for this NIC to add on the host.

limits.egress

I/O limit for outgoing traffic

Key:	`limits.egress`
Type:	string

Specify the limit in bit/s. Various suffixes are supported (see Units for storage and network limits).

limits.ingress

I/O limit for incoming traffic

Key:	`limits.ingress`
Type:	string

Specify the limit in bit/s. Various suffixes are supported (see Units for storage and network limits).

limits.max

I/O limit for both incoming and outgoing traffic

Key:	`limits.max`
Type:	string

This option is the same as setting both limits.ingress and limits.egress.

Specify the limit in bit/s. Various suffixes are supported (see Units for storage and network limits).

limits.priority

skb->priority value for outgoing traffic

Key:	`limits.priority`
Type:	integer

The skb->priority value for outgoing traffic is used by the kernel queuing discipline (qdisc) to prioritize network packets. Specify the value as a 32-bit unsigned integer.

The effect of this value depends on the particular qdisc implementation, for example, SKBPRIO or QFQ. Consult the kernel qdisc documentation before setting this value.

mtu

MTU of the new interface

Key:	`mtu`
Type:	integer
Default:	kernel assigned

name

Name of the interface inside the instance

Key:	`name`
Type:	string
Default:	kernel assigned

queue.tx.length

Transmit queue length for the NIC

Key:	`queue.tx.length`
Type:	integer

Configuration examples¶

Add a p2p network device to an instance using nictype:

lxc config device add <instance_name> <device_name> nic nictype=p2p

Adding a p2p network device to an instance using a managed network is not possible.

See Configure devices for more information.

`nictype`: `routed`¶

Note

You can select this NIC type only through the nictype option.

A routed NIC creates a virtual device pair to connect the host to the instance and sets up static routes and proxy ARP/NDP entries to allow the instance to join the network of a designated parent interface. For containers it uses a virtual Ethernet device pair, and for VMs it uses a TAP device.

This NIC type is similar in operation to ipvlan, in that it allows an instance to join an external network without needing to configure a bridge and shares the host’s MAC address. However, it differs from ipvlan because it does not need IPVLAN support in the kernel, and the host and the instance can communicate with each other.

This NIC type respects netfilter rules on the host and uses the host’s routing table to route packets, which can be useful if the host is connected to multiple networks.

IP addresses, gateways and routes

You must manually specify the IP addresses (using ipv4.address and/or ipv6.address) before the instance is started.

For containers, the NIC configures the following link-local gateway IPs on the host end and sets them as the default gateways in the container’s NIC interface:

169.254.0.1
fe80::1

For VMs, the gateways must be configured manually or via a mechanism like cloud-init (see the how to guide).

Note

If your container image is configured to perform DHCP on the interface, it will likely remove the automatically added configuration. In this case, you must configure the IP addresses and gateways manually or via a mechanism like cloud-init.

The NIC type configures static routes on the host pointing to the instance’s veth interface for all of the instance’s IPs.

Multiple IP addresses

Each NIC device can have multiple IP addresses added to it.

However, it might be preferable to use multiple routed NIC interfaces instead. In this case, set the ipv4.gateway and ipv6.gateway values to none on any subsequent interfaces to avoid default gateway conflicts. Also consider specifying a different host-side address for these subsequent interfaces using ipv4.host_address and/or ipv6.host_address.

Parent interface

This NIC can operate with and without a parent network interface set.

With the parent network interface set, proxy ARP/NDP entries of the instance’s IPs are added to the parent interface, which allows the instance to join the parent interface’s network at layer 2.

To enable this, the following network configuration must be applied on the host via sysctl:

When using IPv4 addresses:
```
net.ipv4.conf.<parent>.forwarding=1
```

When using IPv6 addresses:

net.ipv6.conf.all.forwarding=1
net.ipv6.conf.<parent>.forwarding=1
net.ipv6.conf.all.proxy_ndp=1
net.ipv6.conf.<parent>.proxy_ndp=1

Device options¶

NIC devices of type routed have the following device options:

gvrp

Whether to use GARP VLAN Registration Protocol

Key:	`gvrp`
Type:	bool
Default:	`false`

This option specifies whether to register the VLAN using the GARP VLAN Registration Protocol.

host_name

Name of the interface inside the host

Key:	`host_name`
Type:	string
Default:	randomly assigned

hwaddr

MAC address of the new interface

Key:	`hwaddr`
Type:	string
Default:	randomly assigned

ipv4.address

IPv4 static addresses to add to the instance

Key:	`ipv4.address`
Type:	string

Specify a comma-delimited list of IPv4 static addresses to add to the instance.

ipv4.gateway

Whether to add an automatic default IPv4 gateway

Key:	`ipv4.gateway`
Type:	string
Default:	`auto`

Possible values are auto and none.

ipv4.host_address

IPv4 address to add to the host-side veth interface

Key:	`ipv4.host_address`
Type:	string
Default:	`169.254.0.1`

ipv4.host_table

Custom policy routing table ID to add IPv4 static routes to

Key:	`ipv4.host_table`
Type:	integer

The custom policy routing table is in addition to the main routing table.

ipv4.neighbor_probe

Whether to probe the parent network for IPv4 address availability

Key:	`ipv4.neighbor_probe`
Type:	bool
Default:	`true`

ipv4.routes

IPv4 static routes for the NIC to add on the host

Key:	`ipv4.routes`
Type:	string

Specify a comma-delimited list of IPv4 static routes for this NIC to add on the host (without L2 ARP/NDP proxy).

ipv6.address

IPv6 static addresses to add to the instance

Key:	`ipv6.address`
Type:	string

Specify a comma-delimited list of IPv6 static addresses to add to the instance.

ipv6.gateway

Whether to add an automatic default IPv6 gateway

Key:	`ipv6.gateway`
Type:	string
Default:	`auto`

Possible values are auto and none.

ipv6.host_address

IPv6 address to add to the host-side veth interface

Key:	`ipv6.host_address`
Type:	string
Default:	`fe80::1`

ipv6.host_table

Custom policy routing table ID to add IPv6 static routes to

Key:	`ipv6.host_table`
Type:	integer

The custom policy routing table is in addition to the main routing table.

ipv6.neighbor_probe

Whether to probe the parent network for IPv6 address availability

Key:	`ipv6.neighbor_probe`
Type:	bool
Default:	`true`

ipv6.routes

IPv6 static routes for the NIC to add on the host

Key:	`ipv6.routes`
Type:	string

Specify a comma-delimited list of IPv6 static routes for this NIC to add on the host (without L2 ARP/NDP proxy).

limits.egress

I/O limit for outgoing traffic

Key:	`limits.egress`
Type:	string

Specify the limit in bit/s. Various suffixes are supported (see Units for storage and network limits).

limits.ingress

I/O limit for incoming traffic

Key:	`limits.ingress`
Type:	string

Specify the limit in bit/s. Various suffixes are supported (see Units for storage and network limits).

limits.max

I/O limit for both incoming and outgoing traffic

Key:	`limits.max`
Type:	string

This option is the same as setting both limits.ingress and limits.egress.

Specify the limit in bit/s. Various suffixes are supported (see Units for storage and network limits).

limits.priority

skb->priority value for outgoing traffic

Key:	`limits.priority`
Type:	integer

The skb->priority value for outgoing traffic is used by the kernel queuing discipline (qdisc) to prioritize network packets. Specify the value as a 32-bit unsigned integer.

The effect of this value depends on the particular qdisc implementation, for example, SKBPRIO or QFQ. Consult the kernel qdisc documentation before setting this value.

mtu

The MTU of the new interface

Key:	`mtu`
Type:	integer
Default:	parent MTU

name

Name of the interface inside the instance

Key:	`name`
Type:	string
Default:	kernel assigned

parent

Name of the host device to join the instance to

Key:	`parent`
Type:	string

queue.tx.length

Transmit queue length for the NIC

Key:	`queue.tx.length`
Type:	integer

vlan

VLAN ID to attach to

Key:	`vlan`
Type:	integer

Configuration examples¶

Add a routed network device to an instance using nictype:

lxc config device add <instance_name> <device_name> nic nictype=routed ipv4.address=192.0.2.2 ipv6.address=2001:db8::2

Adding a routed network device to an instance using a managed network is not possible.

See Configure devices for more information.

`bridged`, `macvlan` or `ipvlan` for connection to physical network¶

The bridged, macvlan and ipvlan interface types can be used to connect to an existing physical network.

macvlan effectively lets you fork your physical NIC, getting a second interface that is then used by the instance. This method saves you from creating a bridge device and virtual Ethernet device pairs and usually offers better performance than a bridge.

The downside to this method is that macvlan devices, while able to communicate between themselves and to the outside, cannot talk to their parent device. This means that you can’t use macvlan if you ever need your instances to talk to the host itself.

In such case, a bridge device is preferable. A bridge also lets you use MAC filtering and I/O limits, which cannot be applied to a macvlan device.

ipvlan is similar to macvlan, with the difference being that the forked device has IPs statically assigned to it and inherits the parent’s MAC address on the network.

MAAS integration¶

If you’re using MAAS to manage the physical network under your LXD host and want to attach your instances directly to a MAAS-managed network, LXD can be configured to interact with MAAS so that it can track your instances.

At the daemon level, you must configure maas.api.url and maas.api.key, and then set the NIC-specific maas.subnet.ipv4 and/or maas.subnet.ipv6 keys on the instance or profile’s nic entry.

With this configuration, LXD registers all your instances with MAAS, giving them proper DHCP leases and DNS records.

If you set the ipv4.address or ipv6.address keys on the NIC, those are registered as static assignments in MAAS.

Key:	`security.acls.default.egress.action`
Type:	string
Default:	`reject`
Managed:	no

Key:	`security.acls.default.egress.logged`
Type:	bool
Default:	`false`
Managed:	no

Key:	`security.acls.default.ingress.action`
Type:	string
Default:	`reject`
Managed:	no

Key:	`security.acls.default.ingress.logged`
Type:	bool
Default:	`false`
Managed:	no

Type: nic¶

nictype vs. network¶

Available NIC types¶

nictype: bridged¶

Device options¶

Configuration examples¶

nictype: macvlan¶

Device options¶

Configuration examples¶

nictype: sriov¶

Device options¶

Configuration examples¶

nictype: physical¶

Device options¶

Configuration examples¶

nictype: ovn¶

Device options¶

Configuration examples¶

nictype: ipvlan¶

Device options¶

Configuration examples¶

nictype: p2p¶

Device options¶

Configuration examples¶

nictype: routed¶

Device options¶

Configuration examples¶

bridged, macvlan or ipvlan for connection to physical network¶

MAAS integration¶

Type: `nic`¶

`nictype` vs. `network`¶

`nictype`: `bridged`¶

`nictype`: `macvlan`¶

`nictype`: `sriov`¶

`nictype`: `physical`¶

`nictype`: `ovn`¶

`nictype`: `ipvlan`¶

`nictype`: `p2p`¶

`nictype`: `routed`¶

`bridged`, `macvlan` or `ipvlan` for connection to physical network¶