Adding a virtual adapter to a bridge with vlans (needed for lxc)

darksky · January 2, 2025, 4:46pm

Right now I have a linux container come up on its own bridge. I need a way to have it be part of my network zoned off with VLAN 10.

I am thinking that it would be possible to create a new device and attach to my existing br.lan bridge so I can assign it to VLAN-10.

Is my strategy sound?

I am not able to implement it... I tried creating a new device (first trying virtual ethernet which did not work and second trying network device which also did not work), and adding it to my br-lan and assigning it the untagged on VLAN 10 option. In both cases, I am unable to attach my linux container to the newly created device.

Below is the network config where the container is on its own bridge for reference. Looking for thoughts as to why the above isn't working or a better idea to achieve the goal of having the container on the same network.

/etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd3c:e2af:62b3::/48'
	option packet_steering '2'
	option steering_flows '128'

config device
	option name 'eth1'
	option ipv6 '0'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'
	option ipv6 '0'

config interface 'lan'
	option device 'br-lan.10'
	option proto 'static'
	option ipaddr '10.9.8.1'
	option netmask '255.255.255.0'
	option delegate '0'

config interface 'wan'
	option device 'eth1'
	option proto 'static'
	option ipaddr 'my.public.ip'
	option netmask '255.255.255.192'
	option gateway 'my.public.gateway'
	option delegate '0'
	list dns '1.1.1.1'
	list dns '1.0.0.1'

config bridge-vlan
	option device 'br-lan'
	option vlan '3'
	list ports 'eth0:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '4'
	list ports 'eth0:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '5'
	list ports 'eth0:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '6'
	list ports 'eth0:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '7'
	list ports 'eth0:t'

config bridge-vlan
	option device 'br-lan'
	option vlan '10'
	list ports 'eth0:t'

config device
	option type 'bridge'
	option name 'lxcbr0'
	option ipv6 '0'
	option bridge_empty '1'

config device
	option name 'br-lan.3'
	option type '8021q'
	option ifname 'br-lan'
	option vid '3'
	option ipv6 '0'

config device
	option name 'br-lan.4'
	option type '8021q'
	option ifname 'br-lan'
	option vid '4'
	option ipv6 '0'

config device
	option name 'br-lan.5'
	option type '8021q'
	option ifname 'br-lan'
	option vid '5'
	option ipv6 '0'

config device
	option name 'br-lan.6'
	option type '8021q'
	option ifname 'br-lan'
	option vid '6'
	option ipv6 '0'

config device
	option name 'br-lan.7'
	option type '8021q'
	option ifname 'br-lan'
	option vid '7'
	option ipv6 '0'

config device
	option name 'br-lan.10'
	option type '8021q'
	option ifname 'br-lan'
	option vid '10'
	option ipv6 '0'

config interface 'guest'
	option device 'br-lan.3'
	option proto 'static'
	option ipaddr '10.9.7.1'
	option netmask '255.255.255.0'
	option delegate '0'

config interface 'homeoffice'
	option device 'br-lan.4'
	option proto 'static'
	option ipaddr '10.9.6.1'
	option netmask '255.255.255.0'
	option delegate '0'

config interface 'iot'
	option device 'br-lan.5'
	option proto 'static'
	option ipaddr '10.9.5.1'
	option netmask '255.255.255.0'
	option delegate '0'

config interface 'vpn'
	option device 'br-lan.6'
	option proto 'static'
	option ipaddr '10.9.4.1'
	option netmask '255.255.255.0'
	option delegate '0'

config interface 'vpn2'
	option device 'br-lan.7'
	option proto 'static'
	option ipaddr '10.9.3.1'
	option netmask '255.255.255.0'
	option delegate '0'
	option auto '0'

config interface 'lxc'
	option device 'lxcbr0'
	option proto 'static'
	option ipaddr '10.0.4.1'
	option netmask '255.255.255.0'

darksky · January 3, 2025, 3:01pm

I believe that I figured it out after carefully reading the lxc.container.conf man page.

On OpenWrt host

Compiled in kmod-bond (not sure if needed)
Create a virtual ethernet, I used veth0
Edit my br-lan adding veth0 to the bridge ports option then adding untagged/is primary VLAN on VLAN 10

After some trial and error here is the working network config section of the container config:

lxc.net.0.type = veth
lxc.net.0.veth.pair = veth0
lxc.net.0.link = br-lan
lxc.net.0.veth.vlan.id = 10
lxc.net.0.ipv4.address = 10.9.8.69/24
lxc.net.0.ipv4.gateway = 10.9.8.1
lxc.net.0.flags = up

For completeness, here is the diff of my /etc/config/network from the one I posted above. I hope this helps someone out one day.

--- a/etc/config/network
+++ b/etc/config/network
@@ -19,6 +19,7 @@ config device
        option type 'bridge'
        list ports 'eth0'
        option ipv6 '0' 
+       list ports 'veth0'
 
 config interface 'lan'
        option device 'br-lan.10'
@@ -66,6 +67,7 @@ config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'eth0:t'
+       list ports 'veth0:u*'
 
 config device
        option type 'bridge'
@@ -115,6 +117,11 @@ config device
        option vid '10'
        option ipv6 '0' 
 
+config device
+       option type 'veth'
+       option name 'veth0'
+       option ipv6 '0'
+
 config interface 'guest'
        option device 'br-lan.3'
        option proto 'static'

system · January 13, 2025, 3:01pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.