Can you passthrough a high-speed NIC to an LXC container?

[reckless]

Hi all, I have a few questions:

1. Can you passthrough a NIC, using SR-IOV, to an LXC container?
2. If not using SR-IOV, is there a way to passthrough a NIC without the use of a vmbr bridge, so that only that particular container has full direct access to it? Similarly to a full passthrough in a VM.
   

I'm wondering if it's possible to allow an LXC container access to a NIC without any software overhead.

 

[Stefan_R]

No, PCI-passthrough (including SR-IOV) is not possible with LXC containers. With NICs however, it shouldn't really be necessary, since the host kernel is also the guest kernel, so the device is shared by default. Are you actually running into any performance issues or is it a case of premature optimization?

 

[reckless]

I'm planning ahead for optimization so haven't ran into any issues.

In this case would the theoretical performance be higher if you just assign the NIC port itself without actually bridging it (for example, not making it a vmbr bridge, but just assigning the port to the LXC only)?

I'm wondering what the best way is to achieve the lowest overhead and fastest performance for a NIC in an LXC container.

 

[BobhWasatch]

Premature optimization is the root of all evil. - Don Knuth

 

[reckless]

Will adding a NIC then as standard Linux bridge to an LXC add any overhead to a 40Gbe/50Gbe connection?

The goal is to eliminate any overhead similarly to passing thru a NIC to a Proxmox VM.