Can you passthrough a high-speed NIC to an LXC container?

R

reckless

Well-Known Member
Feb 5, 2019
79
4
48
Hi all, I have a few questions:

  1. Can you passthrough a NIC, using SR-IOV, to an LXC container?
  2. If not using SR-IOV, is there a way to passthrough a NIC without the use of a vmbr bridge, so that only that particular container has full direct access to it? Similarly to a full passthrough in a VM.
I'm wondering if it's possible to allow an LXC container access to a NIC without any software overhead.
 
No, PCI-passthrough (including SR-IOV) is not possible with LXC containers. With NICs however, it shouldn't really be necessary, since the host kernel is also the guest kernel, so the device is shared by default. Are you actually running into any performance issues or is it a case of premature optimization?
 
I'm planning ahead for optimization so haven't ran into any issues.

In this case would the theoretical performance be higher if you just assign the NIC port itself without actually bridging it (for example, not making it a vmbr bridge, but just assigning the port to the LXC only)?

I'm wondering what the best way is to achieve the lowest overhead and fastest performance for a NIC in an LXC container.
 
Last edited:
Will adding a NIC then as standard Linux bridge to an LXC add any overhead to a 40Gbe/50Gbe connection?

The goal is to eliminate any overhead similarly to passing thru a NIC to a Proxmox VM.
 
That is possible, but you need to make the container "priviledged".

It's not exactly a PCI passthrough, but anyways it doesn't require a bridge to make it work.
You need to manually edit the lxc config file:

Code: 
nano /etc/pve/lxc/100.conf

And add your interfaces like this:

Code: 
# For passing enp2s0
lxc.net.1.name: enp2s0
lxc.net.1.type: phys
lxc.net.1.link: enp2s0
# For passing enp3s0
lxc.net.2.name: enp3s0
lxc.net.2.type: phys
lxc.net.2.link: enp3s0

If you have plans to do PPPoE add the following configuration too, otherwise you will have kernel problems in the LXC:
Code: 
lxc.cgroup.devices.allow: c 108:0 rwm
lxc.mount.entry: /dev/ppp dev/ppp none bind,create=file
 
You must log in or register to reply here.
Top Bottom