This article explains how to assign a container with two NICs attached to different networks.

This configuration is required in cases where a container needs to have separate private and public network access with appropriate routing rules, e.g., when FrontNet is used for external access and BackNet is used for internal traffic.


The example below illustrates how to connect a container to bridged FrontNet and BackNet networks:

  1. Create two bridged networks:

    ~# vznetcfg net new FrontNet
    ~# vznetcfg net new BackNet
  2. Find out which hardware NIC corresponds to which network:

    ~# ip a l
    1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
        link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
        inet scope host lo
            valid_lft forever preferred_lft forever
    2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 48:5b:39:19:6d:66 brd ff:ff:ff:ff:ff:ff
        inet brd scope global eth0
            valid_lft forever preferred_lft forever
    3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
        link/ether 48:5b:39:19:6d:68 brd ff:ff:ff:ff:ff:ff
        inet brd scope global eth1
            valid_lft forever preferred_lft forever
  3. Assign network interfaces to the virtual networks:

    ~# vznetcfg net addif FrontNet eth1
    ~# vznetcfg net addif BackNet eth0
  4. Add two network interfaces to the container:

    ~# vzctl set CTID --save --netif_add eth0
    ~# vzctl set CTID --save --netif_add eth1
  5. Assign them to the corresponding networks and configure the virtual adapters:

    ~# vzctl set CTID --save --ifname eth0 --network BackNet --ipadd --gw
    ~# vzctl set CTID --save --ifname eth1 --network FrontNet --ipadd

NOTE: The "--gw" option specifies the default gateway setting, and generally it should be set only for one adapter. Set the most preferable routing scheme according to your needs.

