Lxc networking - separate from physical interface?

What is best option if I want to configure a dedicated subnet for lxc containers? For now I’ve created a new network using eth0 interface. But when I think about it - it doesn’t have to be attached to attached to eth0 - it doesn’t have to be attache to any physical port as long as it can be connected to cpu and route to other interfaces. But I’m not sure if this is possible and if it is - how. Any suggestions?

Thanks.
Radek

If you’re going to configure host part of the lxc interface manually then yes, it doesn’t need to be part of anything to communicate with host. Otherwise it’s easier to make it part of br-lan or br-dmz and be a valid member of the network.
The thing is that name of the interface is dynamically generated so unless you attach it somewhere - you need to configure the interface on each restart of the container.

I forgot to answer actual question - i think the best option is to create a new interface (eg br-lxc) create a vlan on the switch not attached to any port except cpu and make it part of the bridge. that way you can always allocate a phys port if required by assigning it to the vlan.

That’s exactly what I was thinking about - however I struggled with how to include the cpu into vlan. What should be the cpu’s reference in vlan config?

something like this perhaps?
config switch_vlan option device 'switch0' option vlan '9' option vid '9' option ports '5t'

Thanks - it seems to work. One more question. Is it possible to create two bridge interfaces over the same vlan? The second one bridge doesn’t come up. I can create two identical vlans (inlcuding just the cpu) and then it works fine. Just trying to understand why it’s not possible to create two bridge interfaces.

Manually yes, you can (brctl) but uci would not create empty bridge afaik. So you need to include at least one physical interface

I didn’t mean empty physical interface. Let’s say I create the vlan9 as mentioned above. Then I created bridge interface tst1 using the vlan9 like this:
config interface 'tst1’
option type 'bridge’
option proto 'static’
option ifname 'eth0.9’
option ipaddr '192.168.4.1’
option netmask ‘255.255.255.0’

and this interface works properly. Then if I want to create a second bridge interface like:
config interface 'tst2’
option type 'bridge’
option proto 'static’
option ifname 'eth0.9’
option ipaddr '192.168.5.1’
option netmask ‘255.255.255.0’

the tst2 interface won’t come up and there is no entry in system log which could explain why …

ip link shows these interfaces like:
41: br-tst1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether d8:58:d7:00:30:4e brd ff:ff:ff:ff:ff:ff
42: eth0.9@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-tst1 state UP mode DEFAULT group default qlen 1000
link/ether d8:58:d7:00:30:4e brd ff:ff:ff:ff:ff:ff
44: br-tst2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ether 9e:12:ac:2d:ca:da brd ff:ff:ff:ff:ff:ff