Hi Everyone,
I’ve asked the team over at Firewalla about using LXD instead of Docker, and I’ve also asked them about how their application uses the Ubuntu network stack so that I can configure LXD to avoid interfering with their setup. The objective is to setup a LXD container that sits directly on the L2 network without any DNS, DNSMASQ or NAT - basically just another network device that can be managed by the Firewalla application sitting on the host.
LXD as alternative to Docker on Firewalla:
https://help.firewalla.com/hc/en-us/community/posts/19708451335059-Canonical-s-own-container-technology-LXD-easier-to-use-and-far-more-secure-than-Docker?page=1
How does Firewalla do networking on their FWG appliance:
https://help.firewalla.com/hc/en-us/community/posts/20083791423379-LXD-Network-setup-to-work-with-Firewalla-Gold-with-LACP-established-using-all-three-LAN-interfaces
And another on Reddit where Firewalla did a poll of LXD vs Docker (it just proved that people don’t know about LXD):
https://www.reddit.com/r/firewalla/comments/15xd7ka/lxd_vs_docker_containers/
They haven’t responded to the network question so I thought to ask here if there might be a way to ensure LXD just presents itself to their established network setup without interfering with it.
Firewalla has guidance on their website linking to a third party scripted Docker installation of a Ubiquiti Unifi Network application instance and it seems that it uses the standard Docker Bridge mode:
https://help.firewalla.com/hc/en-us/articles/360053441074-Guide-How-to-run-UniFi-Controller-on-the-Firewalla-Gold-Series-Boxes
I think that if I configure a Linux Bridge Adapter it will wreck their implementation, and I need the Firewalla application on the LXD host to see the LXD container instance as just another device on the Ubiquiti management VLAN.
Any thoughts on how I could get this happening without breaking the Firewalla appliance (it is a Firewalla Gold). Cheers, Nick.