Thank you John - that’s a very good point regarding routing.
I think we’ll do something like this:
- In the per-model LXD profiles, we can override the network adapter so that it will use the LXD network bridge of our liking, and not use whatever might be defined in the “default” profile. This basically would provide us with different networks for each model as we desire.
- By default, LXD bridges have routing enabled and can route between each other. So, we can land our LXDs on single networks, avoiding issues with multiple default routes, and rely on routing between the LXD bridges to enable communication with the controller.
- We can use firewall rules to restrict this routing as appropriate.
I’m open to other ideas, but I think this may be sufficient. Thanks.