diff --git a/birdbase/config b/birdbase/config
new file mode 100644
index 0000000..0188baa
--- /dev/null
+++ b/birdbase/config
@@ -0,0 +1,29 @@
+# Template used to create this container: /usr/share/lxc/templates/lxc-debian
+# Parameters passed to the template: -r stretch
+# Template script checksum (SHA-1): d5aa397522e36a17c64c014dd63c70d8607c9873
+# For additional config options, please look at lxc.container.conf(5)
+
+# Uncomment the following line to support nesting containers:
+#lxc.include = /usr/share/lxc/config/nesting.conf
+# (Be aware this has security implications)
+
+lxc.net.0.type = veth
+#lxc.net.0.link = vlan10
+lxc.net.0.name = vlan10
+lxc.net.0.veth.pair = birdbase.10
+lxc.net.0.flags = up
+lxc.net.0.script.up = /etc/lxc/lxc-openvswitch
+lxc.net.0.script.down = /etc/lxc/lxc-openvswitch
+
+lxc.apparmor.profile = generated
+lxc.apparmor.allow_nesting = 1
+lxc.rootfs.path = btrfs:/var/lib/lxc/birdbase/rootfs
+
+# Common configuration
+lxc.include = /usr/share/lxc/config/debian.common.conf
+
+# Container specific configuration
+lxc.tty.max = 4
+lxc.uts.name = birdbase
+lxc.arch = amd64
+lxc.pty.max = 1024
diff --git a/birdbase/rootfs/etc/bird/bird.conf b/birdbase/rootfs/etc/bird/bird.conf
new file mode 100644
index 0000000..e69de29
diff --git a/birdbase/rootfs/etc/bird/bird6.conf b/birdbase/rootfs/etc/bird/bird6.conf
new file mode 100644
index 0000000..e69de29
diff --git a/birdbase/rootfs/etc/hosts b/birdbase/rootfs/etc/hosts
new file mode 100644
index 0000000..72e1fd8
--- /dev/null
+++ b/birdbase/rootfs/etc/hosts
@@ -0,0 +1,5 @@
+127.0.0.1	localhost
+::1		localhost ip6-localhost ip6-loopback
+ff02::1		ip6-allnodes
+ff02::2		ip6-allrouters
+
diff --git a/birdbase/rootfs/etc/network/interfaces b/birdbase/rootfs/etc/network/interfaces
new file mode 100644
index 0000000..e69de29
diff --git a/birdbase/rootfs/etc/sysctl.conf b/birdbase/rootfs/etc/sysctl.conf
new file mode 100644
index 0000000..25809a1
--- /dev/null
+++ b/birdbase/rootfs/etc/sysctl.conf
@@ -0,0 +1,79 @@
+#
+# /etc/sysctl.conf - Configuration file for setting system variables
+# See /etc/sysctl.d/ for additional system variables.
+# See sysctl.conf (5) for information.
+#
+
+#kernel.domainname = example.com
+
+# Uncomment the following to stop low-level messages on console
+#kernel.printk = 3 4 1 3
+
+##############################################################3
+# Functions previously found in netbase
+#
+
+# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
+# Turn on Source Address Verification in all interfaces to
+# prevent some spoofing attacks
+#net.ipv4.conf.default.rp_filter=1
+#net.ipv4.conf.all.rp_filter=1
+
+# Uncomment the next line to enable TCP/IP SYN cookies
+# See http://lwn.net/Articles/277146/
+# Note: This may impact IPv6 TCP sessions too
+#net.ipv4.tcp_syncookies=1
+
+# Uncomment the next line to enable packet forwarding for IPv4
+net.ipv4.ip_forward=1
+
+# Uncomment the next line to enable packet forwarding for IPv6
+#  Enabling this option disables Stateless Address Autoconfiguration
+#  based on Router Advertisements for this host
+net.ipv6.conf.all.forwarding=1
+
+net.ipv4.icmp_ratelimit = 0
+net.ipv6.icmp.ratelimit = 0
+
+###################################################################
+# Additional settings - these settings can improve the network
+# security of the host and prevent against some network attacks
+# including spoofing attacks and man in the middle attacks through
+# redirection. Some network environments, however, require that these
+# settings are disabled so review and enable them as needed.
+#
+# Do not accept ICMP redirects (prevent MITM attacks)
+#net.ipv4.conf.all.accept_redirects = 0
+#net.ipv6.conf.all.accept_redirects = 0
+# _or_
+# Accept ICMP redirects only for gateways listed in our default
+# gateway list (enabled by default)
+# net.ipv4.conf.all.secure_redirects = 1
+#
+# Do not send ICMP redirects (we are not a router)
+#net.ipv4.conf.all.send_redirects = 0
+#
+# Do not accept IP source route packets (we are not a router)
+#net.ipv4.conf.all.accept_source_route = 0
+#net.ipv6.conf.all.accept_source_route = 0
+#
+# Log Martian Packets
+#net.ipv4.conf.all.log_martians = 1
+#
+
+###################################################################
+# Magic system request Key
+# 0=disable, 1=enable all
+# Debian kernels have this set to 0 (disable the key)
+# See https://www.kernel.org/doc/Documentation/sysrq.txt
+# for what other values do
+#kernel.sysrq=1
+
+###################################################################
+# Protected links
+#
+# Protects against creating or following links under certain conditions
+# Debian kernels have both set to 1 (restricted) 
+# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
+#fs.protected_hardlinks=0
+#fs.protected_symlinks=0