Re: container-to-host virtual or loopback kind of interface support

["Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>]

Quoting Elwin Stelzer Eliazer (stelzere-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org):
>
> On Apr 9, 2009, at 6:57 AM, "Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org> wrote:
>
>> Quoting Elwin Stelzer Eliazer (stelzere-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org):
>>> Hi,
>>>
>>> I am trying to use network namespace for virtualizing some socket
>>> applications i already have.
>>> These applications interact with Apache through 'lo' 127.0.0.1:nnn  
>>> sockets
>>> now.
>>> When i virtualize, i do not want to run Apache inside the container, 
>>> and has
>>> to be outside.
>>> I can not use any non-127.x.x.x IP address for this purpose, or have 
>>> any
>>> separate "host-only" kind of internal network.
>>> I would appreciate if someone can let me know the options i have to
>>> accomplish this, with network namespace, and 2.6.29 or 2.6.30.
>>
>> So to be clear, what you want is to have an application in a separate
>> network namespace from apache, but talking over a shared loopback?
>>
>
> Yes. But I am not very specific about the loopback.
>
>> Can you use a veth tunnel pair?  You don't have to tie them to a
>> bridge so the socket app won't be on the public net.
>>
>> -serge
>
> Yes I can do without the bridge. But what IP address for the veth? Can  
> it be a 127.x.x.x? My solution cannot have a regular public or private  
> ip that can interfere with external network. The reason I mentioned  
> bridge was it will reduce the ip subnet needed to one. If you can  
> suggest a solution that leverages 127.x.x.x it will be useful.

Actually is there any reason you can't use a unix socket?

-serge