From: ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org (Eric W. Biederman)
To: Toerless Eckert
<Toerless.Eckert-vrlraubKdiR4tiELkoLHDcSSVFg4/55HhC4ANOJQIlc@public.gmane.org>
Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
Subject: Re: LXC L3 network isolation, yes/no ?, how ?
Date: Mon, 31 Oct 2011 20:19:44 -0700 [thread overview]
Message-ID: <m1r51swmun.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <20111101021230.GE15906-+4JsuViRYHWM0MU9lROt9PpTrGXM5HoexJJUWDj/nkeELgA04lAiVw@public.gmane.org> (Toerless Eckert's message of "Tue, 1 Nov 2011 03:12:30 +0100")
Toerless Eckert <Toerless.Eckert-vrlraubKdiR4tiELkoLHDcSSVFg4/55HhC4ANOJQIlc@public.gmane.org> writes:
> I am trying to understand if (and if so how) i can use LXC (or any
> other comparable lightweightc container option) to effectively
> run applications on a linux system with two separate IP interfaces
> as if they each had only access to a single IP interface.
>
> Eg:
> eth0 with address and default-router learned by DHCP
> eg: address 10.1.1.2/24, default-router 10.1.1.254
> DNS prefix and DNS domain name for ether0 of course also learned by DHCP.
>
> eth1 with address and default-router learned by DHCP
> eg: address 10.2.1.a/242, default-router 10.2.1.254
> DNS prefix and DNS domain name for ether0 of course also learned by DHCP.
>
> (no need for overlapping addresses).
That sounds like L2 level isolation.
ip link set eth1 netns XXXX.
Will let move a network device to a choose network namespace.
That is the easy trivial case. Most people don't have the multiple
physical interfaces so tricky things have to happen.
Does that sound like what you are looking for?
Eric
next prev parent reply other threads:[~2011-11-01 3:19 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-01 2:12 LXC L3 network isolation, yes/no ?, how ? Toerless Eckert
[not found] ` <20111101021230.GE15906-+4JsuViRYHWM0MU9lROt9PpTrGXM5HoexJJUWDj/nkeELgA04lAiVw@public.gmane.org>
2011-11-01 3:19 ` Eric W. Biederman [this message]
[not found] ` <m1r51swmun.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2011-11-01 4:32 ` Toerless Eckert
[not found] ` <20111101043201.GA14734-+4JsuViRYHWM0MU9lROt9PpTrGXM5HoexJJUWDj/nkeELgA04lAiVw@public.gmane.org>
2011-11-01 12:20 ` Eric W. Biederman
[not found] ` <m1lis0vxu6.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2011-11-01 15:26 ` Toerless Eckert
[not found] ` <20111101152624.GB14734-+4JsuViRYHWM0MU9lROt9PpTrGXM5HoexJJUWDj/nkeELgA04lAiVw@public.gmane.org>
2011-11-01 15:55 ` Daniel Lezcano
2011-11-01 17:17 ` Eric W. Biederman
[not found] ` <m1hb2nsqy6.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2011-11-02 19:51 ` Toerless Eckert
[not found] ` <20111102195142.GC14734-+4JsuViRYHWM0MU9lROt9PpTrGXM5HoexJJUWDj/nkeELgA04lAiVw@public.gmane.org>
2011-11-02 20:11 ` Renato Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1r51swmun.fsf@fess.ebiederm.org \
--to=ebiederm-as9lmozglivwk0htik3j/w@public.gmane.org \
--cc=Toerless.Eckert-vrlraubKdiR4tiELkoLHDcSSVFg4/55HhC4ANOJQIlc@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.