Linux Container Development
 help / color / mirror / Atom feed
From: Pavel Labushev <p.labushev-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Cc: containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org
Subject: Re: How do containers tie to multiple IP's on a NIC?
Date: Tue, 06 Jul 2010 23:00:51 +0800	[thread overview]
Message-ID: <4C334523.2080503@gmail.com> (raw)
In-Reply-To: <20100705140750.GA3113-M6G8SDWvnhfby3iVrkZq2A@public.gmane.org>

05.07.2010 22:07, Whit Blauvelt пишет:

> The examples I have found are along the lines of: Here's how to start a
> container, bridge it to a NIC which has a single IP assigned, ssh to it ...
> and the examples stop there. What I'd like to achieve is a setup where, say,
> a box with 6 IPs on an external network - on eth0 before bridging (or its
> alternatives) - can have 5 of those IPs each dedicated to different single
> container.

I have a setup similar to that you describe. It's a bit hackish, but I
like it's transparency and isolation capabilities (so I can leave
CAP_NET_RAW and CAP_NET_ADMIN for containers). It looks like that:

For the host:

host # ip addr add 1.1.128.2/20 dev eth0
host # route add -net default gw 1.1.128.1


For lxc1:

host # cat /etc/lxc/lxc1/config | grep net
lxc.network.type = veth
lxc.network.veth.pair = lxc1_veth0
lxc.network.flags = up

host # arp -Ds 1.1.128.3 eth0 pub
host # arp -Ds 1.1.128.4 eth0 pub
host # arp -Ds 1.1.128.5 eth0 pub
host # arp -Ds 1.1.128.6 eth0 pub

host # sysctl -w net.ipv4.conf.lxc1_veth0.proxy_arp = 1

host # ip addr add 10.0.1.1/24 dev lxc1_veth0

host # route add -host 1.1.128.3 gw 10.0.1.2
host # route add -host 1.1.128.4 gw 10.0.1.2
host # route add -host 1.1.128.5 gw 10.0.1.2
host # route add -host 1.1.128.6 gw 10.0.1.2

lxc1 # ip addr add 10.0.1.2/24 dev lxc1_veth0

lxc1 # ip addr add 1.1.128.3/20 dev eth0
lxc1 # ip addr add 1.1.128.4/20 dev eth0
lxc1 # ip addr add 1.1.128.5/20 dev eth0
lxc1 # ip addr add 1.1.128.6/20 dev eth0

lxc1 # route add -net default gw 1.1.128.1


For lxc2:

host # cat /etc/lxc/lxc2/config | grep net
lxc.network.type = veth
lxc.network.veth.pair = lxc2_veth0
lxc.network.flags = up

host # arp -Ds 1.1.128.7 eth0 pub
host # sysctl -w net.ipv4.conf.lxc2_veth0.proxy_arp = 1
host # ip addr add 10.0.2.1/24 dev lxc2_veth0
host # route add -host 1.1.128.7 gw 10.0.2.2

lxc2 # ip addr add 10.0.2.2/24 dev eth0
lxc2 # ip addr add 1.1.128.7/20 dev eth0
lxc2 # route add -net default gw 1.1.128.1


Hope it helps. Btw, I use custom udev scripts to do the host part, and
stock init scripts inside the containers to do the lxc part.
_______________________________________________
Containers mailing list
Containers@lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers

  parent reply	other threads:[~2010-07-06 15:00 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-07-04  3:40 How do containers tie to multiple IP's on a NIC? Whit Blauvelt
     [not found] ` <20100704034023.GA29753-M6G8SDWvnhfby3iVrkZq2A@public.gmane.org>
2010-07-04 16:51   ` Daniel Lezcano
     [not found]     ` <4C30BC16.9090802-GANU6spQydw@public.gmane.org>
2010-07-04 19:18       ` Whit Blauvelt
     [not found]         ` <20100704191841.GA31425-M6G8SDWvnhfby3iVrkZq2A@public.gmane.org>
2010-07-04 19:49           ` Daniel Lezcano
     [not found]             ` <4C30E5CB.1080902-GANU6spQydw@public.gmane.org>
2010-07-04 23:08               ` Whit Blauvelt
     [not found]                 ` <20100704230827.GA1066-M6G8SDWvnhfby3iVrkZq2A@public.gmane.org>
2010-07-05  9:50                   ` Pavel Labushev
     [not found]                     ` <4C31AAEE.5010201-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2010-07-05 14:07                       ` Whit Blauvelt
     [not found]                         ` <20100705140750.GA3113-M6G8SDWvnhfby3iVrkZq2A@public.gmane.org>
2010-07-05 21:13                           ` Daniel Lezcano
     [not found]                             ` <4C324AFE.8000801-GANU6spQydw@public.gmane.org>
2010-07-05 22:04                               ` Whit Blauvelt
2010-07-06 15:00                           ` Pavel Labushev [this message]
     [not found]                             ` <4C334523.2080503-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2010-07-06 15:04                               ` Pavel Labushev
2010-07-07 12:55                           ` Eric W. Biederman
     [not found]                             ` <m1sk3vjvt1.fsf-+imSwln9KH6u2/kzUuoCbdi2O/JbrIOy@public.gmane.org>
2010-07-07 13:22                               ` Whit Blauvelt

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4C334523.2080503@gmail.com \
    --to=p.labushev-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
    --cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox