[Lxc-users] appropriate architecture for two sets of containers on one host
Mike
sourceforge at good-with-numbers.com
Tue Mar 12 04:21:17 UTC 2013
I have two sets of containers on a host, depicted as c1.* and c2.*
below. Wondering what's the best way to connect them to the physical
interface. Fill in the "?".
But I want to generally wall off the sets from each other. E.g., think
of them as externally- and internally-visible servers, respectively.
Also want to control traffic among each set.
Generally, there may be a handful of sets, may be a dozen containers in
a set.
My approach would be to bridge them all together with the physical i/f,
then separate them with ebtables (which I haven't used yet). Wondering
if there's a more elegant approach, using...VLANs? multiple bridges?
iptables?
+-------------------------------+
| host |
|+------+ |
|| |-----------+ |
|| c1.2 | eth0/.1.2 |----\ |
|| |-----------+ | |
|+------+ | |
|+------+ | |
|| |-----------+ | |
|| c1.3 | eth0/.1.3 |--\ | |
|| |-----------+ |-----------+
|+------+ ? --| eth0/.0.2 |-----
|+------+ |-----------+
|| |-----------+ | | |
|| c2.2 | eth0/.2.2 |--/ | |
|| |-----------+ | |
|+------+ | |
|+------+ | |
|| |-----------+ | |
|| c2.3 | eth0/.2.3 |----/ |
|| |-----------+ |
|+------+ |
+-------------------------------+
More information about the lxc-users
mailing list