<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#ffffff" text="#000000">
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<div>Firstly, am just starting to look at LXC as a possible migration
from OpenSolaris, so excuse me if question is obvious.<br>
</div>
<div>Reading what I have found so far, it seems clear that with a
bridged interface on the global side, the Containers can all have
separate network info (different IPs, subnets) and so on. The question
I have is can each container run an independent, totally isolated IP
stack (like OpenSolaris Crossbow) including completely separate routing
tables and IPSec configurations?</div>
<div><br>
</div>
<div>The problem I'm investigating is that I currently have two Zones
in Solaris, call them Z1 (10.1.1.1/24) and Z2 (10.1.2.1/24). These then
talk to customer networks via IPSec; call them Customer1 and Customer2.
The "fun" part is the Customer networking: Customer1 uses
192.168.1.0/24 as their internal range (ie. "behind" the VPN tunnel, my
IPSec emerges on 192.168.1.252), and Customer2 uses 192.168.0.0/16 as
their internal range. So, overlapping ranges. Z1 talks to Customer1, Z2
talks to Customer2, it is critical they cannot "see" each other.
Crossbow is doing it just fine; can LXC do the same thing?</div>
<div><br>
</div>
<div>If LXC can do it, are there any gotcha's or suggestions as to the
best choice for IPSec setup / configuration?#<br>
<br>
Thanks!<br>
Andy<br>
</div>
</body>
</html>