<div dir="ltr">I kind of understand a bit. So the guest processes are assigned to the netns created by LXC, right?</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Nov 12, 2013 at 2:42 PM, Fajar A. Nugraha <span dir="ltr"><<a href="mailto:list@fajar.net" target="_blank">list@fajar.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div class="im">On Tue, Nov 12, 2013 at 1:22 PM, Magicloud Magiclouds <span dir="ltr"><<a href="mailto:magicloud.magiclouds@gmail.com" target="_blank">magicloud.magiclouds@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr">Thank you for the reply. I may be not clear in the original question.<div>
<br></div><div>For example, in KVM, the system setup a virtual network device pair in host, and added on end to bridge. So when an program is using the other end, its communication will be bridged to actual hardware. And KVM exposes a virtual network device to the guest and links it to "the other end". And in guest, it is just a normal network device.</div>
<div><br></div><div>But in LXC, first of all, it does not vitualize hardware. The guest is just a child process of LXC. Then, how does it make the guest using "the other end"? The guest is just using general socket APIs.</div>
</div><div><div><div class="gmail_extra"><br></div></div></div></blockquote><div><br></div><div><br></div></div><div>If you use the default LXC setup, then most likely you're already using veth for networking. So you already have a pair of veth interface, one on the host, and the other on the guest. The host and the guest can see different network device since they're using different network namespace.</div>
<div><br></div><div>In my setup, I use something like this on lxc config ("ffmpeg" is the name of the container):</div><div><br></div><div><div>lxc.network.type=veth</div><div>lxc.network.link=br0</div><div>lxc.network.flags=up</div>
<div>lxc.network.hwaddr= 00:16:3E:45:B9:78</div><div>lxc.network.veth.pair=v-ffmpeg-0</div><div>lxc.utsname = ffmpeg</div></div><div><br></div><div>What it does:</div><div>- it uses veth for network</div><div>- the veth interface on the host side would always be named "v-ffmpeg-0", connected to the bridge "br0" (created separately using networking config in the hosts's /etc/network/interfaces) </div>
<div>- the veth interface on the container/guest side is named "eth0", with MAC address 00:16:3E:45:B9:78</div><span class="HOEnZb"><font color="#888888"><div><br></div><div>-- </div><div>Fajar</div></font></span></div>
</div></div>
</blockquote></div><br><br clear="all"><div><br></div>-- <br>竹密岂妨流水过<br>山高哪阻野云飞<br><br>And for G+, please use magiclouds#<a href="http://gmail.com" target="_blank">gmail.com</a>.
</div>