[Lxc-users] [lxc-devel] Request for inclusion into mainline LXC utils
Suno Ano
suno.ano at sunoano.org
Mon Jan 25 09:19:41 UTC 2010
Mike> I don't want to start a flame war but, honestly, I feel that one
Mike> follows the other. I have used Debian (vanilla, Knoppix, and
Mike> Ubuntu) and even spun a custom distro based on Knoppix and I am
Mike> not at all surprised that, if you are with Debian, you find
Mike> bridges annoying. I would too.
1)
Bridges itself work flawlessly with Debian and I have used them quite
often. If mandatory then I will do so in the future too.
It is the fact that I do not want to add another piece to the stack if
in fact I do not have to -- I do not want to take care of a bridge,
maintain, monitor, etc. it, if networking also works excellent without
using yet another layer of indirection in my networking stack. Therefore
I will use macvlan. Simplicity is key ...
2)
http://www.mail-archive.com/lxc-users@lists.sourceforge.net/msg00008.html
says that in fact all the benefits of bridges will be available with
with macvlan in .33 as well. So not using a bridge makes sense since I
do not need one for any kind of setup I will need to do
- containers having public IP, talking to Internet
- containers having private IP, talking to other containers on the host
- containers having private IP, talking to host
- arbitrary mixture of the above
3)
This is simple and straight forward and I am going to adapt my
- packet_filter http://github.com/sunoano/bash as well as
- generic.sh, used by packet_filter
- and probably vzbulk
for all kinds of routing and firewalling I need. Setting things up is
simple as well
http://sunoano.name/ws/public_xhtml/firewall.html#sunos_rule_set_and_how_it_is_applied
More information about the lxc-users
mailing list