[Lxc-users] networking query
Andy Billington
andy at andybillington.com
Wed Jul 28 23:47:20 UTC 2010
Firstly, am just starting to look at LXC as a possible migration from
OpenSolaris, so excuse me if question is obvious.
Reading what I have found so far, it seems clear that with a bridged
interface on the global side, the Containers can all have separate
network info (different IPs, subnets) and so on. The question I have is
can each container run an independent, totally isolated IP stack (like
OpenSolaris Crossbow) including completely separate routing tables and
IPSec configurations?
The problem I'm investigating is that I currently have two Zones in
Solaris, call them Z1 (10.1.1.1/24) and Z2 (10.1.2.1/24). These then
talk to customer networks via IPSec; call them Customer1 and Customer2.
The "fun" part is the Customer networking: Customer1 uses 192.168.1.0/24
as their internal range (ie. "behind" the VPN tunnel, my IPSec emerges
on 192.168.1.252), and Customer2 uses 192.168.0.0/16 as their internal
range. So, overlapping ranges. Z1 talks to Customer1, Z2 talks to
Customer2, it is critical they cannot "see" each other. Crossbow is
doing it just fine; can LXC do the same thing?
If LXC can do it, are there any gotcha's or suggestions as to the best
choice for IPSec setup / configuration?#
Thanks!
Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20100729/a5032655/attachment.html>
More information about the lxc-users
mailing list