[Lxc-users] networking query

Andy Billington andy at andybillington.com
Wed Jul 28 23:47:20 UTC 2010


Firstly, am just starting to look at LXC as a possible migration from 
OpenSolaris, so excuse me if question is obvious.
Reading what I have found so far, it seems clear that with a bridged 
interface on the global side, the Containers can all have separate 
network info (different IPs, subnets) and so on. The question I have is 
can each container run an independent, totally isolated IP stack (like 
OpenSolaris Crossbow) including completely separate routing tables and 
IPSec configurations?

The problem I'm investigating is that I currently have two Zones in 
Solaris, call them Z1 (10.1.1.1/24) and Z2 (10.1.2.1/24). These then 
talk to customer networks via IPSec; call them Customer1 and Customer2. 
The "fun" part is the Customer networking: Customer1 uses 192.168.1.0/24 
as their internal range (ie. "behind" the VPN tunnel, my IPSec emerges 
on 192.168.1.252), and Customer2 uses 192.168.0.0/16 as their internal 
range. So, overlapping ranges. Z1 talks to Customer1, Z2 talks to 
Customer2, it is critical they cannot "see" each other. Crossbow is 
doing it just fine; can LXC do the same thing?

If LXC can do it, are there any gotcha's or suggestions as to the best 
choice for IPSec setup / configuration?#

Thanks!
Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20100729/a5032655/attachment.html>


More information about the lxc-users mailing list