[Lxc-users] local subnet

Fajar A. Nugraha list at fajar.net
Sun Aug 4 06:43:50 UTC 2013 

On Sun, Aug 4, 2013 at 6:14 AM, Bretton Woods <woods.bretton at yahoo.co.uk>wrote:

> ps thanks
>
> http://noyaudolive.net/2012/05/09/lxc-and-macvlan-host-to-guest-connection/
>
>

Personally I'd stick with the default veth-on-bridge setup.


>   ------------------------------
>  *From:* Bretton Woods <woods.bretton at yahoo.co.uk>
> **
>


> I have been thinking of LXC in terms of server services where the case is
> often that servers and clients are on the same subnet.
>
> Kerberos and authentication, Cups and various others not exactly true but
> simple same subnet routing.
>
> I guess the bridge and another subnet was chosen purely to stop clashes
> with the physical host subnet.
>
>
You mean the default lxcbr0 setup? AFAIK it's there to make beginner's
setup easier, i.e. it would work even if your default connection is
wireless. This is different from xen, where the default used to be to
create the bridge over eth0, thus making the vms appear on the same subnet
as the host. which would not work for wireless.

Of course, you can always change the defaults. Some possibilites (for any
vm environment, including lxc, xen, kvm, etc):
- inter-guest only networking
- guest-to-host only networking
- guests on a dedicated subnet, with NAT to outside world (the default with
lxcbr0/virbr0)
- guests on a dedicated subnet, accessible from outside using host as router
- guests on the same subnet as host
- guests on a different subnet/vlan from host, and directly accessible from
the outside world
etc.

Basically if a network configuration can be implemented using L2 switches
and routers, it should be possible to implement the same configuration in
lxc guest-host setup.



> My mind was mulling over the idea of a samba4, proxy, email... lxc
> containers all running isolated but authenticating via kerb and samba4.
>
> That way I could use a single server and as the system grows its quite
> simple to hop from container to dedicated server.
>

That's easy. Either put guests on the same network as host, or (if you have
control over the network) use vlans and treat the host like an L2 switch.

-- 
Fajar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20130804/53beef42/attachment.html>

More information about the lxc-users mailing list