[lxc-users] macvlan with tagged vlan

Ranjib Dey dey.ranjib at gmail.com
Thu Feb 13 06:00:45 UTC 2014 

that sounds very exciting! drop a line in the mailing list if you do
opensource some bits. Im trying out similar stuff but the HA layer is done
by L7 tools (mostly due to limitations imposed by public clouds and
latencies), also the tooling setup (including container management) is done
using chef.




On Wed, Feb 12, 2014 at 9:47 PM, Walter
<walter.stanish+lxc-users at gmail.com>wrote:

> Tangentially related story: I have a highly dynamic topology (many
> VLANs created/destroyed frequently). I use the following structure:
>
> Host = 2 x NICs, joined as 1 x bond0 interface with failover
> VLANs = bond0 interface linked, negotiated dynamically based upon
> requirements of hosted containers, appearing as separate interfaces
> Containers = 1 x tun interface per VLAN, configured separately on the
> host side and client side with static IP address information
> determined at the time of container launch (no DHCP, spanning tree
> through to container, etc.) and iptables rules linking them at layer 3
> through to the above VLAN interfaces
>
> This setup is experimental but functional. The design evolved for a few
> reasons:
>  - tun seems the most bug-free/stable/arbitrary network topology
> portable/fast to set up (ie. actually pass traffic IMMEDIATELY at
> startup). in my testing i constantly observed delays with bridge-based
> methods, despite trying many options to avoid them.
>  - tun relies on iptables, a more familiar/better tooled/predictable
> place to provide network connectivity logic than other routes (IMHO)
>  - in my environment, containers should be essentially external
> topology naieve, thus DHCP is avoided
>
> To achieve this, the critical line in an lxc.conf is the network up
> script: lxc.network.script.up .. which configures the host-side
> interface and a container-specific iptables chain containing the
> guest's network connectivity rules.
>
> Stressing that it's working but not polished, the result is actually a
> pacemaker + corosysnc + failover-capable-bonding + LXC based cluster
> engine embedded as one part of an alternative to things like docker /
> orchestration systems that I am hoping my employer agrees for me to
> release open source. IMHO it's a bit broader-scoped / more mature
> (especially in terms of service deps, deferring to pacemaker+corosync
> air traffic control level proven codebases in this case) than most of
> the alternatives out there. It grew and continues to grow from real
> needs.
>
> - Walter
>
> On 7 February 2014 04:32, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> > Quoting e (florian.engelmann at gmail.com):
> >> Hi,
> >>
> >> is it possible to use network type macvlan on tagged VLANs?
> >
> > Looks like noone has tried this.  If you come up with an answer
> > please do report back as it'd be interestinng to know.
> >
> > -serge
> > _______________________________________________
> > lxc-users mailing list
> > lxc-users at lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-users
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20140212/865b9658/attachment.html>

More information about the lxc-users mailing list