[lxc-users] macvlan with tagged vlan
Jinn Ko
lxc-users at mx.ixido.net
Sat Feb 15 15:41:14 UTC 2014
Quoting e (florian.engelmann at gmail.com):
> Hi,
>
> is it possible to use network type macvlan on tagged VLANs?
While I haven't used tagged VLAN's via the macvlan interface, I have
achieved something similar to this using a routing topology. This may
or may not be relevant to your needs.
>From the host perspective there is the external dependency of statically
configured routes or something along the lines of OSPF.
The host's external facing interfaces are configured like this:
eth0 eth1
| |
+--+--+
|
+---------------+----------------+
| |
bond0.100 (public VLAN) bond0 (LAN, untagged)
1.2.3.4/24 10.44.0.4/24
Internally the host has two bridges, one for a public range and one for
a private range.
br0 br1
2.2.3.4/27 10.44.4.1/24
The IP ranges of these interfaces are announced on the relevant bonded
interface via OSPF.
In turn the containers on the host would have two veth interfaces, one
attached to each bridge, and would use the br0 and br1 host IP's as
their gateway.
I found the advantages of this routed structure to be:
1) The bridged interfaces can achieve 300Mbps between containers on
the same host. I've heard this can be improved with OpenVSwitch.
2) It's possible to use IPtables to do accounting or as a firewall
on the hosts.
3) Less ARP and broadcast traffic on the upstream network.
3) Traffic between the host and container is much faster than macvlan in
bridge mode.
4) Configuration is simplified on the host, no need to configure
IPtables for each container created, etc.
5) traceroute will show you the host on which a container resides.
More information about the lxc-users
mailing list