[Devel] Re: container-to-host virtual or loopback kind of interface support
Elwin Stelzer Eliazer
stelzere at gmail.com
Thu Apr 9 16:28:02 PDT 2009
On Thu, Apr 9, 2009 at 12:14 PM, Serge E. Hallyn <serue at us.ibm.com> wrote:
> Quoting Elwin Stelzer Eliazer (stelzere at gmail.com):
> >
> > On Apr 9, 2009, at 6:57 AM, "Serge E. Hallyn" <serue at us.ibm.com> wrote:
> >
> >> Quoting Elwin Stelzer Eliazer (stelzere at gmail.com):
> >>> Hi,
> >>>
> >>> I am trying to use network namespace for virtualizing some socket
> >>> applications i already have.
> >>> These applications interact with Apache through 'lo' 127.0.0.1:nnn
> >>> sockets
> >>> now.
> >>> When i virtualize, i do not want to run Apache inside the container,
> >>> and has
> >>> to be outside.
> >>> I can not use any non-127.x.x.x IP address for this purpose, or have
> >>> any
> >>> separate "host-only" kind of internal network.
> >>> I would appreciate if someone can let me know the options i have to
> >>> accomplish this, with network namespace, and 2.6.29 or 2.6.30.
> >>
> >> So to be clear, what you want is to have an application in a separate
> >> network namespace from apache, but talking over a shared loopback?
> >>
> >
> > Yes. But I am not very specific about the loopback.
> >
> >> Can you use a veth tunnel pair? You don't have to tie them to a
> >> bridge so the socket app won't be on the public net.
> >>
> >> -serge
> >
> > Yes I can do without the bridge. But what IP address for the veth? Can
> > it be a 127.x.x.x? My solution cannot have a regular public or private
> > ip that can interfere with external network. The reason I mentioned
> > bridge was it will reduce the ip subnet needed to one. If you can
> > suggest a solution that leverages 127.x.x.x it will be useful.
>
> Actually is there any reason you can't use a unix socket?
>
> -serge
>
Apache listens on IP sockets.
I am proceeding with a solution having a process outside container that will
relay IPC messages to the network space sockets outside the container into
127.x.x.x.
I have another question on netfilter/iptables under namespace; will post it
on a separate thread.
Thanks for your answers.
cheers,
Elwin.
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list