[Devel] Re: How do containers tie to multiple IP's on a NIC?

Pavel Labushev p.labushev at gmail.com
Tue Jul 6 08:00:51 PDT 2010 

05.07.2010 22:07, Whit Blauvelt пишет:

> The examples I have found are along the lines of: Here's how to start a
> container, bridge it to a NIC which has a single IP assigned, ssh to it ...
> and the examples stop there. What I'd like to achieve is a setup where, say,
> a box with 6 IPs on an external network - on eth0 before bridging (or its
> alternatives) - can have 5 of those IPs each dedicated to different single
> container.

I have a setup similar to that you describe. It's a bit hackish, but I
like it's transparency and isolation capabilities (so I can leave
CAP_NET_RAW and CAP_NET_ADMIN for containers). It looks like that:

For the host:

host # ip addr add 1.1.128.2/20 dev eth0
host # route add -net default gw 1.1.128.1


For lxc1:

host # cat /etc/lxc/lxc1/config | grep net
lxc.network.type = veth
lxc.network.veth.pair = lxc1_veth0
lxc.network.flags = up

host # arp -Ds 1.1.128.3 eth0 pub
host # arp -Ds 1.1.128.4 eth0 pub
host # arp -Ds 1.1.128.5 eth0 pub
host # arp -Ds 1.1.128.6 eth0 pub

host # sysctl -w net.ipv4.conf.lxc1_veth0.proxy_arp = 1

host # ip addr add 10.0.1.1/24 dev lxc1_veth0

host # route add -host 1.1.128.3 gw 10.0.1.2
host # route add -host 1.1.128.4 gw 10.0.1.2
host # route add -host 1.1.128.5 gw 10.0.1.2
host # route add -host 1.1.128.6 gw 10.0.1.2

lxc1 # ip addr add 10.0.1.2/24 dev lxc1_veth0

lxc1 # ip addr add 1.1.128.3/20 dev eth0
lxc1 # ip addr add 1.1.128.4/20 dev eth0
lxc1 # ip addr add 1.1.128.5/20 dev eth0
lxc1 # ip addr add 1.1.128.6/20 dev eth0

lxc1 # route add -net default gw 1.1.128.1


For lxc2:

host # cat /etc/lxc/lxc2/config | grep net
lxc.network.type = veth
lxc.network.veth.pair = lxc2_veth0
lxc.network.flags = up

host # arp -Ds 1.1.128.7 eth0 pub
host # sysctl -w net.ipv4.conf.lxc2_veth0.proxy_arp = 1
host # ip addr add 10.0.2.1/24 dev lxc2_veth0
host # route add -host 1.1.128.7 gw 10.0.2.2

lxc2 # ip addr add 10.0.2.2/24 dev eth0
lxc2 # ip addr add 1.1.128.7/20 dev eth0
lxc2 # route add -net default gw 1.1.128.1


Hope it helps. Btw, I use custom udev scripts to do the host part, and
stock init scripts inside the containers to do the lxc part.
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers

More information about the Devel mailing list