[Users] several nics on the hn

Esmé de Wolf esme at elements.nl
Fri Oct 7 04:23:00 EDT 2011


Hey Daniel,

When you want to use this kind of configuration:

---internal---> 	| hn	|  VEID 1
---NIC 2---->	|	|  VEID 2
---NIC 3---->	|	|  VEID 3

And what you try is, f.e., to have the internal NIC only connecting to the
hn, and NIC 2 to VEID 3 and NIC 3 to VEID 2, then you probably will need to
route and firewall your config if you stick to venet. 

Using a bridged setup would mean the same security implications as using the
setup above (firewalled). So that's not something to worry about. 

If you've any questions, please let us know.

Esmé

-----Oorspronkelijk bericht-----
Van: users-bounces at openvz.org [mailto:users-bounces at openvz.org] Namens
Daniel Bauer
Verzonden: donderdag 6 oktober 2011 22:14
Aan: users at openvz.org
Onderwerp: Re: [Users] several nics on the hn

Hi Esmé,

> What's your setup? You have 1 'internal' NIC with an IP-address and 
> other NIC's without IP-address who you want to connect inside a 
> container, for what purpose?

I've several nets:
1. internal service net, only available from/for the hostnode 2. internal
LAN with intranet services for my users 3. DMZ 4. external IPs

The host node should only be accessible in net 1, I don't want any routing
or firewalling inside the hn, there should be no connection f.e. 
to net 4


> If you use veth you could theoretically set up a bridge with one of 
> those
> devices, that would be easiest in my opinion. But why would you 
> consist on
> venet?

In the mentioned article the are two advantages: security and 
performance


> Probably with a little bit more information we can help you a bit 
> further.


Thanks
Daniel


> -----Oorspronkelijk bericht-----
> Van: users-bounces at openvz.org [mailto:users-bounces at openvz.org] Namens
> Daniel Bauer
> Verzonden: donderdag 6 oktober 2011 15:02
> Aan: users at openvz.org
> Onderwerp: [Users] several nics on the hn
>
> Hello,
>
> I've several nics on the hostnode. Only the internal service nic have 
> an
> internal IP. The other nics are without IPs and connected to different
> internal subnets and public www.
>
> I've read the differences between venet and veth
> http://wiki.openvz.org/Differences_between_venet_and_veth
> and want to use venet, but only venet0 is active in the hn, I think 
> this is
> connected to eth0, but how to access the other nics?
>
> Thanks
> Daniel
>
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://openvz.org/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at openvz.org
> https://openvz.org/mailman/listinfo/users
> 


_______________________________________________
Users mailing list
Users at openvz.org
https://openvz.org/mailman/listinfo/users




More information about the Users mailing list