On 08/19/2010 02:33 PM, Sebastien Douche wrote: > On Thu, Aug 12, 2010 at 10:29, Daniel Lezcano<dlezc...@fr.ibm.com> wrote: > >> Answering to your question, if you do lxc.network.type=macvlan, the >> network stack will be private to your container. >> > Hi Daniel, > not sure I understand your response: with macvlan option, you cannot > access to the container from outside?
With the macvlan network configuration (lxc.network.type=macvlan), the container will use a specific network device which is faster and simpler to configure than the veth, but the network traffic won't go to the host or the other containers on the same host. Only direct access to your real network will happen. > What means "private network > stack" ? > From the point of view of the system (the kernel services), the different system resources are splitted and separated into a base brick called a 'namespace'. There are the pid namespace, the network namespace, the ipc namespace, the mount namespace, etc ... When you boot your system (not a container), the loopback and the network devices are created. These are setup by the system by assigning IP addresses. The routes and the route cache, the hash tables for udp, tcp, raw, etc ... port mappings, iptables, etc ... are created and setup by your system (automatically by the kernel) or by userland scripts at boot time. When you create a network namespace, this occurs again giving you a new loopback instances as well as a new route tables, new hash tables for tcp udp. Because these resource mustn't overlap with the system, they are isolated, which means a process running in this namespace can not see the network of another namespace (eg. the host). This is why we say a "private network stack" because it belongs to a set of processes and a process can only have a namespace at a time. As I know I am often not very clear :) I would recommend this document http://lxc.sourceforge.net/doc/sigops/appcr.pdf -- Daniel ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users