On 08/12/2010 01:05 AM, Nirmal Guhan wrote: > On Wed, Aug 11, 2010 at 11:05 AM, Serge Hallyn > <serge.hal...@canonical.com> wrote: >> Quoting Nirmal Guhan (vavat...@gmail.com): >>> On Wed, Aug 11, 2010 at 5:06 AM, Serge Hallyn >>> <serge.hal...@canonical.com> wrote: >>>> Quoting Nirmal Guhan (vavat...@gmail.com): >>>>> Hi, >>>>> >>>>> Want to know if port numbers are virtualized for containers or do the >>>>> containers and host share the port space ? Please let me know. >>>> >>>> Wrong layer. If the container shares a network namespace with the >>>> host, then it shares its networking. If it has its own network >>>> namespace, then it has its own entire network stack. So no, 'port >>>> space' isn't virtualized.vs.shared, but the network devices are. >>>> >>> Thanks. How do I configure the container to have its own network stack? >> >> I did >> >> cat>> /etc/lxc-basic.conf<< EOF >> lxc.network.type=veth >> lxc.network.link=virbr0 >> lxc.network.flags=up >> EOF >> >> lxc-create -n ubuntu1 -f /etc/lxc-basic.conf -t ubuntu > > Thanks. If I do macvlan, I assume there is no separate network > namespace and hence ports will be shared and otherwise(veth) not ?
If you specify a lxc.network.type=<type>, you will have automatically a new network stack. That means your own interfaces, ip addresses, routes, iptables, ports, etc ... As Serge explained, the network isolation/virtualization acts at the layer2, meaning it *begins* at the layer2, so the upper network layer will be virtualized too. When you have a new network stack, your port numbers will not overlap with the system or the other containers. For example, you can launch several sshd or httpd in different containers without conflicting with the port 22 or 80. If you don't specify lxc.network.type, your container will share the network stack with the host, hence if the host is running sshd, you won't be able to start another sshd in the container because they will conflict on port 22. Answering to your question, if you do lxc.network.type=macvlan, the network stack will be private to your container. -- Daniel ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users