Suno, On Sun, 2010-01-24 at 23:27 +0100, Suno Ano wrote: > Combining forces would be great. I just took a glance at > https://sourceforge.net/projects/lxc-provider/ and the thing that sprung > my eyes are > > - it is a bit Ubuntu focused as it is coded right now > - assumes using a bridge i.e. also lxc.network.type=veth
> So, I am with Debian and in favor of macvlan, also totally annoyed by
> using bridges; I would rather not have to use a bride at all.
I don't want to start a flame war but, honestly, I feel that one follows
the other. I have used Debian (vanilla, Knoppix, and Ubuntu) and even
spun a custom distro based on Knoppix and I am not at all surprised
that, if you are with Debian, you find bridges annoying. I would too.
In my experience I find that, with that inane network subsystem centered
around the interfaces file, anything, outside of very simple networking
and routing, is excruciatingly painful to set up, and I do a LOT of
things that involve very complex network configurations with lots of
bridges and tunnels.
The custom distro that I did was an internal security related
distributed honeypot/honeynet project and the networking on that was my
biggest headache. Since then, that project got shelved and, if I do
another go at it (the bosses are talking about it - sigh...), future
versions will be based on NST, a Fedora based run-live. Because all the
internal communications with that distributed honeynet was purely IPv6
based, it will take half the work the Knoppix based effort was.
I have yet to figure out how to tell my Debian containers to set up
something as simple as an IPv6 autoconfigured interface. Fedora
containers work right OOTB. You would THINK it would be child's play.
But it insists that, if I define an inet6 interface, it either wants
dhcp or static and it doesn't like it if you tell it static and then
don't give it a static address. Leaving it undefined doesn't seem to
help, either. I get a link local address but it still won't autoconf.
I also don't see where the proper routing and structure for IPv6 is
suppose to get set up. IPv6 is up. I see the SIT0 device. But the
IPv6 routing table contains none of the stock IPv6 init scripts
initialization for things like 6to4 routing or local address handling.
Take a look on a Debian system with static IPv6 addresses set up and
look at the v6 routing table with "ip -6 route ls" and you'll see 3 or 4
routes. On a RedHat / Fedora system I've got something like a dozen
routes, most of which are there making sure certain things, like
compatibility addresses, DON'T get routed. I just don't get the feeling
that IPv6 has gotten set up properly.
I just find the whole networking model in Debian to be frustrating. It
is probably the number 1 primary reason why I don't use Debian more and
won't be incorporating it into future projects.
I had some problems with macvlan that may have been kernel rev related,
and I'm going to go back and retest some stuff, where I could ping and
connect to a host container from another physical system but nothing
worked from the host to the container. Bridges on Fedora / RedHat are
trivial to set up, so I took the easy way out. Sorry. I'm a lazy
bastard.
> IMHO first thing on the menu should really be about an API that allows
> to keep things generic enough for all users of lxc.
Oh... On that, I think we can totally agree. I heartily concur.
I'm working on some of my scripts that people are asking me to post.
I'm past the "works for me" stage, with the way I set things up, and
looking at "well, what if they don't want to do things the way I like to
do them". I've almost totally rewritten my initial script for
converting OpenVZ configuration files over to LXC configuration files.
Once I sort out the bloody mess with trying to deal with OpenVZ
${VEID}.mount files and the LXC fstabs, I just might finally get around
to posting it.
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Throughout its 18-year history, RSA Conference consistently attracts the world's best and brightest in the field, creating opportunities for Conference attendees to learn about information security's most important issues through interactions with peers, luminaries and emerging and established companies. http://p.sf.net/sfu/rsaconf-dev2dev
_______________________________________________ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
