Tangentially related story: I have a highly dynamic topology (many VLANs created/destroyed frequently). I use the following structure:
Host = 2 x NICs, joined as 1 x bond0 interface with failover VLANs = bond0 interface linked, negotiated dynamically based upon requirements of hosted containers, appearing as separate interfaces Containers = 1 x tun interface per VLAN, configured separately on the host side and client side with static IP address information determined at the time of container launch (no DHCP, spanning tree through to container, etc.) and iptables rules linking them at layer 3 through to the above VLAN interfaces This setup is experimental but functional. The design evolved for a few reasons: - tun seems the most bug-free/stable/arbitrary network topology portable/fast to set up (ie. actually pass traffic IMMEDIATELY at startup). in my testing i constantly observed delays with bridge-based methods, despite trying many options to avoid them. - tun relies on iptables, a more familiar/better tooled/predictable place to provide network connectivity logic than other routes (IMHO) - in my environment, containers should be essentially external topology naieve, thus DHCP is avoided To achieve this, the critical line in an lxc.conf is the network up script: lxc.network.script.up .. which configures the host-side interface and a container-specific iptables chain containing the guest's network connectivity rules. Stressing that it's working but not polished, the result is actually a pacemaker + corosysnc + failover-capable-bonding + LXC based cluster engine embedded as one part of an alternative to things like docker / orchestration systems that I am hoping my employer agrees for me to release open source. IMHO it's a bit broader-scoped / more mature (especially in terms of service deps, deferring to pacemaker+corosync air traffic control level proven codebases in this case) than most of the alternatives out there. It grew and continues to grow from real needs. - Walter On 7 February 2014 04:32, Serge Hallyn <[email protected]> wrote: > Quoting e ([email protected]): >> Hi, >> >> is it possible to use network type macvlan on tagged VLANs? > > Looks like noone has tried this. If you come up with an answer > please do report back as it'd be interestinng to know. > > -serge > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
