Tomasz Chmielewski <man...@wpkg.org> writes: > While I can imagine setting up many OpenVPN tunnels between all LXD > servers (LXD1-LXD2, LXD1-LXD3, LXD2-LXD3) and constantly adjusting the > routes as containers are stopped/started/migrated, it's a bit of a > management nightmare. And even more so if the number of LXD servers > grows. > > Hints, discussion?
If you use the same subnet for the container as in your example 10.10.10.0/24 there's no routing nightmare, you have only to setup openvpn in bridge mode and so you'll need only 2 tunnels: LXD1-LXD2 and LXD2-LXD3, obviously if LXD2 will go offline you'll have a problem. If you'll have many containers using the same subnet for all will be impossible so you'll need to managed routing between hosts to be able to reach every container. I'm about to design and deploy similar setup: many LXD hosts running containers that can be started on a hosts and eventually migrated to another host in the same or in a different datacenter. I'm thinking not to use the same subnet for all containers but to use a different subnet for every host, so following your example it will be like the following: LXD1: IP 1.2.3.4, Europe LXD2: IP 2.3.4.5, Asia container1, 10.10.10.10 container4, 10.10.20.10 container2, 10.10.10.11 container5, 10.10.20.11 container3, 10.10.10.12 container6, 10.10.20.12 LXD3: IP 3.4.5.6, US container7, 10.10.30.10 container8, 10.10.30.11 container9, 10.10.30.12 on every hosts a dhcp server is use to dynamically configure network on starting container and, based on container's hostname, to dynamically update dns servers so containers will be always reachable via hostname. Routing problem remains, I'll probably choose to deploy some tunnels between hosts to connect each other, then running an OSPF daemon for dynamic routing management. Ciao, Micky -- The sysadmin has all the answers, expecially "No" _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users