On Sat, 2013-08-03 at 22:23 +0100, Bretton Woods wrote: > the answer is probably yes. > > > is it possible to create a container without a network bridge that is > on the same subnet as the host?
I believe that is what "macvlan" was suppose to be for but I never had a good experience with it (ongoing host to container issue that may or may not have been resolved in the kernel - I gave up long ago). I generally used bridged, one way or another. > > In fact why do we always create a bridge and another subnet? I don't understand this question. You have two parts which are orthogonal. Quite literally, the only differences between "bridged mode", "nat mode", and "routed mode" is whether the host interface is a member of the bridge and your router/nat configurations. If the host interface is a member of the common bridge, you are in a fully bridged mode and you don't need another subnet and your guests are part of the hosts subnet. If it's not, you're generally (default) assigning a private address to the bridge and using NAT (nat mode) or (very rare) assigning a global unicast IPv4 block to the bridge and using true routing for "routed mode" with static routes on your host. The key to all three modes is that bridge, which acts as an internal etherswitch on the host (some literature even refers to it as a virtual lan). So the "and another subnet" actually only applies to two of those three modes (and routed mode is so rare, I'm tempted to say it doesn't really count). also, If you really REALLY want to get bitching complex, you can use a hybrid mode with IPv4 and IPv6 where IPv4 is routed / nated and IPv6 is bridged directly. Then your IPv4 networking is on separate subnets but your IPv6 routing is on a flat SLA (IPv6 subnet) and managed by the common router and it's RA's (router advertisements). That requires creative use of the mac level firewalling (ebtables) and is not recommended unless you're a real masochistic experimenter like I am. > bretton > > > Just one of those thoughts :) > Interesting thoughts but you have other options. What you are referring to is merely the default. Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
------------------------------------------------------------------------------ Get your SQL database under version control now! Version control is standard for application code, but databases havent caught up. So what steps can you take to put your SQL databases under version control? Why should you start doing it? Read more to find out. http://pubads.g.doubleclick.net/gampad/clk?id=49501711&iu=/4140/ostg.clktrk
_______________________________________________ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
