Hi, I'm trying to setup an environment with multiple containers, each in a separate VLAN but running on the same HN (which will in turn be in a different VLAN for it's management traffic on eth0; eth1 eth2 and eth3 will all be VLAN trunks). There may be other containers on other HNs in the same VLANs, but they will be on the same switch and subnet (we're allocating one subnet per VLAN, not per HN or per container).
The wiki page on venet vs veth says that venet is less secure and lower performance than venet; what I was going to configure was veth per container, and then put the HN-side of the veth into the relevant VLAN using for example (HN/CT0 is running Debian Etch) iface vlan201 inet static address X.Y.Z.2 netmask 255.255.255.224 gateway X.Y.Z.1 vlan_raw_device veth201.0 (the gateway address is VLAN201 on the Ethernet switch, which is already configured) Three questions: a) am I missing something obvious and there's an easier way to do this? b) is there a way to use venet not veth, or is the performance hit negligible? c) Given the switch is isolating VLANs, and all that the HN is doing is trunking from veth's to the switch, is a bridge needed? The only thing left to setup - other than those queries - is to make sure the veth's are brought up before the VLAN interfaces (so that when VLANs come up, the vlan_raw_devices vethXXX already exist); does anyone know if actually I can config the vlan_raw_device as vethXXX anyway and define the veth's as hotplug devices? Or is that not necessary? Thanks in advance, Andy
_______________________________________________ Users mailing list [email protected] https://openvz.org/mailman/listinfo/users
