Multiple hosts: networking and venet [message #48263] |
Wed, 10 October 2012 09:28 |
Gerry
Messages: 1 Registered: October 2012
|
Junior Member |
|
|
I'm using Proxmox, but I don't think that really matters since this should apply to other OpenVZ setups as well. Also, I've asked my question there as well but no one seems to be able to help me out. :/
My situation is the following: I have multiple OpenVZ hosts, each hosting a few containers. In Proxmox terms, they work together as a cluster and I can migrate containers from one host to the other without issues. Each host has a few network interfaces, the most important ones being the ones for the internal LAN (private IP space) and the external connection (public IP space). Only the interfaces on the internal LAN have IP's assigned to them, the external ones are used to bridge the veth interfaces and have no IP assigned to them.
Up until now I have been using veth interfaces in my containers since they all are under my control. Now however, I'm facing the "issue" where I have to set up a container for someone I don't trust. As such, venet seems to be a better option. The machine needs to have an external IP, but if I assign an external IP to this container, it doesn't work.
The reason why it doesn't is obvious, since venet uses the host's routing table and the host has no IP in the external network range, it doesn't know what to do with the packets.
The solution would be easy, just assign an IP in the external range on each host and be done with it. But this doesn't seem like a good solution to me, I'd like to be conservative about my IPv4 usage, so I hope there is another solution.
Does anyone have any pointers as to what I should look into? I'm a bit lost now. :/
|
|
|