Firstly, am just starting to look at LXC as a possible migration from
OpenSolaris, so excuse me if question is obvious.
Reading what I have found so far, it seems clear that with a bridged
interface on the global side, the Containers can all have separate
network info (different IPs, subnets) and so on. The question I have is
can each container run an independent, totally isolated IP stack (like
OpenSolaris Crossbow) including completely separate routing tables and
IPSec configurations?
The problem I'm investigating is that I currently have two Zones in
Solaris, call them Z1 (10.1.1.1/24) and Z2 (10.1.2.1/24). These then
talk to customer networks via IPSec; call them Customer1 and Customer2.
The "fun" part is the Customer networking: Customer1 uses 192.168.1.0/24
as their internal range (ie. "behind" the VPN tunnel, my IPSec emerges
on 192.168.1.252), and Customer2 uses 192.168.0.0/16 as their internal
range. So, overlapping ranges. Z1 talks to Customer1, Z2 talks to
Customer2, it is critical they cannot "see" each other. Crossbow is
doing it just fine; can LXC do the same thing?
If LXC can do it, are there any gotcha's or suggestions as to the best
choice for IPSec setup / configuration?#
Thanks!
Andy
------------------------------------------------------------------------------
The Palm PDK Hot Apps Program offers developers who use the
Plug-In Development Kit to bring their C/C++ apps to Palm for a share
of $1 Million in cash or HP Products. Visit us here for more details:
http://p.sf.net/sfu/dev2dev-palm
_______________________________________________
Lxc-users mailing list
Lxc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-users
