If I am understanding you correctly this just sounds like adding IP
aliases to an interface, or just simply adding a new NIC, and assigning
each address to a network namespace. While it's easy to do and even
easier to secure I don't think it addresses the problem we are trying to
solve - port polyinstantiation - where you can have multiple
applications bound to the same IP/protocol/port with the only difference
being the application's security label.
I'm really not the expert here, but nevertheless according to what I've
heard from at least the PlanetLab guys, we may not need to use nat -
having multiple containers with the same IP address may be possible.
Eric, Andrey, Daniel?
-serge
I think having multiple container with the same IP address is not good.
As far as I see, a container = a host.
If you setup 2 containers with the same IP address, this is the same of
having 2 hosts on the same network with the same IP address.
By the way, having the same IP address for several containers, how will
be possible to do container migration ?
- Daniel
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
