Daniel Lezcano <[EMAIL PROTECTED]> writes: > If I am understanding you correctly this just sounds like adding IP > >>>aliases to an interface, or just simply adding a new NIC, and assigning >>>each address to a network namespace. While it's easy to do and even >>>easier to secure I don't think it addresses the problem we are trying to >>>solve - port polyinstantiation - where you can have multiple >>>applications bound to the same IP/protocol/port with the only difference >>>being the application's security label. >>> >>> >> >>I'm really not the expert here, but nevertheless according to what I've >>heard from at least the PlanetLab guys, we may not need to use nat - >>having multiple containers with the same IP address may be possible. >> >>Eric, Andrey, Daniel? >> >>-serge >> >> >> > I think having multiple container with the same IP address is not good. As far > as I see, a container = a host. > If you setup 2 containers with the same IP address, this is the same of > having 2 > hosts on the same network with the same IP address.
It is the same as having 2 hosts with the same IP address. Only how you set them up determines if they are on the same network. > By the way, having the same IP address for several containers, how will be > possible to do container migration ? It depends on the circumstances. In general having several containers with the same IP address is a bad idea. But if you have a setup where you can do it safely there is nothing preventing that setup from working between machines, so it is neither a positive or a negative from a migration standpoint. Eric -- redhat-lspp mailing list [email protected] https://www.redhat.com/mailman/listinfo/redhat-lspp
