On 03/29/2017 07:25 PM, Jie Yu wrote:
Thomas,
I think you are confused about the port mapping for NAT purpose, and
the port mapping isolator
<http://mesos.apache.org/documentation/latest/port-mapping-isolator/>.
Those two very different thing. The port mapping isolator (unfortunate
naming), as described in the doc, gives you network namespace per
container without requiring ip per container. No NAT is involved. I
think for you case, you should not use it and it does not work for
DockerContainerizer.
Thanks,
I'm not sure to understand what you say :
- are you talking about the NAT feature of docker in BRIDGE mode ?
- regarding the "port mapping isolator giving network namespace" : what
confuses me is that, given the previous answers, I thought that in that
case, the non-ephemeral port range was *shared* (as a ressource) between
containers, which sounds to me at the opposite of the namespace concept
(as a slightly different example 2 docker container have their own
private 80 port for instance).
What am I missing ?
Thanks
--
TH
