container-to-host virtual or loopback kind of interface support
Elwin Stelzer Eliazer
stelzere at gmail.com
Sun Apr 26 01:08:14 PDT 2009
Thank you for your response.
Let me explain my requirements more, and in this context, i would like to
know your response.
A reverse web and applications proxy is the user space application that we
are virtualizing using network namespace and LXC.
Local apache server and other apps are accessed through several sockets on
127.0.0.1 now and this has to be virtualized.
The proxy under each LXC must handle hundreds of proxied sessions.
The socket connections to local web and other apps server are dynamic, and
corresponds to the dynamic external proxy sessions, and these can not be
created upfront.
I posted two other questions also, for which i never got a response from
this list.
1. Can i have netfilter/iptables rules corresponding to each container, that
has overlapping IP address space? In other words, are netfilter/iptables
rules handling virtualized as part of network namespace. Some preliminary
tests seem to work. How do i know the development or proper release status
on this feature?
2. Can the /dev/tun based PPP interface be part of a container? Like veth or
macvlan what is the type for this?
Looking forwards for your suggestions and the options i have for these needs
using LXC/namespace, as of 2.6.29. Do you still think i can avoid the relay
daemon?
Your clear answers on these will be appreciated.
Thanks in advance.
regards,
Elwin.
On Sat, Apr 25, 2009 at 11:51 AM, Eric W. Biederman
<ebiederm at xmission.com>wrote:
> Elwin Stelzer Eliazer <stelzere at gmail.com> writes:
>
> > Can you explain your answer more on what you refer as "pass in the
> socket"?
> > To my understanding, apache listens only on TCP/IP sockets.
>
> I don't know your entire workflow, and I wasn't talking about modifying
> apache.
>
> However it is possible to pass sockets between network namespaces if you
> do the proper things when you set them up at the beginning. So instead
> of a relay daemon you could open the socket you will use to talk to
> apache and pass it to your application, over a unix domain socket,
> or if you can possible at the creation of the network namespace.
>
> Eric
>
More information about the Containers
mailing list