[redhat-lspp] Re: LSPP Development Telecon 06/19/2006 Minutes
Eric W. Biederman
ebiederm at xmission.com
Mon Jun 26 13:39:53 UTC 2006
Daniel Lezcano <dlezcano at fr.ibm.com> writes:
> If I am understanding you correctly this just sounds like adding IP
>
>>>aliases to an interface, or just simply adding a new NIC, and assigning
>>>each address to a network namespace. While it's easy to do and even
>>>easier to secure I don't think it addresses the problem we are trying to
>>>solve - port polyinstantiation - where you can have multiple
>>>applications bound to the same IP/protocol/port with the only difference
>>>being the application's security label.
>>>
>>>
>>
>>I'm really not the expert here, but nevertheless according to what I've
>>heard from at least the PlanetLab guys, we may not need to use nat -
>>having multiple containers with the same IP address may be possible.
>>
>>Eric, Andrey, Daniel?
>>
>>-serge
>>
>>
>>
> I think having multiple container with the same IP address is not good. As far
> as I see, a container = a host.
> If you setup 2 containers with the same IP address, this is the same of having 2
> hosts on the same network with the same IP address.
It is the same as having 2 hosts with the same IP address. Only how you set
them up determines if they are on the same network.
> By the way, having the same IP address for several containers, how will be
> possible to do container migration ?
It depends on the circumstances. In general having several containers with the
same IP address is a bad idea. But if you have a setup where you can
do it safely there is nothing preventing that setup from working between
machines, so it is neither a positive or a negative from a migration standpoint.
Eric
More information about the redhat-lspp
mailing list