Re: [redhat-lspp] Re: LSPP Development Telecon 06/19/2006 Minutes

[ebiederm xmission com (Eric W. Biederman)]

Daniel Lezcano <dlezcano fr ibm com> writes:

> If I am understanding you correctly this just sounds like adding IP
>
>>>aliases to an interface, or just simply adding a new NIC, and assigning
>>>each address to a network namespace.  While it's easy to do and even
>>>easier to secure I don't think it addresses the problem we are trying to
>>>solve - port polyinstantiation - where you can have multiple
>>>applications bound to the same IP/protocol/port with the only difference
>>>being the application's security label.
>>>
>>>
>>
>>I'm really not the expert here, but nevertheless according to what I've
>>heard from at least the PlanetLab guys, we may not need to use nat -
>>having multiple containers with the same IP address may be possible.
>>
>>Eric, Andrey, Daniel?
>>
>>-serge
>>
>>
>>
> I think having multiple container with the same IP address is not good. As far
> as I see, a container = a host.
> If you setup 2 containers with the same IP address, this is the same of having 2
> hosts on the same network with the same IP address.

It is the same as having 2 hosts with the same IP address.  Only how you set
them up determines if they are on the same network.

> By the way, having the same IP address for several containers, how will be
> possible to do container migration ?

It depends on the circumstances.  In general having several containers with the
same IP address is a bad idea.  But if you have a setup where you can
do it safely there is nothing preventing that setup from working between
machines, so it is neither a positive or a negative from a migration standpoint.

Eric