<p dir="ltr">LXC allows the creation of tun/tap devices, because it supports namespaces in the network stack. I don't know if the packet filter is namespace aware yet, though. Would be an interesting thing to discover, actually. </p>
<p dir="ltr">Mike Warfield, do you have the answer, perchance? You're still active with LXC, yes? </p>
<div class="gmail_quote">On Apr 18, 2013 12:46 PM, "David Tomaschik" <<a href="mailto:david@systemoverlord.com">david@systemoverlord.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">On Thu, Apr 18, 2013 at 8:55 AM, Michael B. Trausch <span dir="ltr"><<a href="mailto:mbt@naunetcorp.com" target="_blank">mbt@naunetcorp.com</a>></span> wrote:<br><div class="gmail_extra"><div class="gmail_quote">
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>On 04/18/2013 01:50 AM, Wolf Halton wrote:<br>
><br>
> I have been testing openvz servers for over a year. Work well for<br>
> simple web services like drupal and less well for i/o-heavy apps like<br>
> evergreen-ils.<br>
><br>
</div>It also stinks for applications in networking, since the user doesn't<br>
(at least the last time I used it) get a dedicated networking stack.<br>
<br>
LXC provides a networking stack through the use of a network device<br>
namespace for containers, and Xen/KVM simply emulate a full Ethernet<br>
card, usually attached to a software bridge.<br>
<br>
I tried to use OpenVZ a long time ago because the management interface<br>
on the setup I was working with wasn't bad, but then when I realized<br>
that I couldn't bring in my IPv6 through a router running as a guest<br>
there...<br>
<br>
— Mike<br></blockquote><div><br></div><div>Oh yeah, I'd forgotten those details: with OpenVZ (and probably LXC?) you can't configure iptables, as you're sharing a kernel. You also can't use tun/tap interfaces, for the reasons Michael mentioned -- which means you can't run an OpenVPN server, for example.</div>
</div><div class="gmail_extra"><br></div>I've been using Xen or KVM VMs for so long that I forgot how much I dislike OpenVZ. OpenVZ probably works well enough for some use cases for users who have control of the host (i.e., not VPSs.)<br>
<br clear="all"><div><br></div>-- <br>David Tomaschik<br>OpenPGP: 0x5DEA789B<br><a href="http://systemoverlord.com" target="_blank">http://systemoverlord.com</a><br><a href="mailto:david@systemoverlord.com" target="_blank">david@systemoverlord.com</a>
</div></div>
<br>_______________________________________________<br>
Ale mailing list<br>
<a href="mailto:Ale@ale.org">Ale@ale.org</a><br>
<a href="http://mail.ale.org/mailman/listinfo/ale" target="_blank">http://mail.ale.org/mailman/listinfo/ale</a><br>
See JOBS, ANNOUNCE and SCHOOLS lists at<br>
<a href="http://mail.ale.org/mailman/listinfo" target="_blank">http://mail.ale.org/mailman/listinfo</a><br>
<br></blockquote></div>