The network infrastructure can be divided between different OpenVZ containers using several methods depending upon which type of network configuration you prefer for your containers. By default, all containers share the host’s IP address but isolation or separate networking can be achieved through different methods:
1. Bridge Networking: In this networking mode, each container appears as a separate node in the network. Each container gets its unique IP address and MAC address. However, management is quite complex compared to other methods. You could use this method if you want full network functionality for your containers just like separate physical machines.
1. NAT Networking: In this mode, the container’s IP address is translated to the host’s IP address using network address translation (NAT). This is ideal if you want to conserve IP addresses and are happy to allow the containers to share the host’s IP address.
1. Host-Only Networking: Just as the name suggests, in this mode, the OpenVZ container can only communicate with the host system, not any other system in the network.
Here’s a guide on how to do basic division of network infrastructure:
1. Create a `veth` (Virtual Ethernet) for each container.
2. Assign a unique IP address to each `veth`.
3. Use the `vzctl set` command to assign the `veth` to a container. For example, `vzctl set 101 —netif_add eth0 —save`.
4. Assign an IP to the container’s interface, for example, `vzctl set 101 —ipadd 192.168.1.2 —save`.
It is recommended to use tools like `iptables`, `ebtables` or `firewalld` to enforce additional security and isolation among containers.
