Multi tenancy setup by Tinc?

Bright Zhao startryst at gmail.com
Wed May 3 08:35:08 CEST 2017


Hi, Guus

The use case the shared default gateway for multi-tenant, if that the case the node who own the default gateway will have problem to route with different tenant who has overlapped address scope? Is it true when no any other tools like the namespaces?

(tenant1)\
(tenant2)——common node—— shared gw node—— Internet
(tenant3)/

But if the each tenant have it’s dedicate default gateway, but the path from the tenant node to the default gateway node will be shared by some common tinc node, then the netname of tinc can handle this, right? I think the common tinc node is not handle physical to vpn, it’s only vpn relay.

(tenant1)\                                    /gw for tenant1——Internet
(tenant2)——common node—— gw for tenant2—— Internet
(tenant3)/                                    \gw for tenant3—— Internet


> On 3 May 2017, at 12:40 AM, Guus Sliepen <guus at tinc-vpn.org> wrote:
> 
> On Tue, May 02, 2017 at 08:46:45PM +0800, Bright Zhao wrote:
> 
>> For use case of multi-tenancy use case, should I use multiple netnames (/etc/tinc/tenant1, /etc/tinc/tenant2/, etc.) for the network, so that even different tenant have overlapped network address will be possible to work in the same physical host? or can not?
> 
> If you have multiple netnames, then you can have overlapping network
> addresses all you like as far as tinc is concerned. However, if you want
> the physical host to also be able to communicate with the other nodes of
> each tennant, then you might have a problem. You could use network
> namespaces or other forms of containers to keep the networks separate
> for your kernel.
> 
> -- 
> Met vriendelijke groet / with kind regards,
>     Guus Sliepen <guus at tinc-vpn.org>
> _______________________________________________
> tinc mailing list
> tinc at tinc-vpn.org
> https://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc



More information about the tinc mailing list