OpenVZ Forum


Home » Mailing lists » Devel » Re: Re: Network virtualization/isolation
Re: Re: Network virtualization/isolation [message #16887 is a reply to message #16881] Sat, 09 December 2006 11:27 Go to previous messageGo to next message
Tomasz Torcz is currently offline  Tomasz Torcz
Messages: 1
Registered: December 2006
Junior Member
On Sat, Dec 09, 2006 at 04:50:02AM +0100, Herbert Poetzl wrote:
> On Fri, Dec 08, 2006 at 12:57:49PM -0700, Eric W. Biederman wrote:
> > Herbert Poetzl <herbert@13thfloor.at> writes:
> > 
> > >> But, ok, it is not the real point to argue so much imho 
> > >> and waste our time instead of doing things.
> 
> > > well, IMHO better talk (and think) first, then implement
> > > something ... not the other way round, and then start
> > > fixing up the mess ...
> > 
> > Well we need a bit of both.
> 
> hmm, are 'we' in a hurry here?
> 
> until recently, 'Linux' (mainline) didn't even want
> to hear about OS Level virtualization, now there
> is a rush to quickly get 'something' in, not knowing
> or caring if it is usable at all?

  Maybe beacuse other Operating Systems have it? For example Solaris'
Crossbow...


-- 
Tomasz Torcz               RIP is irrevelant. Spoofing is futile.
zdzichu@irc.-nie.spam-.pl     Your routes will be aggreggated. -- Alex Yuriev


_______________________________________________
Containers mailing list
Containers@lists.osdl.org
https://lists.osdl.org/mailman/listinfo/containers
Re: Re: Network virtualization/isolation [message #16888 is a reply to message #16887] Sat, 09 December 2006 19:04 Go to previous messageGo to next message
Herbert Poetzl is currently offline  Herbert Poetzl
Messages: 239
Registered: February 2006
Senior Member
On Sat, Dec 09, 2006 at 12:27:34PM +0100, Tomasz Torcz wrote:
> On Sat, Dec 09, 2006 at 04:50:02AM +0100, Herbert Poetzl wrote:
> > On Fri, Dec 08, 2006 at 12:57:49PM -0700, Eric W. Biederman wrote:
> > > Herbert Poetzl <herbert@13thfloor.at> writes:
> > > 
> > > >> But, ok, it is not the real point to argue so much imho 
> > > >> and waste our time instead of doing things.
> > 
> > > > well, IMHO better talk (and think) first, then implement
> > > > something ... not the other way round, and then start
> > > > fixing up the mess ...
> > > 
> > > Well we need a bit of both.
> > 
> > hmm, are 'we' in a hurry here?
> > 
> > until recently, 'Linux' (mainline) didn't even want
> > to hear about OS Level virtualization, now there
> > is a rush to quickly get 'something' in, not knowing
> > or caring if it is usable at all?
> 
> Maybe beacuse other Operating Systems have it? 

well, that wasn't a good enough reason four years 
ago, when Linux-VServer tried to push a 'jail'
implementation into mainline (was called security
contexts back then, and maintained by Jacques Gelinas)

> For example Solaris' Crossbow...

yes, but the technology isn't really new, not even
on Linux and not even in the Open Source community

but don't get me wrong here, I'm absolutely for
having virtualization (or virtualization elements)
in mainline, I just don't want to see a Q&D hack
'we' have to suffer from the next two years :)

HTC,
Herbert

> -- 
> Tomasz Torcz               RIP is irrevelant. Spoofing is futile.
> zdzichu@irc.-nie.spam-.pl     Your routes will be aggreggated. -- Alex Yuriev
> 


_______________________________________________
Containers mailing list
Containers@lists.osdl.org
https://lists.osdl.org/mailman/listinfo/containers
Re: Re: Network virtualization/isolation [message #16889 is a reply to message #16885] Sat, 09 December 2006 21:18 Go to previous messageGo to next message
Mishin Dmitry is currently offline  Mishin Dmitry
Messages: 112
Registered: February 2006
Senior Member
On Saturday 09 December 2006 09:35, Herbert Poetzl wrote:
> On Fri, Dec 08, 2006 at 10:13:48PM -0800, Andrew Morton wrote:
> > On Sat, 9 Dec 2006 04:50:02 +0100
> > Herbert Poetzl <herbert@13thfloor.at> wrote:
> > 
> > > On Fri, Dec 08, 2006 at 12:57:49PM -0700, Eric W. Biederman wrote:
> > > > Herbert Poetzl <herbert@13thfloor.at> writes:
> > > > 
> > > > >> But, ok, it is not the real point to argue so much imho 
> > > > >> and waste our time instead of doing things.
> > > 
> > > > > well, IMHO better talk (and think) first, then implement
> > > > > something ... not the other way round, and then start
> > > > > fixing up the mess ...
> > > > 
> > > > Well we need a bit of both.
> > > 
> > > hmm, are 'we' in a hurry here?
> > > 
> > > until recently, 'Linux' (mainline) didn't even want
> > > to hear about OS Level virtualization, now there
> > > is a rush to quickly get 'something' in, not knowing
> > > or caring if it is usable at all?
> > 
> > It's actually happening quite gradually and carefully.
> 
> hmm, I must have missed a testing phase for the
> IPC namespace then, not that I think it is broken
> (well, maybe it is, we do not know yet)
Herbert,

you know that this code is used in our product. And in its turn, our
product is tested internally and by a community. We have no reports about
bugs in this code. If you have to say more than just "something to say",
please, say it.

> 
> > > I think there are a lot of 'potential users' for
> > > this kind of virtualization, and so 'we' can test
> > > almost all aspects outside of mainline, and once
> > > we know the stuff works as expected, then we can
> > > integrate it ...
> > > 
> > > the UTS namespace was something 'we all' had already
> > > implemented in this (or a very similar) way, and in
> > > one or two interations, it should actually work as 
> > > expected. nevertheless, it was one of the simplest
> > > spaces ...
> > > 
> > > we do not yet know the details for the IPC namespace,
> > > as IPC is not that easy to check as UTS, and 'we'
> > > haven't gotten real world feedback on that yet ...
> > 
> > We are very dependent upon all stakeholders including yourself 
> > to review, test and comment upon this infrastructure as it is 
> > proposed and merged. If something is proposed which will not 
> > suit your requirements then it is important that we hear about 
> > it, in detail, at the earliest possible time.
> 
> okay, good to hear that I'm still considered a stakeholder 
> 
> will try to focus the feedback and cc as many folks
> as possible, as it seems that some feedback is lost
> on the way upstream ...
> 
> best,
> Herbert
> 
> > Thanks.
> 

-- 
Thanks,
Dmitry.
_______________________________________________
Containers mailing list
Containers@lists.osdl.org
https://lists.osdl.org/mailman/listinfo/containers
Re: Re: Network virtualization/isolation [message #16890 is a reply to message #16885] Sat, 09 December 2006 22:34 Go to previous messageGo to next message
kir is currently offline  kir
Messages: 1645
Registered: August 2005
Location: Moscow, Russia
Senior Member

Herbert Poetzl wrote:
> On Fri, Dec 08, 2006 at 10:13:48PM -0800, Andrew Morton wrote:
>   
>>
>> It's actually happening quite gradually and carefully.
>>     
>
> hmm, I must have missed a testing phase for the
> IPC namespace then, not that I think it is broken
> (well, maybe it is, we do not know yet)
>
>   
You have announced at LKML that Linux-VServer now uses the stuff that 
was merged in 2.6.19-rc1, haven't you? I suppose that means you are 
using IPC namespaces from mainstream? Isn't that considered testing? Or 
you don't test Linux-VServer? Please clarify, I'm a bit lost here.

Speaking of OpenVZ, as Kirill Korotaev said before we have backported 
all that to 2.6.18 back in September and are using it since then. And 
yes, we found a bug in IPC namespaces, and fix from Pavel Emelyanov has 
made it to 2.6.19-rc5 (see commit 
c7e12b838989b0e432c7a1cdf1e6c6fd936007f6 to linux-2.6-git).

_______________________________________________
Containers mailing list
Containers@lists.osdl.org
https://lists.osdl.org/mailman/listinfo/containers
Re: Re: Network virtualization/isolation [message #16891 is a reply to message #16890] Sun, 10 December 2006 02:21 Go to previous message
Herbert Poetzl is currently offline  Herbert Poetzl
Messages: 239
Registered: February 2006
Senior Member
On Sun, Dec 10, 2006 at 01:34:14AM +0300, Kir Kolyshkin wrote:
> Herbert Poetzl wrote:
> >On Fri, Dec 08, 2006 at 10:13:48PM -0800, Andrew Morton wrote:
> >  
> >>
> >>It's actually happening quite gradually and carefully.
> >>    
> >
> >hmm, I must have missed a testing phase for the
> >IPC namespace then, not that I think it is broken
> >(well, maybe it is, we do not know yet)
> >

> You have announced at LKML that Linux-VServer now uses the 
> stuff that was merged in 2.6.19-rc1, haven't you? 

yes, correct, and we already fixed several issues
the changes caused, both in handling as well as
functionality

> I suppose that means you are  using IPC namespaces from 
> mainstream? 

yes, we do 

> Isn't that considered testing? 

of course it is testing, but it is already in
mainstream, and for my part, I wasn't able to
provide feedback from testing yet ...

> Or you don't test Linux-VServer?

we do the same testing you folks do IIRC
(i.e. some secret test procedure which takes
roughly a week or so, after which we can tell
that everything works as expected :)

> Please clarify, I'm a bit lost here.


> Speaking of OpenVZ, as Kirill Korotaev said before we have 
> backported all that to 2.6.18 back in September 

nice, but what relevance has that for 2.6.19?

> and are using it since then.

cool, how much feedback regarding IPC did you get
since then?

> And yes, we found a bug in IPC namespaces, and fix from 
> Pavel Emelyanov has made it to 2.6.19-rc5 (see commit 
> c7e12b838989b0e432c7a1cdf1e6c6fd936007f6 to linux-2.6-git).

it's good that some bugs have been found, but
of what relevance is that for testing mainline
patches?

 - typical linux users will only excercise a 
   small fraction of the new code, if at all
 - virtualization solutions like OpenVZ and
   Linux-VServer add their custom modifications
   and/or adjustments, and serve a much smaller
   userbase
 - I haven't seen any test suites or similar
   for the spaces

so it all boils down to waiting for somebody to
stumble over an issue, which then will get fixed
just that the number of folks testing that is
quite small compared to 'other' mainline pathes

anyway, originally I was just answering to an
email pushing for 'fast' inclusion, which I do
not consider a good idea (as I already stated)

best,
Herbert

_______________________________________________
Containers mailing list
Containers@lists.osdl.org
https://lists.osdl.org/mailman/listinfo/containers
Previous Topic: [PATCH 2/12] L2 network namespace: network devices virtualization
Next Topic: Re: [patch 05/20] [Network namespace] Add NS_NET3 to NS_ALL.
Goto Forum:
  


Current Time: Sat Oct 25 17:57:45 GMT 2025

Total time taken to generate the page: 0.14898 seconds