OpenVZ Forum


Home » Mailing lists » Devel » Re: [patch 2/6] [Network namespace] Network device sharing by view
Re: strict isolation of net interfaces [message #4274 is a reply to message #4235] Tue, 04 July 2006 12:29 Go to previous messageGo to next message
Daniel Lezcano is currently offline  Daniel Lezcano
Messages: 417
Registered: June 2006
Senior Member
Andrey Savochkin wrote:
>
> I still can't completely understand your direction of thoughts.
> Could you elaborate on IP address assignment in your diagram, please? For
> example, guest0 wants 127.0.0.1 and 192.168.0.1 addresses on its lo
> interface, and 10.1.1.1 on its eth0 interface.
> Does this diagram assume any local IP addresses on v* interfaces in the
> "host"?
>
> And the second question.
> Are vlo0, veth0, etc. devices supposed to have hard_xmit routines?


Andrey,

some people are interested by a network full isolation/virtualization
like you did with the layer 2 isolation and some other people are
interested by a light network isolation done at the layer 3. This one is
intended to implement "application container" aka "lightweight container".

In the case of a layer 3 isolation, the network interface is not totally
isolated and the debate here is to find a way to have something
intuitive to manage the network devices.

IHMO, all the discussion we had convinced me of the needs to have the
possibility to choose between a layer 2 or a layer 3 isolation.

If it is ok for you, we can collaborate to merge the two solutions in
one. I will focus on layer 3 isolation and you on the layer 2.

Regards

- Daniel
Re: strict isolation of net interfaces [message #4280 is a reply to message #4263] Tue, 04 July 2006 13:19 Go to previous message
Daniel Lezcano is currently offline  Daniel Lezcano
Messages: 417
Registered: June 2006
Senior Member
Sam Vilain wrote:
> Daniel Lezcano wrote:
>
>>If it is ok for you, we can collaborate to merge the two solutions in
>>one. I will focus on layer 3 isolation and you on the layer 2.
>
>
> So, you're writing a LSM module or adapting the BSD Jail LSM, right? :)
>
> Sam.

No. I am adapting a prototype of network application container we did.

-- Daniel
Previous Topic: Re: [Vserver] Re: Container Test Campaign
Next Topic: porting stable patch to higher kernel versions
Goto Forum:
  


Current Time: Sat Oct 25 03:07:29 GMT 2025

Total time taken to generate the page: 0.10577 seconds