OpenVZ Forum: Devel » [RFC] network namespaces

Home » Mailing lists » Devel » [RFC] network namespaces

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: [RFC] network namespaces [message #5915 is a reply to message #5177]

Tue, 05 September 2006 13:34

Daniel Lezcano
Messages: 417
Registered: June 2006

Senior Member

Hi all,

>> This complete separation of namespaces is very useful for at least two
>> purposes:
>> - allowing users to create and manage by their own various tunnels and
>> VPNs, and
>> - enabling easier and more straightforward live migration of groups of
>> processes with their environment.
>
>
> I conceptually prefer this approach, but I seem to recall there were
> actual problems in using this for checkpoint/restart of lightweight
> (application) containers. Performance aside, are there any reasons why
> this approach would be problematic for c/r?

I agree with this approach too, separated namespaces is the best way to
identify the network ressources for a specific container.

> I'm afraid Daniel may be on vacation, and don't know who else other than
> Eric might have thoughts on this.

Yes, I was in "vacation", but I am back :)

>>2. People expressed concerns that complete separation of namespaces
>> may introduce an undesired overhead in certain usage scenarios.
>> The overhead comes from packets traversing input path, then output path,
>> then input path again in the destination namespace if root namespace
>> acts as a router.

Yes, performance is probably one issue.

My concerns was for layer 2 / layer 3 virtualization. I agree a layer 2
isolation/virtualization is the best for the "system container".
But there is another family of container called "application container",
it is not a system which is run inside a container but only the
application. If you want to run a oracle database inside a container,
you can run it inside an application container without launching <init>
and all the services.

This family of containers are used too for HPC (high performance
computing) and for distributed checkpoint/restart. The cluster runs
hundred of jobs, spawning them on different hosts inside an application
container. Usually the jobs communicates with broadcast and multicast.
Application containers does not care of having different MAC address and
rely on a layer 3 approach.

Are application containers comfortable with a layer 2 virtualization ? I
don't think so, because several jobs running inside the same host
communicate via broadcast/multicast between them and between other jobs
running on different hosts. The IP consumption is a problem too: 1
container == 2 IP (one for the root namespace/ one for the container),
multiplicated with the number of jobs. Furthermore, lot of jobs == lot
of virtual devices.

However, after a discussion with Kirill at the OLS, it appears we can
merge the layer 2 and 3 approaches if the level of network
virtualization is tunable and we can choose layer 2 or layer 3 when
doing the "unshare". The determination of the namespace for the incoming
traffic can be done with an specific iptable module as a first step.
While looking at the network namespace patches, it appears that the
TCP/UDP part is **very** similar at what is needed for a layer 3 approach.

Any thoughts ?

Daniel

Report message to a moderator

[Message index]

		[RFC] network namespaces By: Andrey Savochkin on Tue, 15 August 2006 14:20
		[PATCH 1/9] network namespaces: core and device list By: Andrey Savochkin on Tue, 15 August 2006 14:48
		Re: [PATCH 1/9] network namespaces: core and device list By: Dave Hansen on Wed, 16 August 2006 14:46
		Re: [PATCH 1/9] network namespaces: core and device list By: Stephen Hemminger on Wed, 16 August 2006 16:45
		[PATCH 2/9] network namespaces: IPv4 routing By: Andrey Savochkin on Tue, 15 August 2006 14:48
		[PATCH 6/9] allow proc_dir_entries to have destructor By: Andrey Savochkin on Tue, 15 August 2006 14:48
		[PATCH 5/9] network namespaces: async socket operations By: Andrey Savochkin on Tue, 15 August 2006 14:48
		Re: [PATCH 5/9] network namespaces: async socket operations By: Daniel Lezcano on Fri, 22 September 2006 15:33
		Re: [PATCH 5/9] network namespaces: async socket operations By: Andrey Savochkin on Sat, 23 September 2006 13:16
		[PATCH 7/9] net_device seq_file By: Andrey Savochkin on Tue, 15 August 2006 14:48
		[PATCH 8/9] network namespaces: device to pass packets between namespaces By: Andrey Savochkin on Tue, 15 August 2006 14:48
		[PATCH 4/9] network namespaces: socket hashes By: Andrey Savochkin on Tue, 15 August 2006 14:48
		Re: [PATCH 4/9] network namespaces: socket hashes By: Daniel Lezcano on Mon, 18 September 2006 15:12
		Re: [PATCH 4/9] network namespaces: socket hashes By: Andrey Savochkin on Wed, 20 September 2006 16:32
		Re: [PATCH 4/9] network namespaces: socket hashes By: Daniel Lezcano on Thu, 21 September 2006 12:34
		[PATCH 9/9] network namespaces: playing with pass-through device By: Andrey Savochkin on Tue, 15 August 2006 14:48
		Re: [RFC] network namespaces By: serue on Wed, 16 August 2006 11:53
		Re: [RFC] network namespaces By: Alexey Kuznetsov on Wed, 16 August 2006 15:12
		Re: [RFC] network namespaces By: ebiederm on Wed, 16 August 2006 17:35
		Re: [RFC] network namespaces By: dev on Thu, 17 August 2006 08:28
		Re: [RFC] network namespaces By: Daniel Lezcano on Tue, 05 September 2006 13:34
		Re: [RFC] network namespaces By: ebiederm on Tue, 05 September 2006 14:45
		Re: [RFC] network namespaces By: Herbert Poetzl on Tue, 05 September 2006 16:53
		Re: [RFC] network namespaces By: Daniel Lezcano on Wed, 06 September 2006 09:10
		Re: [RFC] network namespaces By: Herbert Poetzl on Wed, 06 September 2006 16:56
		Re: Re: [RFC] network namespaces By: kir on Wed, 06 September 2006 17:36
		Re: [RFC] network namespaces By: ebiederm on Wed, 06 September 2006 18:34
		Re: [RFC] network namespaces By: kir on Wed, 06 September 2006 18:56
		Re: [RFC] network namespaces By: Cedric Le Goater on Wed, 06 September 2006 20:53
		RE: [RFC] network namespaces By: Caitlin Bestler on Wed, 06 September 2006 23:06
		Re: [RFC] network namespaces By: Daniel Lezcano on Thu, 07 September 2006 08:25
		Re: [RFC] network namespaces By: ebiederm on Thu, 07 September 2006 18:29
		Re: [RFC] network namespaces By: Herbert Poetzl on Fri, 08 September 2006 06:02
		Re: Re: [RFC] network namespaces By: dev on Thu, 07 September 2006 16:20
		Re: Re: [RFC] network namespaces By: Herbert Poetzl on Thu, 07 September 2006 17:27
		Re: Re: [RFC] network namespaces By: Mishin Dmitry on Fri, 08 September 2006 13:10
		Re: Re: [RFC] network namespaces By: Herbert Poetzl on Fri, 08 September 2006 18:11
		Re: Re: [RFC] network namespaces By: Mishin Dmitry on Sat, 09 September 2006 07:57
		Re: Re: [RFC] network namespaces By: Herbert Poetzl on Sun, 10 September 2006 02:47
		Re: Re: [RFC] network namespaces By: Mishin Dmitry on Sun, 10 September 2006 07:45
		Re: Re: [RFC] network namespaces By: Herbert Poetzl on Sun, 10 September 2006 19:22
		Re: [RFC] network namespaces By: ebiederm on Tue, 12 September 2006 03:26
		Re: Re: [RFC] network namespaces By: ebiederm on Sun, 10 September 2006 03:41
		Re: Re: [RFC] network namespaces By: Mishin Dmitry on Sun, 10 September 2006 08:11
		Re: Re: [RFC] network namespaces By: Herbert Poetzl on Sun, 10 September 2006 19:19
		Re: Re: [RFC] network namespaces By: Daniel Lezcano on Mon, 11 September 2006 14:40
		Re: Re: [RFC] network namespaces By: Herbert Poetzl on Mon, 11 September 2006 14:57
		Re: Re: [RFC] network namespaces By: Daniel Lezcano on Mon, 11 September 2006 15:04
		Re: Re: [RFC] network namespaces By: Mishin Dmitry on Mon, 11 September 2006 15:10
		Re: [RFC] network namespaces By: ebiederm on Tue, 12 September 2006 03:28
		Re: [RFC] network namespaces By: Mishin Dmitry on Tue, 12 September 2006 07:38
		Re: Re: [RFC] network namespaces By: ebiederm on Thu, 07 September 2006 19:50
		Re: Re: [RFC] network namespaces By: Daniel Lezcano on Wed, 06 September 2006 21:44
		Re: [RFC] network namespaces By: ebiederm on Wed, 06 September 2006 17:58
		Re: [RFC] network namespaces By: ebiederm on Tue, 05 September 2006 18:27
		Re: [RFC] network namespaces By: dev on Wed, 06 September 2006 14:52
		Re: [RFC] network namespaces By: Daniel Lezcano on Tue, 05 September 2006 15:32
		Re: [RFC] network namespaces By: dev on Tue, 05 September 2006 15:44
		Re: [RFC] network namespaces By: ebiederm on Tue, 05 September 2006 17:09
		Re: [RFC] network namespaces By: Cedric Le Goater on Wed, 06 September 2006 20:25
		Re: Re: [RFC] network namespaces By: kir on Wed, 06 September 2006 15:09
		Re: [RFC] network namespaces By: ebiederm on Wed, 06 September 2006 20:40
		Re: [RFC] network namespaces By: ebiederm on Wed, 06 September 2006 23:25
		Re: [RFC] network namespaces By: Stephen Hemminger on Thu, 07 September 2006 00:53
		Re: [RFC] network namespaces By: ebiederm on Thu, 07 September 2006 05:11
		Re: [RFC] network namespaces By: Daniel Lezcano on Wed, 04 October 2006 09:40
		Re: [RFC] network namespaces By: ebiederm on Sun, 10 September 2006 11:48

Previous Topic:	[PATCH 2.6.18] ext2: errors behaviour fix
Next Topic:	64bit DMA in i2o_block

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Wed Jul 23 05:15:39 GMT 2025

Total time taken to generate the page: 0.11250 seconds