| Re: Network virtualization/isolation [message #8701] |
Sun, 03 December 2006 16:00  |
ebiederm
Messages: 1354
Registered: February 2006
|
Senior Member |
|
|
Ok. Just a quick summary of where I see the discussion.
We all agree that L2 isolation is needed at some point.
The approaches discussed for L2 and L3 are sufficiently orthogonal
that we can implement then in either order. You would need to
unshare L3 to unshare L2, but if we think of them as two separate
namespaces we are likely to be in better shape.
The L3 discussion still has the problem that there has not been
agreement on all of the semantics yet.
More comments after I get some sleep.
Eric
|
|
|
|
|
|
|
|
| Re: Network virtualization/isolation [message #16797 is a reply to message #8715] |
Mon, 04 December 2006 16:43  |
Herbert Poetzl
Messages: 239
Registered: February 2006
|
Senior Member |
|
|
On Mon, Dec 04, 2006 at 06:19:00PM +0300, Dmitry Mishin wrote:
> On Sunday 03 December 2006 19:00, Eric W. Biederman wrote:
> > Ok. Just a quick summary of where I see the discussion.
> >
> > We all agree that L2 isolation is needed at some point.
> As we all agreed on this, may be it is time to send patches
> one-by-one? For the beggining, I propose to resend Cedric's
> empty namespace patch as base for others - it is really empty,
> but necessary in order to move further.
>
> After this patch and the following net namespace unshare
> patch will be accepted,
well, I have neither seen any performance tests showing
that the following is true:
- no change on network performance without the
space enabled
- no change on network performance on the host
with the network namespaces enabled
- no measureable overhead inside the network
namespace
- good scaleability for a larger number of network
namespaces
> I could send network devices virtualization patches for
> review and discussion.
that won't hurt ...
best,
Herbert
> What do you think?
>
> > The approaches discussed for L2 and L3 are sufficiently orthogonal
> > that we can implement then in either order. You would need to
> > unshare L3 to unshare L2, but if we think of them as two separate
> > namespaces we are likely to be in better shape.
> >
> > The L3 discussion still has the problem that there has not been
> > agreement on all of the semantics yet.
> >
> > More comments after I get some sleep.
> >
> > Eric
> > -
> > To unsubscribe from this list: send the line "unsubscribe netdev" in
> > the body of a message to majordomo@vger.kernel.org
> > More majordomo info at http://vger.kernel.org/majordomo-info.html
>
> --
> Thanks,
> Dmitry.
> _______________________________________________
> Containers mailing list
> Containers@lists.osdl.org
> https://lists.osdl.org/mailman/listinfo/containers
_______________________________________________
Containers mailing list
Containers@lists.osdl.org
https://lists.osdl.org/mailman/listinfo/containers
|
|
|
|
| Re: Network virtualization/isolation [message #16800 is a reply to message #16797] |
Mon, 04 December 2006 17:02 |
Mishin Dmitry
Messages: 112
Registered: February 2006
|
Senior Member |
|
|
On Monday 04 December 2006 19:43, Herbert Poetzl wrote:
> On Mon, Dec 04, 2006 at 06:19:00PM +0300, Dmitry Mishin wrote:
> > On Sunday 03 December 2006 19:00, Eric W. Biederman wrote:
> > > Ok. Just a quick summary of where I see the discussion.
> > >
> > > We all agree that L2 isolation is needed at some point.
> >
> > As we all agreed on this, may be it is time to send patches
> > one-by-one? For the beggining, I propose to resend Cedric's
> > empty namespace patch as base for others - it is really empty,
> > but necessary in order to move further.
> >
> > After this patch and the following net namespace unshare
> > patch will be accepted,
>
> well, I have neither seen any performance tests showing
> that the following is true:
>
> - no change on network performance without the
> space enabled
> - no change on network performance on the host
> with the network namespaces enabled
> - no measureable overhead inside the network
> namespace
> - good scaleability for a larger number of network
> namespaces
These questions are for complete L2 implementation, not for these 2 empty
patches. If you need some data relating to Andrey's implementation, I'll get
it. Which test do you accept?
>
> > I could send network devices virtualization patches for
> > review and discussion.
>
> that won't hurt ...
>
> best,
> Herbert
>
> > What do you think?
> >
> > > The approaches discussed for L2 and L3 are sufficiently orthogonal
> > > that we can implement then in either order. You would need to
> > > unshare L3 to unshare L2, but if we think of them as two separate
> > > namespaces we are likely to be in better shape.
> > >
> > > The L3 discussion still has the problem that there has not been
> > > agreement on all of the semantics yet.
> > >
> > > More comments after I get some sleep.
> > >
> > > Eric
> > > -
> > > To unsubscribe from this list: send the line "unsubscribe netdev" in
> > > the body of a message to majordomo@vger.kernel.org
> > > More majordomo info at http://vger.kernel.org/majordomo-info.html
> >
> > --
> > Thanks,
> > Dmitry.
> > _______________________________________________
> > Containers mailing list
> > Containers@lists.osdl.org
> > https://lists.osdl.org/mailman/listinfo/containers
--
Thanks,
Dmitry.
_______________________________________________
Containers mailing list
Containers@lists.osdl.org
https://lists.osdl.org/mailman/listinfo/containers
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
