OpenVZ Forum: Devel » [RFC] network namespaces

Home » Mailing lists » Devel » [RFC] network namespaces

Show: Today's Messages :: Show Polls :: Message Navigator
E-mail to friend

Re: [RFC] network namespaces [message #6029 is a reply to message #6026]

Thu, 07 September 2006 00:53

Stephen Hemminger
Messages: 37
Registered: August 2006

Member

On Wed, 06 Sep 2006 17:25:50 -0600
ebiederm@xmission.com (Eric W. Biederman) wrote:

> "Caitlin Bestler" <caitlinb@broadcom.com> writes:
>
> > ebiederm@xmission.com wrote:
> >
> >>
> >>> Finally, as I understand both network isolation and network
> >>> virtualization (both level2 and level3) can happily co-exist. We do
> >>> have several filesystems in kernel. Let's have several network
> >>> virtualization approaches, and let a user choose. Is that makes
> >>> sense?
> >>
> >> If there are not compelling arguments for using both ways of
> >> doing it is silly to merge both, as it is more maintenance overhead.
> >>
> >
> > My reading is that full virtualization (Xen, etc.) calls for
> > implementing
> > L2 switching between the partitions and the physical NIC(s).
> >
> > The tradeoffs between L2 and L3 switching are indeed complex, but
> > there are two implications of doing L2 switching between partitions:
> >
> > 1) Do we really want to ask device drivers to support L2 switching for
> > partitions and something *different* for containers?
>
> No.
>
> > 2) Do we really want any single packet to traverse an L2 switch (for
> > the partition-style virtualization layer) and then an L3 switch
> > (for the container-style layer)?
>
> In general what has been done with layer 3 is to simply filter which
> processes can use which IP addresses and it all happens at socket
> creation time. So it is very cheap, and it can be done purely
> in the network layer without any driver intervention.
>
> Basically think of what is happening at layer 3 as an extremely light-weight
> version of traffic filtering.
>
> > The full virtualization solution calls for virtual NICs with distinct
> > MAC addresses. Is there any reason why this same solution cannot work
> > for containers (just creating more than one VNIC for the partition,
> > and then assigning each VNIC to a container?)
>
> The VNIC approach is the fundamental idea with the layer two networking
> and if we can push the work down into the device driver it so different
> destination macs show up a in different packet queues it should be
> as fast as a normal networking stack.
>
> Implementing VNICs so far is the only piece of containers that has
> come close to device drivers, and we can likely do it without device
> driver support (but with more cost). Basically this optimization
> is a subset of the Grand Unified Lookup idea.
>
> I think we can do a mergeable implementation without noticeable cost without
> when not using containers without having to resort to a grand unified lookup
> but I may be wrong.
>
> Eric

The problem with VNIC's is it won't work for all devices (without lots of
work), and for many device's it requires putting the device in promiscuous
mode. It also plays havoc with network access control devices.

Report message to a moderator

[Message index]

		[RFC] network namespaces By: Andrey Savochkin on Tue, 15 August 2006 14:20
		[PATCH 1/9] network namespaces: core and device list By: Andrey Savochkin on Tue, 15 August 2006 14:48
		Re: [PATCH 1/9] network namespaces: core and device list By: Dave Hansen on Wed, 16 August 2006 14:46
		Re: [PATCH 1/9] network namespaces: core and device list By: Stephen Hemminger on Wed, 16 August 2006 16:45
		[PATCH 2/9] network namespaces: IPv4 routing By: Andrey Savochkin on Tue, 15 August 2006 14:48
		[PATCH 6/9] allow proc_dir_entries to have destructor By: Andrey Savochkin on Tue, 15 August 2006 14:48
		[PATCH 5/9] network namespaces: async socket operations By: Andrey Savochkin on Tue, 15 August 2006 14:48
		Re: [PATCH 5/9] network namespaces: async socket operations By: Daniel Lezcano on Fri, 22 September 2006 15:33
		Re: [PATCH 5/9] network namespaces: async socket operations By: Andrey Savochkin on Sat, 23 September 2006 13:16
		[PATCH 7/9] net_device seq_file By: Andrey Savochkin on Tue, 15 August 2006 14:48
		[PATCH 8/9] network namespaces: device to pass packets between namespaces By: Andrey Savochkin on Tue, 15 August 2006 14:48
		[PATCH 4/9] network namespaces: socket hashes By: Andrey Savochkin on Tue, 15 August 2006 14:48
		Re: [PATCH 4/9] network namespaces: socket hashes By: Daniel Lezcano on Mon, 18 September 2006 15:12
		Re: [PATCH 4/9] network namespaces: socket hashes By: Andrey Savochkin on Wed, 20 September 2006 16:32
		Re: [PATCH 4/9] network namespaces: socket hashes By: Daniel Lezcano on Thu, 21 September 2006 12:34
		[PATCH 9/9] network namespaces: playing with pass-through device By: Andrey Savochkin on Tue, 15 August 2006 14:48
		Re: [RFC] network namespaces By: serue on Wed, 16 August 2006 11:53
		Re: [RFC] network namespaces By: Alexey Kuznetsov on Wed, 16 August 2006 15:12
		Re: [RFC] network namespaces By: ebiederm on Wed, 16 August 2006 17:35
		Re: [RFC] network namespaces By: dev on Thu, 17 August 2006 08:28
		Re: [RFC] network namespaces By: Daniel Lezcano on Tue, 05 September 2006 13:34
		Re: [RFC] network namespaces By: ebiederm on Tue, 05 September 2006 14:45
		Re: [RFC] network namespaces By: Herbert Poetzl on Tue, 05 September 2006 16:53
		Re: [RFC] network namespaces By: Daniel Lezcano on Wed, 06 September 2006 09:10
		Re: [RFC] network namespaces By: Herbert Poetzl on Wed, 06 September 2006 16:56
		Re: Re: [RFC] network namespaces By: kir on Wed, 06 September 2006 17:36
		Re: [RFC] network namespaces By: ebiederm on Wed, 06 September 2006 18:34
		Re: [RFC] network namespaces By: kir on Wed, 06 September 2006 18:56
		Re: [RFC] network namespaces By: Cedric Le Goater on Wed, 06 September 2006 20:53
		RE: [RFC] network namespaces By: Caitlin Bestler on Wed, 06 September 2006 23:06
		Re: [RFC] network namespaces By: Daniel Lezcano on Thu, 07 September 2006 08:25
		Re: [RFC] network namespaces By: ebiederm on Thu, 07 September 2006 18:29
		Re: [RFC] network namespaces By: Herbert Poetzl on Fri, 08 September 2006 06:02
		Re: Re: [RFC] network namespaces By: dev on Thu, 07 September 2006 16:20
		Re: Re: [RFC] network namespaces By: Herbert Poetzl on Thu, 07 September 2006 17:27
		Re: Re: [RFC] network namespaces By: Mishin Dmitry on Fri, 08 September 2006 13:10
		Re: Re: [RFC] network namespaces By: Herbert Poetzl on Fri, 08 September 2006 18:11
		Re: Re: [RFC] network namespaces By: Mishin Dmitry on Sat, 09 September 2006 07:57
		Re: Re: [RFC] network namespaces By: Herbert Poetzl on Sun, 10 September 2006 02:47
		Re: Re: [RFC] network namespaces By: Mishin Dmitry on Sun, 10 September 2006 07:45
		Re: Re: [RFC] network namespaces By: Herbert Poetzl on Sun, 10 September 2006 19:22
		Re: [RFC] network namespaces By: ebiederm on Tue, 12 September 2006 03:26
		Re: Re: [RFC] network namespaces By: ebiederm on Sun, 10 September 2006 03:41
		Re: Re: [RFC] network namespaces By: Mishin Dmitry on Sun, 10 September 2006 08:11
		Re: Re: [RFC] network namespaces By: Herbert Poetzl on Sun, 10 September 2006 19:19
		Re: Re: [RFC] network namespaces By: Daniel Lezcano on Mon, 11 September 2006 14:40
		Re: Re: [RFC] network namespaces By: Herbert Poetzl on Mon, 11 September 2006 14:57
		Re: Re: [RFC] network namespaces By: Daniel Lezcano on Mon, 11 September 2006 15:04
		Re: Re: [RFC] network namespaces By: Mishin Dmitry on Mon, 11 September 2006 15:10
		Re: [RFC] network namespaces By: ebiederm on Tue, 12 September 2006 03:28
		Re: [RFC] network namespaces By: Mishin Dmitry on Tue, 12 September 2006 07:38
		Re: Re: [RFC] network namespaces By: ebiederm on Thu, 07 September 2006 19:50
		Re: Re: [RFC] network namespaces By: Daniel Lezcano on Wed, 06 September 2006 21:44
		Re: [RFC] network namespaces By: ebiederm on Wed, 06 September 2006 17:58
		Re: [RFC] network namespaces By: ebiederm on Tue, 05 September 2006 18:27
		Re: [RFC] network namespaces By: dev on Wed, 06 September 2006 14:52
		Re: [RFC] network namespaces By: Daniel Lezcano on Tue, 05 September 2006 15:32
		Re: [RFC] network namespaces By: dev on Tue, 05 September 2006 15:44
		Re: [RFC] network namespaces By: ebiederm on Tue, 05 September 2006 17:09
		Re: [RFC] network namespaces By: Cedric Le Goater on Wed, 06 September 2006 20:25
		Re: Re: [RFC] network namespaces By: kir on Wed, 06 September 2006 15:09
		Re: [RFC] network namespaces By: ebiederm on Wed, 06 September 2006 20:40
		Re: [RFC] network namespaces By: ebiederm on Wed, 06 September 2006 23:25
		Re: [RFC] network namespaces By: Stephen Hemminger on Thu, 07 September 2006 00:53
		Re: [RFC] network namespaces By: ebiederm on Thu, 07 September 2006 05:11
		Re: [RFC] network namespaces By: Daniel Lezcano on Wed, 04 October 2006 09:40
		Re: [RFC] network namespaces By: ebiederm on Sun, 10 September 2006 11:48

Previous Topic:	[PATCH 2.6.18] ext2: errors behaviour fix
Next Topic:	64bit DMA in i2o_block

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

] [

]

Current Time: Mon Sep 08 23:30:59 GMT 2025

Total time taken to generate the page: 0.15854 seconds