Home » Mailing lists » Devel » Re: Re: Network virtualization/isolation
| Re: Re: Network virtualization/isolation [message #8665 is a reply to message #8638] |
Thu, 30 November 2006 16:15   |
Vlad Yasevich
Messages: 8
Registered: November 2006
|
Junior Member |
|
|
Daniel Lezcano wrote:
> Brian Haley wrote:
>> Eric W. Biederman wrote:
>>> I think for cases across network socket namespaces it should
>>> be a matter for the rules, to decide if the connection should
>>> happen and what error code to return if the connection does not
>>> happen.
>>>
>>> There is a potential in this to have an ambiguous case where two
>>> applications can be listening for connections on the same socket
>>> on the same port and both will allow the connection. If that
>>> is the case I believe the proper definition is the first socket
>>> that we find that will accept the connection gets the connection.
> No. If you try to connect, the destination IP address is assigned to a
> network namespace. This network namespace is used to leave the listening
> socket ambiguity.
>>
>> Wouldn't you want to catch this at bind() and/or configuration time and
>> fail? Having overlapping namespaces/rules seems undesirable, since as
>> Herbert said, can get you "unexpected behaviour".
>
> Overlapping is not a problem, you can have several sockets binded on the
> same INADDR_ANY/port without ambiguity because the network namespace
> pointer is added as a new key for sockets lookup, (src addr, src port,
> dst addr, dst port, net ns pointer). The bind should not be forced to a
> specific address because you will not be able to connect via 127.0.0.1.
So, all this leads to me ask, how to handle 127.0.0.1?
For L2 it seems easy. Each namespace gets a tagged lo device.
How do you propose to do it for L3, because disabling access to loopback is
not a valid option, IMO.
I agree that adding a namespace to the (using generic terms) TCB lookup
solves the conflict issue.
-vlad
|
|
|
|
 |
|
Re: Re: Network virtualization/isolation
|
|
|
Re: Re: Network virtualization/isolation
|
|
|
Re: Network virtualization/isolation
By: jamal on Sun, 03 December 2006 12:26 |
|
|
Network virtualization/isolation
By: jamal on Sun, 03 December 2006 14:13 |
|
|
Re: Network virtualization/isolation
By: ebiederm on Mon, 04 December 2006 12:15 |
|
|
Re: Network virtualization/isolation
By: jamal on Mon, 04 December 2006 13:44 |
|
|
Re: Network virtualization/isolation
By: ebiederm on Mon, 04 December 2006 15:35 |
|
|
Re: Network virtualization/isolation
|
|
|
Re: Network virtualization/isolation
By: ebiederm on Mon, 04 December 2006 16:52 |
|
|
Re: Re: Network virtualization/isolation
By: dev on Wed, 06 December 2006 11:45 |
|
|
Re: Re: Network virtualization/isolation
|
|
|
Re: Re: Network virtualization/isolation
By: ebiederm on Fri, 08 December 2006 19:57 |
|
|
Re: Re: Network virtualization/isolation
|
|
|
Re: Re: Network virtualization/isolation
|
|
|
Re: Re: Network virtualization/isolation
|
|
|
Re: Network virtualization/isolation
By: ebiederm on Sat, 25 November 2006 08:21 |
|
|
Re: Network virtualization/isolation
|
|
|
Re: Re: Network virtualization/isolation
|
|
|
Re: Re: Network virtualization/isolation
|
|
|
Re: Re: Network virtualization/isolation
|
|
|
Re: Re: Network virtualization/isolation
By: kir on Sat, 09 December 2006 22:34 |
|
|
Re: Re: Network virtualization/isolation
|
|
|
Re: Re: Network virtualization/isolation
By: ebiederm on Sat, 09 December 2006 08:07 |
|
|
Re: Network virtualization/isolation
By: ebiederm on Sat, 25 November 2006 09:09 |
|
|
Re: Network virtualization/isolation
|
|
|
RE: Network virtualization/isolation
|
|
|
Re: Network virtualization/isolation
By: ebiederm on Sat, 25 November 2006 19:26 |
|
|
Re: Network virtualization/isolation
By: ebiederm on Sat, 25 November 2006 23:16 |
|
|
RE: Network virtualization/isolation
|
|
|
Re: Network virtualization/isolation
|
|
|
Re: Network virtualization/isolation
By: ebiederm on Sun, 26 November 2006 20:52 |
|
|
Re: Network virtualization/isolation
By: ebiederm on Tue, 28 November 2006 16:51 |
|
|
Re: Network virtualization/isolation
|
|
|
Re: Network virtualization/isolation
|
|
|
Re: Network virtualization/isolation
|
|
|
Re: Network virtualization/isolation
By: ebiederm on Tue, 28 November 2006 21:50 |
|
|
Re: Network virtualization/isolation
|
|
|
Re: Network virtualization/isolation
|
|
|
Re: Network virtualization/isolation
By: jamal on Sun, 03 December 2006 16:58 |
|
|
Re: Network virtualization/isolation
By: ebiederm on Mon, 04 December 2006 16:58 |
|
|
Re: Network virtualization/isolation
|
|
|
Re: Network virtualization/isolation
|
|
|
Re: Network virtualization/isolation
|
|
|
Re: Network virtualization/isolation
By: jamal on Mon, 04 December 2006 13:22 |
|
|
Re: Network virtualization/isolation
|
Goto Forum:
Current Time: Sat Sep 06 17:04:53 GMT 2025
Total time taken to generate the page: 0.18426 seconds
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
