| linux-2.6.20-openvz tree [message #11395] |
Thu, 22 March 2007 15:28  |
Carl-Daniel Hailfinge
Messages: 15
Registered: February 2007
|
Junior Member |
|
|
Hi,
I just noticed a new linux-2.6.20 git tree on git.openvz.org. Will
this tree eventually become a supported tree or is it just there as
preparation for an upstream merge?
Speaking of an upstream merge, is there any timeline for merging
network virtualization?
Regards,
Carl-Daniel
|
|
|
|
|
|
| Re: linux-2.6.20-openvz tree [message #11407 is a reply to message #11398] |
Thu, 22 March 2007 18:29  |
Carl-Daniel Hailfinge
Messages: 15
Registered: February 2007
|
Junior Member |
|
|
On 22.03.2007 16:59, Kirill Korotaev wrote:
> Speaking about upstream merges:
> there are 2 network virtualization implementations currently exist.
> I'm not sure how much time it will take to merge this work,
> it is very much depends on netdev@ maintainers. Maybe 2-3 month.
OK, so the target is 2.6.22 or 2.6.23, if the usual time between
releases is used as a basis for the estimation.
> Why are you interested in that? Do you want to use some particular
> feature?
Yes. I currently use Linux policy routing for ONE machine performing
double/triple/... NAT. Many people state that this is impossible,
but it works fine unless two connections from the different subnets
have identical 5-tuples. In that case, the connection tracking code
gets confused. Unfortunately, the 5-tuple used by connection tracking
and NAT has no means to incorporate the NF mark, so I hope I can
use different containers for that.
However, last time I checked, all network virtualization attempts
did NOT consider one aspect I consider important for double NAT and
virtual routers: Efficiency. Once I use virtualization, I am
constrained to virtual network interfaces and suffer the overhead
of multiple routing/bridging decisions for one packet.
It would be great if I could make physical interfaces accessible
in a VE without resorting to bridging or routing. For example,
move eth0 and eth1 to one VE, eth2 and eth3 to another VE and
keep eth4 under control of the HN.
I admit that most of this can be done with policy routing and NF
marks, but connection tracking cares about neither of them.
Regards,
Carl-Daniel
--
http://www.hailfinger.org/
|
|
|
|
| Re: linux-2.6.20-openvz tree [message #11421 is a reply to message #11407] |
Fri, 23 March 2007 08:51 |
dev
Messages: 1693
Registered: September 2005
Location: Moscow
|
Senior Member |
|
|
Carl-Daniel Hailfinger wrote:
> On 22.03.2007 16:59, Kirill Korotaev wrote:
>
>>Speaking about upstream merges:
>>there are 2 network virtualization implementations currently exist.
>>I'm not sure how much time it will take to merge this work,
>>it is very much depends on netdev@ maintainers. Maybe 2-3 month.
>
>
> OK, so the target is 2.6.22 or 2.6.23, if the usual time between
> releases is used as a basis for the estimation.
>
>
>>Why are you interested in that? Do you want to use some particular
>>feature?
>
>
> Yes. I currently use Linux policy routing for ONE machine performing
> double/triple/... NAT. Many people state that this is impossible,
> but it works fine unless two connections from the different subnets
> have identical 5-tuples. In that case, the connection tracking code
> gets confused. Unfortunately, the 5-tuple used by connection tracking
> and NAT has no means to incorporate the NF mark, so I hope I can
> use different containers for that.
>
> However, last time I checked, all network virtualization attempts
> did NOT consider one aspect I consider important for double NAT and
> virtual routers: Efficiency. Once I use virtualization, I am
> constrained to virtual network interfaces and suffer the overhead
> of multiple routing/bridging decisions for one packet.
> It would be great if I could make physical interfaces accessible
> in a VE without resorting to bridging or routing. For example,
> move eth0 and eth1 to one VE, eth2 and eth3 to another VE and
> keep eth4 under control of the HN.
This was possible for years in OpenVZ:
man vzctl
http://openvz.org/documentation/mans/vzctl.8
Network devices control parameters
--netdev_add name
move network device from VE0 to a specified VE
--netdev_del name
delete network device from a specified VE
this is exactly the thing you are talking about:
you can move eth0 and eth1 to one VE, eth2 and eth3 to another VE
and keep eth4 to HN.
And sure, this removes overhead of virtual network devices, additional
routing/bridging etc.
At the same time you can use separate NAT/firewall,routing,arp tables
inside each VE.
Isn't it the thing you want?
> I admit that most of this can be done with policy routing and NF
> marks, but connection tracking cares about neither of them.
Regards,
Kirill
|
|
|
|
|
|
| Re: linux-2.6.20-openvz tree [message #11466 is a reply to message #11461] |
Sat, 24 March 2007 16:01 |
|
|
Carl-Daniel Hailfinger wrote:
> On 23.03.2007 10:01, Kirill Korotaev wrote:
>
>> This was possible for years in OpenVZ:
>>
>> man vzctl
>> http://openvz.org/documentation/mans/vzctl.8
>>
>> Network devices control parameters
>> --netdev_add name
>> move network device from VE0 to a specified VE
>> --netdev_del name
>> delete network device from a specified VE
>>
>> this is exactly the thing you are talking about:
>> you can move eth0 and eth1 to one VE, eth2 and eth3 to another VE
>> and keep eth4 to HN.
>>
>
> Great! The OpenVZ wiki seemed to suggest that this was not possible.
>
Can you fix this wiki page? Or at least point me to it, so I can fix?
> Next time I'll read the man pages and not only the wiki before
> asking questions.
>
|
|
|
|
| Re: linux-2.6.20-openvz tree [message #11579 is a reply to message #11466] |
Tue, 27 March 2007 17:40 |
Carl-Daniel Hailfinge
Messages: 15
Registered: February 2007
|
Junior Member |
|
|
On 24.03.2007 17:01, Kir Kolyshkin wrote:
> Carl-Daniel Hailfinger wrote:
>> On 23.03.2007 10:01, Kirill Korotaev wrote:
>>
>>> This was possible for years in OpenVZ:
>>>
>>> man vzctl
>>> http://openvz.org/documentation/mans/vzctl.8
>>>
>>> Network devices control parameters
>>> --netdev_add name
>>> move network device from VE0 to a specified VE --netdev_del name
>>> delete network device from a specified VE
>>>
>>> this is exactly the thing you are talking about:
>>> you can move eth0 and eth1 to one VE, eth2 and eth3 to another VE
>>> and keep eth4 to HN.
>>>
>>
>> Great! The OpenVZ wiki seemed to suggest that this was not possible.
>>
>
> Can you fix this wiki page? Or at least point me to it, so I can fix?
http://wiki.openvz.org/Differences_between_venet_and_veth states
"OpenVZ provides you to use either venet or veth devices (or both) for
in-VE networking."
Suggested new wording:
"OpenVZ provides you to use venet or veth or real ethernet (ethX)
devices (or a combination thereof) for in-VE networking."
This article and the others in Category:Networking never mention the
ability to move ethX devices to a VE.
Regards,
Carl-Daniel
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
