----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/24719/#review50746 -----------------------------------------------------------
docs/network-monitoring.md <https://reviews.apache.org/r/24719/#comment88614> Perhaps make explicit that they can reach other containers, including on the same host, and that they can still reach services running on the localhost of the host <--- This is important because you wouldn't usually expect this if you had container's running with separate network stacks. docs/network-monitoring.md <https://reviews.apache.org/r/24719/#comment88612> Same public IP and same MAC? s/communicate with external world/make connections with other hosts/? Are you going to mention about multiple ICMP/ARP replies anywhere? docs/network-monitoring.md <https://reviews.apache.org/r/24719/#comment88601> s/By default, Linux uses ports [] for ephemeral ports./The default ephemeral port range on Linux is []/ Is [32768, 61000] the default range across all distributions? s/used by the container as ephemeral ports/used as the ephemeral port range for the container's network stack/ Can you add a sentence that these ports are *directly mapped* into the container's port range, hence the naming network/port_mapping. This ties into each container having its own /proc/sys/net/ipv4/ip_local_port_range. s/need to make sure/need to ensure/ s/enforce the squeeze/ensure there are no connections using ports outside the new ephemeral range./ docs/network-monitoring.md <https://reviews.apache.org/r/24719/#comment88602> Is it not more common to just use `echo "" > /path` while running as root? People may not be familiar with the tee trick. I think you should explain the reasoning and potential impact this change has. Clarify that this reduces the ephemeral range for any process that isn't is a container and that it limits the number of connections based on the 5-tuple and includes TIME_WAIT so highlight that this should be evaluated for scenarios which have a high number/churn of connections to services. docs/network-monitoring.md <https://reviews.apache.org/r/24719/#comment88605> Explicitly state that the maximum number of containers on the slave will be limited by approximately |ephemeral_ports|/ephemeral_ports_per_container, subject to alignment etc. E.g., for these numbers the slave is limited to 24 containers. This is an important limitation that should be made very explicit. docs/network-monitoring.md <https://reviews.apache.org/r/24719/#comment88606> The number of ephemeral ports is not power 2 *aligned*, it's just a power of 2. Give an example here for power of two size to guide people, e.g., 512, 1024 or 2048. s/what/which/ Explain that non power-2 sized will have some performance impact for handling packets. docs/network-monitoring.md <https://reviews.apache.org/r/24719/#comment88608> Can you clean up the floating point madness here? e.g., cpus_limit: 0.35. It's not useful and is just distracting. - Ian Downes On Aug. 14, 2014, 5:13 p.m., Jie Yu wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/24719/ > ----------------------------------------------------------- > > (Updated Aug. 14, 2014, 5:13 p.m.) > > > Review request for mesos, Chi Zhang, Ian Downes, Vinod Kone, and Cong Wang. > > > Repository: mesos-git > > > Description > ------- > > See summary > > > Diffs > ----- > > docs/network-monitoring.md PRE-CREATION > > Diff: https://reviews.apache.org/r/24719/diff/ > > > Testing > ------- > > checked the markdown syntax > > > Thanks, > > Jie Yu > >
