Avinash Sridharan created MESOS-4343:
----------------------------------------
Summary: Provide ability to assign network handles to mesos
containers in order to achiever network performance isolation
Key: MESOS-4343
URL: https://issues.apache.org/jira/browse/MESOS-4343
Project: Mesos
Issue Type: Epic
Components: containerization
Reporter: Avinash Sridharan
Assignee: Avinash Sridharan
Linux provides net_cls as a cgroup subsystem. A net_cls cgroup is associated
with a 16-bit major handle and a 16-bit minor handle. When a task is
associated with a net_cls cgroup, the kernel tags every packet being generated
by the task with the major and minor handle associated with the net_cls cgroup
that the task belongs too. These tags are then used by network performance
shaping and firewall tools such as tc (traffic controller) and iptables.
Currently, mesos agents do not provide any isolator that can enable
mesos-containers in a net_cls cgroup, or assign network handles to a net_cls
cgroup. As part of this epic we plan to achieve the following:
a) Implement net_cls cgroup isolator for mesos agents.
b) Implement an net-handles allocator class that can manage.
c) Allow operators to set a major network handle when launching an agent.
d) Expose the net_cls network handle allocated to a container, to entities
such as operators and frameworks.
Once the above goals are met operators can learn about network handles
allocated to containers and apply them to tools such as tc and iptables to
enforce network policies.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
