On Tue, Sep 05, 2006 at 08:45:39AM -0600, Eric W. Biederman wrote:
Daniel Lezcano <[EMAIL PROTECTED]> writes:
For HPC if you are interested in migration you need a separate IP
per container. If you can take you IP address with you migration of
networking state is simple. If you can't take your IP address with you
a network container is nearly pointless from a migration perspective.
Beyond that from everything I have seen layer 2 is just much cleaner
than any layer 3 approach short of Serge's bind filtering.
well, the 'ip subset' approach Linux-VServer and
other Jail solutions use is very clean, it just does
not match your expectations of a virtual interface
(as there is none) and it does not cope well with
all kinds of per context 'requirements', which IMHO
do not really exist on the application layer (only
on the whole system layer)
I probably expressed that wrong. There are currently three
basic approaches under discussion.
Layer 3 (Basically bind filtering) nothing at the packet level.
The approach taken by Serge's version of bsdjails and Vserver.
Layer 2.5 What Daniel proposed.
Layer 2. (Trivially mapping each packet to a different interface)
And then treating everything as multiple instances of the
network stack.
Roughly what OpenVZ and I have implemented.
I think classifying network virtualization by Layer X is not good enough.
OpenVZ has Layer 3 (venet) and Layer 2 (veth) implementations, but
in both cases networking stack inside VE remains fully virtualized.
Thanks,
Kirill
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
