[Devel] Re: [patch 2/6] [Network namespace] Network device sharing by view
Kirill Korotaev
dev at sw.ru
Tue Jun 27 02:54:51 PDT 2006
>> My point is that if you make namespace tagging at routing time, and
>> your packets are being routed only once, you lose the ability
>> to have separate routing tables in each namespace.
>
>
> Right. What is the advantage of having separate the routing tables ?
it is impossible to have bridged networking, tun/tap and many other
features without it. I even doubt that it is possible to introduce
private netfilter rules w/o virtualization of routing.
The question is do we want to have fully featured namespaces which allow
to create isolated virtual environments with semantics and behaviour of
standalone linux box or do we want to introduce some hacks with new
rules/restrictions to meet ones goals only?
From my POV, fully virtualized namespaces are the future. It is what
makes virtualization solution usable (w/o apps modifications), provides
all the features and doesn't require much efforts from people to be used.
Thanks,
Kirill
More information about the Devel
mailing list