[Devel] Re: strict isolation of net interfaces
Sam Vilain
sam at vilain.net
Thu Jun 29 19:49:05 PDT 2006
Serge E. Hallyn wrote:
> The last one in your diagram confuses me - why foo0:1? I would
> have thought it'd be
>
> host | guest 0 | guest 1 | guest2
> ----------------------+-----------+-----------+--------------
> | | | |
> |-> l0 <-------+-> lo0 ... | lo0 | lo0
> | | | |
> |-> eth0 | | |
> | | | |
> |-> veth0 <--------+-> eth0 | |
> | | | |
> |-> veth1 <--------+-----------+-----------+-> eth0
> | | | |
> |-> veth2 <-------+-----------+-> eth0 |
>
> [...]
>
> So conceptually using a full virtual net device per container
> certainly seems cleaner to me, and it seems like it should be
> simpler by way of statistics gathering etc, but are there actually
> any real gains? Or is the support for multiple IPs per device
> actually enough?
>
Why special case loopback?
Why not:
host | guest 0 | guest 1 | guest2
----------------------+-----------+-----------+--------------
| | | |
|-> lo | | |
| | | |
|-> vlo0 <---------+-> lo | |
| | | |
|-> vlo1 <---------+-----------+-----------+-> lo
| | | |
|-> vlo2 <--------+-----------+-> lo |
| | | |
|-> eth0 | | |
| | | |
|-> veth0 <--------+-> eth0 | |
| | | |
|-> veth1 <--------+-----------+-----------+-> eth0
| | | |
|-> veth2 <-------+-----------+-> eth0 |
Sam.
More information about the Devel
mailing list