[Devel] RE: Network virtualization/isolation

[Leonid Grossman]

> -----Original Message-----
> From: netdev-owner at vger.kernel.org 
> [mailto:netdev-owner at vger.kernel.org] On Behalf Of Eric W. Biederman

> Then the question is how do we reduce the overhead when we 
> don't have enough physical network interfaces to go around.  
> My feeling is that we could push the work to the network 
> adapters and allow single physical network adapters to 
> support multiple network interfaces, each with a different 
> link-layer address.  At which point the overhead is nearly 
> nothing and newer network adapters may start implementing 
> enough filtering in hardware to do all of the work for us.

Correct, to a degree. 
There will be always a limit on the number of physical "channels" that a
NIC 
can support, while keeping these channels fully independent and
protected at the hw level.
So, you will probably still need to implement the sw path, 
with the assumption that some containers (that care about performance)
will get a separate 
NIC interface and avoid the overhead, and other containers will have to
use the sw path. 
There are some multi-channel NICs shipping today so it would be possible
to see the overhead between the two options (I suspect it will be quite
noticeable), but for a general idea about what work could be pushed down
to network adapters in the near future you can look at the pcisig.com
I/O Virtualization Workgroup. 
Once the single root I/O Virtualization spec is completed, it is likely
to be supported by several NIC vendors to provide multiple network
interfaces on a single NIC that you are looking for.


_______________________________________________
Containers mailing list
Containers at lists.osdl.org
https://lists.osdl.org/mailman/listinfo/containers