[Devel] Re: [RFC] network namespaces
Daniel Lezcano
dlezcano at fr.ibm.com
Tue Sep 5 08:32:01 PDT 2006
> For HPC if you are interested in migration you need a separate IP per
> container. If you can take you IP address with you migration of
> networking state is simple. If you can't take your IP address with
> you a network container is nearly pointless from a migration
> perspective.
Eric, please, I know... I showed you a migration demo at OLS ;)
> Beyond that from everything I have seen layer 2 is just much cleaner
> than any layer 3 approach short of Serge's bind filtering.
> Beyond that I have yet to see a clean semantics for anything
> resembling your layer 2 layer 3 hybrid approach. If we can't have
> clear semantics it is by definition impossible to implement correctly
> because no one understands what it is supposed to do.
> Note. A true layer 3 approach has no impact on TCP/UDP filtering
> because it filters at bind time not at packet reception time. Once
> you start inspecting packets I don't see what the gain is from not
> going all of the way to layer 2.
The bsdjail was just for information ...
- Daniel
More information about the Devel
mailing list