[Devel] Re: [RFC] network namespaces

Daniel Lezcano dlezcano at fr.ibm.com
Wed Sep 6 02:10:23 PDT 2006


Hi Herbert,

> well, the 'ip subset' approach Linux-VServer and
> other Jail solutions use is very clean, it just does
> not match your expectations of a virtual interface
> (as there is none) and it does not cope well with
> all kinds of per context 'requirements', which IMHO
> do not really exist on the application layer (only
> on the whole system layer)
> 
> IMHO that would be quite simple, have a 'namespace'
> for limiting port binds to a subset of the available
> ips and another one which does complete network 
> virtualization with all the whistles and bells, IMHO
> most of them are orthogonal and can easily be combined
> 
>  - full network virtualization
>  - lightweight ip subset 
>  - both
> 
> IMHO this requirement only arises from the full system
> virtualization approach, just look at the other jail
> solutions (solaris, bsd, ...) some of them do not even 
> allow for more than a single ip but they work quite
> well when used properly ...

As far as I see, vserver use a layer 3 solution but, when needed, the 
veth "component", made by Nestor Pena, is used to provide a layer 2 
virtualization. Right ?

Having the two solutions, you have certainly a lot if information about 
use cases. From the point of view of vserver, can you give some examples 
of when a layer 3 solution is better/worst than a layer 2 solution ? Who 
wants a layer 2/3 virtualization and why ?

These informations will be very useful.

Regards

   -- Daniel




More information about the Devel mailing list