[Devel] Re: [RFC] network namespaces
Cedric Le Goater
clg at fr.ibm.com
Wed Sep 6 13:53:08 PDT 2006
Kir Kolyshkin wrote:
<snip>
> I am not sure about "network isolation" (used by Linux-VServer), but as
> it comes for level2 vs. level3 virtualization, I see a need for both.
> Here is the easy-to-understand comparison which can shed some light:
> http://wiki.openvz.org/Differences_between_venet_and_veth
thanks kir,
> Here are a couple of examples
> * Do we want to let container's owner (i.e. root) to add/remove IP
> addresses? Most probably not, but in some cases we want that.
> * Do we want to be able to run DHCP server and/or DHCP client inside a
> container? Sometimes...but not always.
> * Do we want to let container's owner to create/manage his own set of
> iptables? In half of the cases we do.
>
> The problem here is single solution will not cover all those scenarios.
some would argue that there is one single solution : Xen or similar.
IMO, I think containers should try to leverage their difference,
performance, and not try to simulate a real hardware environment.
Restricting the network environment of a container should be considered
acceptable if this is for the sake of performance. The network interface(s)
could be pre-configured and provided to the container. Protocol(s) could be
forbidden.
Now, if you need more network power in a container, you will need a real or
a virtualized interface.
But let's consider both alternatives.
thanks,
C.
_______________________________________________
Containers mailing list
Containers at lists.osdl.org
https://lists.osdl.org/mailman/listinfo/containers
More information about the Devel
mailing list