[Devel] Re: [RFC][PATCH] IP address restricting cgroup subsystem
Serge E. Hallyn
serue at us.ibm.com
Fri Jan 9 14:47:42 PST 2009
Quoting Guenter Roeck (groeck at redback.com):
> On Fri, Jan 09, 2009 at 10:12:24AM -0800, Dan Smith wrote:
> > GR> I have tried something similar, only with
> > GR> CLONE_FILES|CLONE_FS|CLONE_VM|CLONE_NEWNET, and actually creating
> > GR> a virtual interface and controlling socket or thread in each new
> > GR> network namespace.
> >
> > My initial test was to create a veth pair and move one end into the
> > namespace during create. That failed in the same way, so I took the
> > veth's out of the equation with the posted test.
> >
> > GR> This scales to a couple of thousand interfaces, though interface
> > GR> creation takes a long time if more than 1,000 interfaces or so are
> > GR> created.
> >
> This is at least to some degree due to the problems I mentioned earlier.
> Enhancing the kernel name hash and the sysfs implementation improves
> performance a lot.
Is this something you've had a chance to start addressing? (Just wondering)
-serge
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list