[Devel] Re: Net containers config and usage

Wed Jan 14 11:53:58 PST 2009

chris at versecorp.net wrote:
> On Wed, Jan 14, 2009 at 01:26:34PM -0600, Serge E. Hallyn wrote:
>   
>> Quoting Daniel Lezcano (daniel.lezcano at free.fr):
>>     
>>> chris at versecorp.net wrote:
>>>       
>>>> On Wed, Jan 14, 2009 at 09:50:29AM +0100, Daniel Lezcano wrote:
>>>>   
>>>>         
>>>>> Guenter Roeck wrote:
>>>>>     
>>>>>           
>>>>>> As far as I recall, if you have sysfs active and use the sysfs patch to
>>>>>> let you configure both sysfs and network namespaces, you can only move
>>>>>> virtual interfaces into a network namespace.
>>>>>>
>>>>>> Guenter
>>>>>>  
>>>>>>       
>>>>>>             
>>>>> Ah ! yes, you are right :)
>>>>>
>>>>> The current upstream implementation allowing sysfs and netns to coexist 
>>>>> together has one restriction, the physical network devices can not be 
>>>>> moved if sysfs is enabled in the kernel. This is why Chris can not move 
>>>>> the physical network device with this version of the kernel.
>>>>> This restriction will be set until the sysfs per namespace is fully 
>>>>> supported.
>>>>>
>>>>> This restriction does not exist with with the previous kernel version 
>>>>> with the sysfs per namespace patchset.
>>>>>
>>>>> -- Daniel
>>>>>
>>>>>     
>>>>>           
>>>> Ah, great, thanks to all for your help on this.
>>>> Do you have any rough estimate when the support for sysfs per namespace will
>>>>   
>>>>         
>>> The sysfs per namespace has been rejected because of some design 
>>> problems related with the sysfs itself.
>>> Perhaps Eric can tell more about that...
>>>       
>> Chris, in the meantime, is using the physical device an absolute
>> necessity, or could you work around it for now using a veth tunnel?
>>
>> Even if Eric has been working on the sysfs locking rework quietly
>> the last few months, i'd expect several months of back-and-forth
>> trying to prove that the rework is correct...
>>
>> -serge
>>     
>
> Yes, ultimately we'll need the physical device inside the same namespace
> as our application.  Our application does a lot of management on the interface,
> monitoring things like the interface's link-pulse and such, and that wouldn't
> be available through a virtual interface.  We can always redesign things
> to have the management portion run in the namespace with the physical interface,
> but for performance reasons we'd eventually want the physical interface to be
> directly inside the namespace anyway - so that would probably be wasted effort.
>   
Did you tried with the macvlan ?
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers