Containers/Networking

From OpenVZ Linux Containers Wiki

There are several approaches of how to virtualize networking for containers. Those are desribed below.

Contents 1 Layer 3 virtualized network interface 2 Layer 2 virtualized network interface 3 Layer 3 isolated network (bind filtering) 4 See also

[edit] Layer 3 virtualized network interface

This one is employed by OpenVZ's venet. See venet.

[edit] Layer 2 virtualized network interface

This one is employed by OpenVZ's veth. See veth.

[edit] Layer 3 isolated network (bind filtering)

This one is implemented in Linux-VServer. Basically, when a container calls bind() with INADDR_ANY, kernel actually binds the socket to some specific IP address(es). Some more details (not much) can be found at http://linux-vserver.org/Paper#Network_Separation

[edit] See also

• Differences between venet and veth