Changes

Containers/Network virtualization

319 bytes removed, 10:51, 10 November 2006

no edit summary

For input packets context switching is inherited from the routing entry, for output - inherited from the socket one.

=== Socket ~~virtualization~~ isolation (Linux-VServer) ===

'''Requirements''':

~~# implementation overhead for established tcp connections should be zero;~~

~~# FIXME~~

~~'''Current implementation''':~~

~~There is no context switching for packets at all, checks are performed between process and socket contexts.~~

~~=== Network Isolation (Linux-VServer) ===~~

# all interfaces and IPs are visible on the host

# routing and iptables is configured on the host

| 3d level virtualization || - || i || i || i || -

|-

| ~~bind filtering~~ sockets isolation || - || - || i || - ~~|| -~~|-~~| network isolation || i/m || i || i || i/m~~ || -

|}

* 'v' - virtualized

* 'i' - isolated

* 'm' - mapped

* '-' - neither virtualized nor isolated

[[Category:Containers]]

36

edits