Testimonials

2006-12-06T09:12:13Z

Bertl:

'''Following are some sample comments we've received from OpenVZ users.'''

Hello all, just downloaded and installed OpenVZ, and i must say its a big improvement over other VPS systems that i have tested IMHO.
[http://forum.openvz.org/index.php?t=tree&goto=646&#msg_646]

----

Virtuozzo and openvz are wonderful - I don't know why more people aren't
using them. I hear a lot of hype for xen and usermode but
virtuozzo/openvz is so great for many common needs.
[http://forum.openvz.org/index.php?t=rview&goto=650#msg_650]

----

For my needs, OpenVZ is better than Xen. The one-kernel approach conserves memory, leaving more for applications. And having all VPS in one disk partition saves disk space. A surprise bonus was the template cache management with yum. The ease of keeping templates updated and quickly installing new operating environments is yummy!
[http://forum.openvz.org/index.php?t=rview&goto=3119#msg_3119]

----

Last week when we were in limbo about what to do, it was decided to try out XEN Virtualization. From what is written in the press the Xen system has alot of promise, Features such as opensource with live migration and backups sounds great; but was far too complicated to get working in our configuration. OpenVZ was the only virtual server system that was simple to install and get working.
[http://forum.openvz.org/index.php?t=msg&goto=568#msg_568]

----

It still amazes me how well OpenVZ works.
[http://forum.openvz.org/index.php?t=msg&th=368&#msg_2086]

----

[03:30:15] <pookey> well, I've been using openvz for all of about an hour, and I'm pretty impressed so far :)<br/>
''from #openvz IRC channel''

----

Fri Nov 03 2006 [08:57:13] < msm> darn, 2.6.18-028test002.1 still crashes on boot on my amd64-machine :(<br/>
Thu Nov 09 2006 [11:31:37] < msm> shit, 2.6.18-ovz still crashes on amd64 :(<br/>
Sun Nov 19 2006 [14:35:54] < msm> kir/tresh: 2.6.18 028test005.1 still crashes on amd64, bug #351<br/>
''from #openvz IRC channel''

Containers/Network virtualization

2006-11-08T17:13:36Z

Bertl: added Linux-VServer

There are a number of approaches to the network virtualization, caused by different requirements for different usages. This page is made in order to summarize them and create solution suitable for all.

== Usages ==
Current known usages are:
* Virtual Environments - complete OS environment, with it's own users, groups, filesystems and devices;
* Application Containers - partly isolated environment with application inside.

== Approaches ==
=== Virtualization on the 2nd level (OpenVZ) ===
'''Requirements''':

The main requirement is that containers should have close to standalone servers networking capabilities. In details:
# containers should have own loopback;
# containers should have ability to setup their own level 3 addresses;
# containers should have ability to sniff their traffic;
# containers should have ability to setup their own routes;
# containers should have ability to receive multicast/broadcast packets;
# containers should have their own netfilters;
# containers should have at least one level 2 device;

'''Current implementation''':

For input packets context switching is performed in netif_receive_skb(), inherited from the device context. For output, context is inherited from the socket one.

=== Virtualization on the 3d level (IBM) ===
'''Requirements''':
# One can ran servers in several containers listening on *:port without conflict and __without__ forcing the bind to use the IP address assigned to the container;
# The source address will be filled with the container IP address;
# Keep sockets isolated by namespace;
# have the loopback isolated;
# have the performance near to native as possible;
# have broadcast and multicast working.

'''Current implementation''':

For input packets context switching is inherited from the routing entry, for output - inherited from the socket one.

=== Socket virtualization ===
'''Requirements''':
# implementation overhead for established tcp connections should be zero;
# FIXME

'''Current implementation''':

There is no context switching for packets at all, checks are performed between process and socket contexts.

=== Network Isolation (Linux-VServer) ===

# all interfaces and IPs are visible on the host
# routing and iptables is configured on the host
# guest has a subset of IPs assigned for 'binding'
# source ip (of guest packets) is within the assigned set
# 'local' guest traffic is isolated from other guests
# no measurable overhead on packet routing
# normal routing not impaired (same behaviour as without)
# Guest-Guest and Guest-Host traffic via Loopback

'''Current implementation''':

Network Context with 'assigned' set of IPs, which are used for 'collision' checks at bind
time, 'source' checks at send time and 'destination' checks at receive time. The first
assigned IPs is handled special as it is used for routing decisions outside the IP set.
Loopback traffic isolation is done via IP 'remapping'.

== Virtualization table ==
This is a summary table in order to show which core networking objects are virtualized/isolated in above approaches or not.

{| class="wikitable"
! width="20%" | Virtualization approach
! width="10%" | network devices
! Width="10%" | routing tables
! Width="10%" | network sockets
! Width="10%" | loopback
! Width="10%" | netfilters
|-
| 2d level virtualization || v || v/i || v || v || v
|-
| 3d level virtualization || - || i || i || i || -
|-
| bind filtering || - || - || i || - || -
|-
| network isolation || i/m || i || i || i/m || -
|}

Legend:
* 'v' - virtualized
* 'i' - isolated
* 'm' - mapped
* '-' - neither virtualized nor isolated

[[Category:Containers]]

OpenVZ Virtuozzo Containers Wiki - User contributions [en]

Testimonials

Containers/Network virtualization