Editing Containers/Network virtualization
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone.
Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 7: | Line 7: | ||
== Approaches == | == Approaches == | ||
− | |||
=== Virtualization on the 2nd level (OpenVZ) === | === Virtualization on the 2nd level (OpenVZ) === | ||
− | + | '''Requirements''': | |
− | |||
The main requirement is that containers should have close to standalone servers networking capabilities. In details: | The main requirement is that containers should have close to standalone servers networking capabilities. In details: | ||
Line 22: | Line 20: | ||
− | + | '''Current implementation''': | |
For input packets context switching is performed in netif_receive_skb(), inherited from the device context. For output, context is inherited from the socket one. | For input packets context switching is performed in netif_receive_skb(), inherited from the device context. For output, context is inherited from the socket one. | ||
=== Virtualization on the 3d level (IBM) === | === Virtualization on the 3d level (IBM) === | ||
− | + | '''Requirements''': | |
− | + | # One can ran servers in several containers listening on *:port without conflict and __without__ forcing the bind to use the IP address assigned to the container; | |
− | |||
− | # One can | ||
# The source address will be filled with the container IP address; | # The source address will be filled with the container IP address; | ||
# Keep sockets isolated by namespace; | # Keep sockets isolated by namespace; | ||
Line 37: | Line 33: | ||
# have broadcast and multicast working. | # have broadcast and multicast working. | ||
− | + | '''Current implementation''': | |
For input packets context switching is inherited from the routing entry, for output - inherited from the socket one. | For input packets context switching is inherited from the routing entry, for output - inherited from the socket one. | ||
=== Sockets isolation (Linux-VServer) === | === Sockets isolation (Linux-VServer) === | ||
− | + | '''Requirements''': | |
− | |||
− | |||
# all interfaces and IPs are visible on the host | # all interfaces and IPs are visible on the host | ||
# routing and iptables is configured on the host | # routing and iptables is configured on the host | ||
Line 54: | Line 48: | ||
# Guest-Guest and Guest-Host traffic via Loopback | # Guest-Guest and Guest-Host traffic via Loopback | ||
− | + | '''Current implementation''': | |
Network Context with 'assigned' set of IPs, which are used for 'collision' checks at bind | Network Context with 'assigned' set of IPs, which are used for 'collision' checks at bind | ||
Line 63: | Line 57: | ||
== Virtualization table == | == Virtualization table == | ||
− | This is a summary table in order to show which core networking objects are virtualized/isolated in | + | This is a summary table in order to show which core networking objects are virtualized/isolated in above approaches or not. |
{| class="wikitable" | {| class="wikitable" |