Difference between revisions of "Containers/Network virtualization"

From OpenVZ Virtuozzo Containers Wiki
Jump to: navigation, search
m (added to Containers cat.)
m (fixed cat.)
Line 1: Line 1:
{{Category:Containers}}
+
[[Category:Containers]]
  
 
There are a number of approaches to the network virtualization, caused by different requirements for different usages. This page is made in order to summarize them and create solution possibly suitable for all.
 
There are a number of approaches to the network virtualization, caused by different requirements for different usages. This page is made in order to summarize them and create solution possibly suitable for all.

Revision as of 16:48, 1 November 2006


There are a number of approaches to the network virtualization, caused by different requirements for different usages. This page is made in order to summarize them and create solution possibly suitable for all.

Usages

Current known usages are:

  • Virtual Environments - complete OS environment, with it's own users, groups, filesystems and devices;
  • Application Containers - partly isolated environment with application inside.

Approaches

  • virtualization on the 2nd level (OpenVZ);
For input packets context switching is performed in device xmit code, requires virtual device for performing. For output, context is inherited from socket one.
  • virtualization on the 3d level (IBM);
For input packets context switching is performed in routing code, for output - inherited from socket one.
  • socket virtualization (Linux-VServer).
There is no context switching for packets at all, checks are performed between process and socket contexts.

Virtualization table

This is a summary table in order to show which core networking objects are virtualized/isolated in above approaches or not.

Virtualization approach network devices routing tables network sockets netfilters
2d level virtualization v v/i v v
3d level virtualization - i i -
bind filtering - - i -

Legend:

  • 'v' - virtualized
  • 'i' - isolated
  • '-' - neither virtualized nor isolated