'''==== Requirements''':====

'''==== Current implementation''':====

'''==== Requirements''':==== # One can ran run servers in several containers listening on *:port without conflict and __without__ forcing the bind to use the IP address assigned to the container;

'''==== Current implementation''':====

=== Socket virtualization Sockets isolation (Linux-VServer) === ==== Requirements ==== # all interfaces and IPs are visible on the host# routing and iptables is configured on the host# guest has a subset of IPs assigned for 'binding'# source ip (of guest packets) is within the assigned set# 'Requirements''local':guest traffic is isolated from other guests# implementation no measurable overhead for established tcp connections should be zero;on packet routing# normal routing not impaired (same behaviour as without)# FIXMEGuest-Guest and Guest-Host traffic via Loopback ==== Current implementation ====

Network Context with 'assigned'set of IPs, which are used for 'Current implementationcollision'checks at bindtime, 'source':checks at send time and 'destination' checks at receive time. The firstassigned IPs is handled special as it is used for routing decisions outside the IP set.Loopback traffic isolation is done via IP 'remapping'.

This is a summary table in order to show which core networking objects are virtualized/isolated in the above approaches or and which are not.

! width="1310%" | network devices! Width="1310%" | routing tables! Width="1310%" | network sockets! Width="1310%" | loopback! Width="10%" | netfilters

| 2d level virtualization || v || v/i || v || v || v

| 3d level virtualization || - || i || i || i || -

| bind filtering sockets isolation || - || - || i || - || -