Changes
→Requirements
== Approaches ==
=== Virtualization on the 2nd level (OpenVZ) ===
The main requirement is that containers should have close to standalone servers networking capabilities. In details:
For input packets context switching is performed in netif_receive_skb(), inherited from the device context. For output, context is inherited from the socket one.
=== Virtualization on the 3d level (IBM) ===
# The source address will be filled with the container IP address;
# Keep sockets isolated by namespace;
# have broadcast and multicast working.
For input packets context switching is inherited from the routing entry, for output - inherited from the socket one.
=== Socket virtualization Sockets isolation (Linux-VServer) ==='''Requirements''':# implementation overhead for established tcp connections should be zero;# FIXME
# all interfaces and IPs are visible on the host
# Guest-Guest and Guest-Host traffic via Loopback
Network Context with 'assigned' set of IPs, which are used for 'collision' checks at bind
== Virtualization table ==
This is a summary table in order to show which core networking objects are virtualized/isolated in the above approaches or and which are not.
{| class="wikitable"
| 3d level virtualization || - || i || i || i || -
|-
| bind filtering sockets isolation || - || - || i || - || -|-| network isolation || i/m || i || i || i/m || -
|}
* 'v' - virtualized
* 'i' - isolated
* '-' - neither virtualized nor isolated
[[Category:Containers]]