Re: strict isolation of net interfaces
From: Daniel Lezcano
Date: Tue Jul 04 2006 - 08:28:18 EST
Andrey Savochkin wrote:
I still can't completely understand your direction of thoughts.
Could you elaborate on IP address assignment in your diagram, please? For
example, guest0 wants 127.0.0.1 and 192.168.0.1 addresses on its lo
interface, and 10.1.1.1 on its eth0 interface.
Does this diagram assume any local IP addresses on v* interfaces in the
"host"?
And the second question.
Are vlo0, veth0, etc. devices supposed to have hard_xmit routines?
Andrey,
some people are interested by a network full isolation/virtualization
like you did with the layer 2 isolation and some other people are
interested by a light network isolation done at the layer 3. This one is
intended to implement "application container" aka "lightweight container".
In the case of a layer 3 isolation, the network interface is not totally
isolated and the debate here is to find a way to have something
intuitive to manage the network devices.
IHMO, all the discussion we had convinced me of the needs to have the
possibility to choose between a layer 2 or a layer 3 isolation.
If it is ok for you, we can collaborate to merge the two solutions in
one. I will focus on layer 3 isolation and you on the layer 2.
Regards
- Daniel
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/