Re: [Vserver] Network - How is it implemented?

From: Herbert Poetzl <herbert_at_13thfloor.at>
Date: Wed 14 Feb 2007 - 18:42:08 GMT
Message-ID: <20070214184207.GA23523@MAIL.13thfloor.at>

On Tue, Feb 13, 2007 at 02:55:58PM +0100, Jaroslav Tomecek wrote:
> Hi,
> I'm writing some comparison of kernel-based virtualization machines. I
> want to know something about Linux-VServer networking. I found something
> (is it true?):
> 1) There is no virtual network device.

  correct, Linux-VServer is based on IP Isolation
  this has two advantages:

     1) overhead is non existant, i.e. you get the full
        performance of the system

     2) the guest does not need to worry about network
        setup, and the host doesn't need to implement
        switching or similar ...

  it also has some drawbacks, namely:

      - you cannot manipulate interfaces inside the guest
      - iptables and routing remains on the host, but
        can be proxied (i.e. done via policy daemon)
     

> 2) Host system works as router.

  well, yes and no, the host system works like any other
  Linux machine, so as a linux system can act as router
  the host can do so too

  networking is kept completely on the host, so nothing
  special (i.e. routing or bridging) is required to
  get the guests working ...

> 3) Any communication among VPS is delivered through the host.

  networking happens on the host, guest-guest and
  guest-host traffic is considered local traffic, so
  all the local traffic rules apply there

> 4) chbind binds some IPs to some process and its children.

  yes, there is a so called network context, which
  contains a set of 'allowed' IPs and netmasks, which
  will apply for all processes inside that context

> What about changes in original Linux binding to INADDR_ANY?

  it will be limited to the subset of host IPs assigned
  to the network context

> How does it work now?

  quite fine actually :)

> Is it possible to make some sets of IP adresses with it?

  yes, although we allow to special case the single ip
  case, by simply replacing INADDR_ANY with that ip,
  the general case is to have a set of (currently up to
  16) different IPs/masks per guest ...

> How? Could you give me some link please?

  sure, best have a look at the source ...
  http://vserver.13thfloor.at/Experimental/patch-2.6.19.3-vs2.2.0-rc12.diff

HTC,
Herbert

> Thanks Jarda
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Wed Feb 14 19:27:00 2007

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 14 Feb 2007 - 19:27:02 GMT by hypermail 2.1.8