Re: [Vserver] Re: Vserver and VRF support

From: Herbert Poetzl <>
Date: Sun 15 Apr 2007 - 18:54:45 BST
Message-ID: <>

On Sat, Apr 14, 2007 at 10:51:31AM +0200, Benny Amorsen wrote:
> >>>>> "DHZ" == Daniel Hokka Zakrisson <> writes:
> DHZ> Albert Mak (almak) wrote:
> >> Is there any work done to make Vserver work with VRF? -Albert
> DHZ> Meaning multiple routing tables? That's already the recommended
> DHZ> way to set different default routes for the guests. Works the
> DHZ> same way they do in Linux.
> It would be very useful to be able to say that traffic from a
> particular vserver needs to go through a particular routing table.

> Right now you have to match on IP address.

that is what IP level isolation is about, separating
networking by IPs ...

> OpenVZ is nicer for this, because each guest gets its own routing
> table which can be manipulated with the normal ip route ... commands.

and as it uses a separate network stack for each guest,
it also adds roughly twice the overhead to networking,
and consumes more than twice the amount of resources ...

> Even policy routing is supported.

not everybody wants/needs virtualized network stacks,
actually only a few, non ip based apps require it to
work properly, but mainline will provide layer 2
virtualization (in addition to the layer 3 isolation
Linux-VServer does) soon, and of course we will support
that too ...

so in the near future you can decide if you prefer to
have a virtual network stack with significant overhead
or just IP isolation with no measureable overhead ...


> /Benny
> _______________________________________________
> Vserver mailing list
Vserver mailing list
Received on Sun Apr 15 19:34:16 2007

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Sun 15 Apr 2007 - 19:34:19 BST by hypermail 2.1.8