On Sat, Apr 14, 2007 at 10:51:31AM +0200, Benny Amorsen wrote:
> >>>>> "DHZ" == Daniel Hokka Zakrisson <daniel@hozac.com> writes:
>
> DHZ> Albert Mak (almak) wrote:
> >> Is there any work done to make Vserver work with VRF? -Albert
>
> DHZ> Meaning multiple routing tables? That's already the recommended
> DHZ> way to set different default routes for the guests. Works the
> DHZ> same way they do in Linux.
>
> It would be very useful to be able to say that traffic from a
> particular vserver needs to go through a particular routing table.
> Right now you have to match on IP address.
that is what IP level isolation is about, separating
networking by IPs ...
> OpenVZ is nicer for this, because each guest gets its own routing
> table which can be manipulated with the normal ip route ... commands.
and as it uses a separate network stack for each guest,
it also adds roughly twice the overhead to networking,
and consumes more than twice the amount of resources ...
> Even policy routing is supported.
not everybody wants/needs virtualized network stacks,
actually only a few, non ip based apps require it to
work properly, but mainline will provide layer 2
virtualization (in addition to the layer 3 isolation
Linux-VServer does) soon, and of course we will support
that too ...
so in the near future you can decide if you prefer to
have a virtual network stack with significant overhead
or just IP isolation with no measureable overhead ...
best,
Herbert
> /Benny
>
>
> _______________________________________________
> Vserver mailing list
> Vserver@list.linux-vserver.org
> http://list.linux-vserver.org/mailman/listinfo/vserver
_______________________________________________
Vserver mailing list
Vserver@list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver
Received on Sun Apr 15 19:34:16 2007