On Mon, Jun 25, 2012 at 09:12:58AM +1000, Steve Kieu wrote:
>> I investigated this a bit further.
>> - The simple trick of bind-mounting a suitable directory
>> on /proc/net works in a very limited way as /proc/net is a
>> symlink to /proc/self/net
> I think you should never try that.
> When mount bind you effectively use the deferent network
> namespace for the new namespace in teh vserver.
you cannot bind mount across namespaces (atm)
> Looks like it works in someway but it will mess up your
> host network.
it is very unlikely that a bind mount will mess up the
(host) networking
> Use unshare as you already noted below then you have completely
> new ns
unshare will allow you to create new namespaces, but
you have to tell the kernel what namespaces you want
to unshare
>> Atm I assume there is a bug in util-vserver and if it is only
>> using an old/obsolete approach to enable the namespaces or a
>> collision between /proc/self/net-hiding and namespaces.
there is no old/obsolete approach to enabling namespaces
and I'm pretty confident util-vserver does nothing wrong
here
> As I said before - it is not the network namespace in the
> kernel but it is vserver utils tool.
util-vserver does not unshare network namespaces unless
you tell it to, by default, util-vserver (and Linux-VServer)
use network isolation not network namespaces.
> The thing is, if the vserver folks think layer 2 networking
> virtualization *is* important or not. then they can actively
> fix the bug (or not to).
not sure what 'the bug' actually is ...
> I encountered a strange problem with vserver networking before
> and really not happy with the way it is. The problem that when
> vserver share a bridge with the host (use bridge because I want
> that network to be used for kvm as well) and when a kvm machine
> using same bridge be turned off - Or some vserver use the
> bridge got turned off - the whole bridge lose their connection
> - sometimes it is recovered by itself but most of the time not.
I'm happily using Linux-VServer together with kvm on a
routed as well as bridged setup and never encountered
any issues (why would there be any? Linux-VServer does
not mess with layer 2)
> I have to login to the host (in different interface) and do
> arpping to manually update mac addr with IP to get it up. not
> sure why -
I presume your problem is related to a primary IP
disappearing and the 'promote secondaries' feature
being disabled (note that this is not even Linux-VServer
related, it's a mainline networking 'feature')
> The problem is gone away currently with my LXC containers setup.
> I do hope that the vserver devs fix the bug so I can use
> network ns again with vserver.
please elaborate what 'the bug' is in your opinion and
describe the setup where 'you used network namespaces with
Linux-VServer'
thanks,
Herbert
> Thanks,
>> Regards,
>> Adrian
>> --
>> LiHAS - Adrian Reyer - Hessenwiesenstraße 10 - D-70565 Stuttgart
>> Fon: +49 (7 11) 78 28 50 90 - Fax: +49 (7 11) 78 28 50 91
>> Mail: lihas_at_lihas.de - Web: http://lihas.de
>> Linux, Netzwerke, Consulting & Support - USt-ID: DE 227 816 626 Stuttgart
> --
> Steve Kieu
Received on Wed Jun 27 03:25:20 2012