Net containers config and usage
chris at versecorp.net
chris at versecorp.net
Wed Jan 14 11:39:44 PST 2009
On Wed, Jan 14, 2009 at 01:26:34PM -0600, Serge E. Hallyn wrote:
> Quoting Daniel Lezcano (daniel.lezcano at free.fr):
> > chris at versecorp.net wrote:
> > > On Wed, Jan 14, 2009 at 09:50:29AM +0100, Daniel Lezcano wrote:
> > >
> > >> Guenter Roeck wrote:
> > >>
> > >>> As far as I recall, if you have sysfs active and use the sysfs patch to
> > >>> let you configure both sysfs and network namespaces, you can only move
> > >>> virtual interfaces into a network namespace.
> > >>>
> > >>> Guenter
> > >>>
> > >>>
> > >> Ah ! yes, you are right :)
> > >>
> > >> The current upstream implementation allowing sysfs and netns to coexist
> > >> together has one restriction, the physical network devices can not be
> > >> moved if sysfs is enabled in the kernel. This is why Chris can not move
> > >> the physical network device with this version of the kernel.
> > >> This restriction will be set until the sysfs per namespace is fully
> > >> supported.
> > >>
> > >> This restriction does not exist with with the previous kernel version
> > >> with the sysfs per namespace patchset.
> > >>
> > >> -- Daniel
> > >>
> > >>
> > >
> > > Ah, great, thanks to all for your help on this.
> > > Do you have any rough estimate when the support for sysfs per namespace will
> > >
> > The sysfs per namespace has been rejected because of some design
> > problems related with the sysfs itself.
> > Perhaps Eric can tell more about that...
>
> Chris, in the meantime, is using the physical device an absolute
> necessity, or could you work around it for now using a veth tunnel?
>
> Even if Eric has been working on the sysfs locking rework quietly
> the last few months, i'd expect several months of back-and-forth
> trying to prove that the rework is correct...
>
> -serge
Yes, ultimately we'll need the physical device inside the same namespace
as our application. Our application does a lot of management on the interface,
monitoring things like the interface's link-pulse and such, and that wouldn't
be available through a virtual interface. We can always redesign things
to have the management portion run in the namespace with the physical interface,
but for performance reasons we'd eventually want the physical interface to be
directly inside the namespace anyway - so that would probably be wasted effort.
Thanks,
Chris
More information about the Containers
mailing list