Re: Net containers config and usage

[Daniel Lezcano <daniel.lezcano-GANU6spQydw@public.gmane.org>]

chris-SqNQQPNds68nxqbYAscKCQ@public.gmane.org wrote:
> On Wed, Jan 14, 2009 at 01:26:34PM -0600, Serge E. Hallyn wrote:
>   
>> Quoting Daniel Lezcano (daniel.lezcano-GANU6spQydw@public.gmane.org):
>>     
>>> chris-SqNQQPNds68nxqbYAscKCQ@public.gmane.org wrote:
>>>       
>>>> On Wed, Jan 14, 2009 at 09:50:29AM +0100, Daniel Lezcano wrote:
>>>>   
>>>>         
>>>>> Guenter Roeck wrote:
>>>>>     
>>>>>           
>>>>>> As far as I recall, if you have sysfs active and use the sysfs patch to
>>>>>> let you configure both sysfs and network namespaces, you can only move
>>>>>> virtual interfaces into a network namespace.
>>>>>>
>>>>>> Guenter
>>>>>>  
>>>>>>       
>>>>>>             
>>>>> Ah ! yes, you are right :)
>>>>>
>>>>> The current upstream implementation allowing sysfs and netns to coexist 
>>>>> together has one restriction, the physical network devices can not be 
>>>>> moved if sysfs is enabled in the kernel. This is why Chris can not move 
>>>>> the physical network device with this version of the kernel.
>>>>> This restriction will be set until the sysfs per namespace is fully 
>>>>> supported.
>>>>>
>>>>> This restriction does not exist with with the previous kernel version 
>>>>> with the sysfs per namespace patchset.
>>>>>
>>>>> -- Daniel
>>>>>
>>>>>     
>>>>>           
>>>> Ah, great, thanks to all for your help on this.
>>>> Do you have any rough estimate when the support for sysfs per namespace will
>>>>   
>>>>         
>>> The sysfs per namespace has been rejected because of some design 
>>> problems related with the sysfs itself.
>>> Perhaps Eric can tell more about that...
>>>       
>> Chris, in the meantime, is using the physical device an absolute
>> necessity, or could you work around it for now using a veth tunnel?
>>
>> Even if Eric has been working on the sysfs locking rework quietly
>> the last few months, i'd expect several months of back-and-forth
>> trying to prove that the rework is correct...
>>
>> -serge
>>     
>
> Yes, ultimately we'll need the physical device inside the same namespace
> as our application.  Our application does a lot of management on the interface,
> monitoring things like the interface's link-pulse and such, and that wouldn't
> be available through a virtual interface.  We can always redesign things
> to have the management portion run in the namespace with the physical interface,
> but for performance reasons we'd eventually want the physical interface to be
> directly inside the namespace anyway - so that would probably be wasted effort.
>   
Did you tried with the macvlan ?