From: David Ahern <lxhacker68-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
To: "Eric W. Biederman" <ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org>
Cc: Andrew Morton
<akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>,
Cong Wang <cwang-xCSkyg8dI+0RB7SZvlqPiA@public.gmane.org>,
containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
"linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org"
<linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Andy Lutomirski <luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org>,
Stephen Hemminger
<stephen-OTpzqLSitTUnbdJkjeBofR2eb7JE58TQ@public.gmane.org>,
netdev <netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
nicolas.dichtel-pdR9zngts4EAvxtiuMwx3w@public.gmane.org,
David Miller <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
Subject: Re: [RFC PATCH net-next v2 0/5] netns: allow to identify peer netns
Date: Fri, 26 Sep 2014 13:44:47 -0600 [thread overview]
Message-ID: <5425C22F.7050301@gmail.com> (raw)
In-Reply-To: <87mw9myy4n.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
On 9/26/14, 1:34 PM, Eric W. Biederman wrote:
> When I wrote the "ip netns" support I never expected that all
> applications would want to run in a specific network namespace. All
> that is needed is one socket per network namespace.
Sure that is another option. But for a process to create a socket or
thread in a second namespace it has to run as root -- CAP_SYS_ADMIN is
needed for setns (or perhaps there is another way to create the socket
or thread in the namespace).
Second, it still does not address the scalability problem. For example a
single daemon providing service across 2k namespaces means it needs 2k
listen sockets. From there a system could have 20, 30 or 50 services
running. Certainly lighter than a process per namespace, but not even
close to ideal when talking about something like VRFs.
David
WARNING: multiple messages have this Message-ID (diff)
From: David Ahern <lxhacker68@gmail.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: nicolas.dichtel@6wind.com, Cong Wang <cwang@twopensource.com>,
netdev <netdev@vger.kernel.org>,
containers@lists.linux-foundation.org,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
linux-api@vger.kernel.org, David Miller <davem@davemloft.net>,
Stephen Hemminger <stephen@networkplumber.org>,
Andrew Morton <akpm@linux-foundation.org>,
Andy Lutomirski <luto@amacapital.net>
Subject: Re: [RFC PATCH net-next v2 0/5] netns: allow to identify peer netns
Date: Fri, 26 Sep 2014 13:44:47 -0600 [thread overview]
Message-ID: <5425C22F.7050301@gmail.com> (raw)
In-Reply-To: <87mw9myy4n.fsf@x220.int.ebiederm.org>
On 9/26/14, 1:34 PM, Eric W. Biederman wrote:
> When I wrote the "ip netns" support I never expected that all
> applications would want to run in a specific network namespace. All
> that is needed is one socket per network namespace.
Sure that is another option. But for a process to create a socket or
thread in a second namespace it has to run as root -- CAP_SYS_ADMIN is
needed for setns (or perhaps there is another way to create the socket
or thread in the namespace).
Second, it still does not address the scalability problem. For example a
single daemon providing service across 2k namespaces means it needs 2k
listen sockets. From there a system could have 20, 30 or 50 services
running. Certainly lighter than a process per namespace, but not even
close to ideal when talking about something like VRFs.
David
next prev parent reply other threads:[~2014-09-26 19:44 UTC|newest]
Thread overview: 150+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-23 13:20 [RFC PATCH net-next v2 0/5] netns: allow to identify peer netns Nicolas Dichtel
2014-09-23 13:20 ` [RFC PATCH net-next v2 1/5] netns: allocate netns ids Nicolas Dichtel
2014-09-23 13:20 ` [RFC PATCH net-next v2 2/5] netns: add genl cmd to get the id of a netns Nicolas Dichtel
2014-09-23 13:20 ` [RFC PATCH net-next v2 3/5] rtnl: add link netns id to interface messages Nicolas Dichtel
2014-09-23 13:20 ` [RFC PATCH net-next v2 4/5] iptunnels: advertise link netns via netlink Nicolas Dichtel
[not found] ` <1411478430-4989-1-git-send-email-nicolas.dichtel-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
2014-09-23 13:20 ` [RFC PATCH net-next v2 1/5] netns: allocate netns ids Nicolas Dichtel
2014-09-23 13:20 ` [RFC PATCH net-next v2 2/5] netns: add genl cmd to get the id of a netns Nicolas Dichtel
2014-09-23 13:20 ` [RFC PATCH net-next v2 3/5] rtnl: add link netns id to interface messages Nicolas Dichtel
2014-09-23 13:20 ` [RFC PATCH net-next v2 4/5] iptunnels: advertise link netns via netlink Nicolas Dichtel
2014-09-23 13:20 ` [RFC PATCH net-next v2 5/5] rtnl: allow to create device with IFLA_LINK_NETNSID set Nicolas Dichtel
2014-09-23 13:20 ` Nicolas Dichtel
2014-09-23 19:22 ` [RFC PATCH net-next v2 0/5] netns: allow to identify peer netns Cong Wang
2014-09-23 19:22 ` Cong Wang
[not found] ` <CAHA+R7NnBJ=T3sukzzp-OD2am1nd318XbrXCX84LfSL=nu9ojw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-09-24 9:23 ` Nicolas Dichtel
2014-09-24 9:23 ` Nicolas Dichtel
[not found] ` <54228D87.3070309-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
2014-09-24 16:01 ` Cong Wang
2014-09-24 16:01 ` Cong Wang
2014-09-24 16:01 ` Cong Wang
[not found] ` <CAHA+R7NfJYzCsZx0E9YVXKVCQbCm_thPSi+80tix8Z9nVA82Ug-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-09-24 16:15 ` Cong Wang
2014-09-24 16:15 ` Cong Wang
[not found] ` <CAHA+R7MVL=WpepRy8iz6iT6Kkq1RHG+b9TxJothP94ixyAj-3Q-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-09-24 16:31 ` Nicolas Dichtel
2014-09-24 16:31 ` Nicolas Dichtel
[not found] ` <5422F1F7.8010308-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
2014-09-24 16:48 ` Cong Wang
2014-09-24 16:48 ` Cong Wang
[not found] ` <CAHA+R7MM04ew=J8sHfSQERwoCAgEDfrGgtgRORqs3ePgtjVYWg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-09-25 8:53 ` Nicolas Dichtel
2014-09-25 8:53 ` Nicolas Dichtel
[not found] ` <5423D808.7050800-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
2014-09-26 1:58 ` Cong Wang
2014-09-26 1:58 ` Cong Wang
[not found] ` <CAHA+R7OdOUMShX6Nphdfh8+fGiXyO+sGNHy0ch_XYh5dpURcmQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-09-26 13:38 ` Nicolas Dichtel
2014-09-26 13:38 ` Nicolas Dichtel
2014-09-24 16:27 ` Nicolas Dichtel
2014-09-24 16:27 ` Nicolas Dichtel
[not found] ` <5422F0F4.6000709-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
2014-09-24 16:45 ` Cong Wang
2014-09-24 16:45 ` Cong Wang
[not found] ` <CAHA+R7Ot2kLHb+ne5AW3bFNc87qkFOiEHEyDh9sFrsHqXgrY3g-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-09-25 8:53 ` Nicolas Dichtel
2014-09-25 8:53 ` Nicolas Dichtel
[not found] ` <5423D80B.9060500-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
2014-09-26 2:09 ` Cong Wang
2014-09-26 2:09 ` Cong Wang
2014-09-26 13:40 ` Nicolas Dichtel
2014-09-26 13:40 ` Nicolas Dichtel
[not found] ` <54256CCB.4000709-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
2014-09-26 19:15 ` David Ahern
2014-09-26 19:15 ` David Ahern
[not found] ` <5425BB3E.10700-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2014-09-26 19:34 ` Eric W. Biederman
2014-09-26 19:34 ` Eric W. Biederman
2014-09-26 19:34 ` Eric W. Biederman
[not found] ` <87mw9myy4n.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-09-26 19:44 ` David Ahern [this message]
2014-09-26 19:44 ` David Ahern
[not found] ` <5425C22F.7050301-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
2014-09-26 20:45 ` Eric W. Biederman
2014-09-26 20:45 ` Eric W. Biederman
2014-09-26 20:45 ` Eric W. Biederman
[not found] ` <87tx3uun4q.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-09-26 20:56 ` David Ahern
2014-09-26 20:56 ` David Ahern
2014-09-26 20:45 ` Eric W. Biederman
2014-09-26 19:34 ` Eric W. Biederman
2014-09-23 19:22 ` Cong Wang
2014-09-23 19:26 ` Andy Lutomirski
2014-09-23 19:26 ` Andy Lutomirski
[not found] ` <CALCETrWnZtWstBviDxcHpLpjHF3R+sgS48RYf2pbKBYeExZVOQ-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-09-24 9:31 ` Nicolas Dichtel
2014-09-24 9:31 ` Nicolas Dichtel
[not found] ` <54228F8B.2030804-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
2014-09-24 17:05 ` Andy Lutomirski
2014-09-24 17:05 ` Andy Lutomirski
[not found] ` <CALCETrXMkV_1XR2mXOoO_2_vpB=6cPbWAAOhPFhPbDa_1P+zxw-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-09-25 7:54 ` Nicolas Dichtel
2014-09-25 7:54 ` Nicolas Dichtel
2014-09-25 7:54 ` Nicolas Dichtel
2014-09-24 17:05 ` Andy Lutomirski
2014-09-26 18:10 ` Eric W. Biederman
2014-09-26 18:10 ` Eric W. Biederman
[not found] ` <87ppei45ig.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-09-26 18:26 ` Andy Lutomirski
2014-09-26 18:26 ` Andy Lutomirski
[not found] ` <CALCETrX5e0cp4QFCv1eAqR1hjoROU9Rh=cRos9U35DaR-py3Eg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-09-26 18:57 ` Eric W. Biederman
2014-09-26 18:57 ` Eric W. Biederman
2014-09-29 12:06 ` Nicolas Dichtel
[not found] ` <54294B4E.70501-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
2014-09-29 18:43 ` Eric W. Biederman
2014-09-29 18:43 ` Eric W. Biederman
[not found] ` <87y4t2gtd0.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-10-02 13:46 ` Nicolas Dichtel
2014-10-02 13:46 ` Nicolas Dichtel
[not found] ` <542D5726.8070308-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
2014-10-02 13:48 ` [RFC PATCH net-next v3 0/4] " Nicolas Dichtel
2014-10-02 13:48 ` Nicolas Dichtel
[not found] ` <1412257690-31253-1-git-send-email-nicolas.dichtel-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
2014-10-02 13:48 ` [RFC PATCH net-next v3 1/4] netns: add genl cmd to add and get peer netns ids Nicolas Dichtel
2014-10-02 13:48 ` Nicolas Dichtel
[not found] ` <1412257690-31253-2-git-send-email-nicolas.dichtel-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
2014-10-02 19:33 ` Eric W. Biederman
2014-10-02 19:33 ` Eric W. Biederman
[not found] ` <87tx3mmflp.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-10-03 12:22 ` Nicolas Dichtel
2014-10-03 12:22 ` Nicolas Dichtel
2014-10-03 12:22 ` Nicolas Dichtel
2014-10-02 13:48 ` Nicolas Dichtel
2014-10-02 13:48 ` [RFC PATCH net-next v3 2/4] rtnl: add link netns id to interface messages Nicolas Dichtel
2014-10-02 13:48 ` Nicolas Dichtel
2014-10-02 13:48 ` [RFC PATCH net-next v3 3/4] iptunnels: advertise link netns via netlink Nicolas Dichtel
2014-10-02 13:48 ` Nicolas Dichtel
2014-10-02 13:48 ` [RFC PATCH net-next v3 4/4] rtnl: allow to create device with IFLA_LINK_NETNSID set Nicolas Dichtel
2014-10-02 13:48 ` Nicolas Dichtel
2014-10-30 15:25 ` [PATCH net-next v4 0/4] netns: allow to identify peer netns Nicolas Dichtel
2014-10-30 15:25 ` Nicolas Dichtel
2014-10-30 15:25 ` Nicolas Dichtel
2014-10-30 15:25 ` [PATCH net-next v4 1/4] netns: add genl cmd to add and get peer netns ids Nicolas Dichtel
[not found] ` <1414682728-4532-2-git-send-email-nicolas.dichtel-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
2014-10-30 18:35 ` Eric W. Biederman
2014-10-30 18:35 ` Eric W. Biederman
[not found] ` <874mulh0cs.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-10-31 9:41 ` Nicolas Dichtel
2014-10-31 9:41 ` Nicolas Dichtel
2014-10-31 9:41 ` Nicolas Dichtel
[not found] ` <1414682728-4532-1-git-send-email-nicolas.dichtel-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
2014-10-30 15:25 ` Nicolas Dichtel
2014-10-30 15:25 ` [PATCH net-next v4 2/4] rtnl: add link netns id to interface messages Nicolas Dichtel
2014-10-30 15:25 ` Nicolas Dichtel
2014-10-30 15:25 ` [PATCH net-next v4 3/4] iptunnels: advertise link netns via netlink Nicolas Dichtel
2014-10-30 15:25 ` Nicolas Dichtel
2014-10-30 15:25 ` [PATCH net-next v4 4/4] rtnl: allow to create device with IFLA_LINK_NETNSID set Nicolas Dichtel
2014-10-30 15:25 ` Nicolas Dichtel
2014-10-30 18:41 ` [PATCH net-next v4 0/4] netns: allow to identify peer netns Eric W. Biederman
2014-10-30 18:41 ` Eric W. Biederman
[not found] ` <871tpph03k.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-10-31 9:48 ` Nicolas Dichtel
2014-10-31 9:48 ` Nicolas Dichtel
[not found] ` <54535B00.5090708-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
2014-10-31 19:14 ` Eric W. Biederman
2014-10-31 19:14 ` Eric W. Biederman
2015-01-15 14:11 ` [PATCH net-next v5 " Nicolas Dichtel
2015-01-15 14:11 ` [PATCH net-next v5 1/4] netns: add rtnl cmd to add and get peer netns ids Nicolas Dichtel
[not found] ` <1421331078-21622-1-git-send-email-nicolas.dichtel-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
2015-01-15 14:11 ` Nicolas Dichtel
2015-01-15 14:11 ` [PATCH net-next v5 2/4] rtnl: add link netns id to interface messages Nicolas Dichtel
2015-01-15 14:11 ` [PATCH net-next v5 3/4] tunnels: advertise link netns via netlink Nicolas Dichtel
2015-01-15 14:11 ` [PATCH net-next v5 4/4] rtnl: allow to create device with IFLA_LINK_NETNSID set Nicolas Dichtel
2015-01-19 19:16 ` [PATCH net-next v5 0/4] netns: allow to identify peer netns David Miller
2015-01-19 19:16 ` David Miller
2015-01-19 19:16 ` David Miller
2015-01-15 14:11 ` [PATCH net-next v5 2/4] rtnl: add link netns id to interface messages Nicolas Dichtel
2015-01-15 14:11 ` [PATCH net-next v5 3/4] tunnels: advertise link netns via netlink Nicolas Dichtel
2015-01-15 14:11 ` [PATCH net-next v5 4/4] rtnl: allow to create device with IFLA_LINK_NETNSID set Nicolas Dichtel
[not found] ` <87wq7g831b.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-11-05 14:23 ` [PATCH net-next v4 0/4] netns: allow to identify peer netns Nicolas Dichtel
2014-11-05 14:23 ` Nicolas Dichtel
[not found] ` <545A32C4.7070108-pdR9zngts4EAvxtiuMwx3w@public.gmane.org>
2014-12-04 16:21 ` Nicolas Dichtel
2014-12-04 16:21 ` Nicolas Dichtel
2015-01-15 14:11 ` [PATCH net-next v5 " Nicolas Dichtel
2014-10-31 9:48 ` [PATCH net-next v4 " Nicolas Dichtel
2014-11-01 21:08 ` David Miller
2014-11-01 21:08 ` David Miller
2014-11-01 21:08 ` David Miller
2014-11-24 13:45 ` Nicolas Dichtel
2014-11-24 13:45 ` Nicolas Dichtel
2014-10-02 19:20 ` [RFC PATCH net-next v2 0/5] " Eric W. Biederman
2014-10-02 19:20 ` Eric W. Biederman
[not found] ` <8761g2nurx.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-10-02 19:31 ` Andy Lutomirski
2014-10-02 19:31 ` Andy Lutomirski
[not found] ` <CALCETrWxqzUF1x+TmW5G4kuHPP+sUtiRaT6dpZ0mQTJ217QB5w-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2014-10-02 19:45 ` Eric W. Biederman
2014-10-02 19:45 ` Eric W. Biederman
[not found] ` <877g0il0gd.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-10-02 19:48 ` Andy Lutomirski
2014-10-02 19:48 ` Andy Lutomirski
2014-10-03 12:22 ` Nicolas Dichtel
2014-10-03 12:22 ` Nicolas Dichtel
2014-10-03 12:22 ` Nicolas Dichtel
[not found] ` <87y4t61a6v.fsf-JOvCrm2gF+uungPnsOpG7nhyD016LWXt@public.gmane.org>
2014-09-29 12:06 ` Nicolas Dichtel
-- strict thread matches above, loose matches on Subject: below --
2014-09-23 13:20 Nicolas Dichtel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5425C22F.7050301@gmail.com \
--to=lxhacker68-re5jqeeqqe8avxtiumwx3w@public.gmane.org \
--cc=akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org \
--cc=containers-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org \
--cc=cwang-xCSkyg8dI+0RB7SZvlqPiA@public.gmane.org \
--cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
--cc=ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org \
--cc=linux-api-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=luto-kltTT9wpgjJwATOyAt5JVQ@public.gmane.org \
--cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=nicolas.dichtel-pdR9zngts4EAvxtiuMwx3w@public.gmane.org \
--cc=stephen-OTpzqLSitTUnbdJkjeBofR2eb7JE58TQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.