From: Dan Smith <danms@us.ibm.com>
To: "Serge E. Hallyn" <serge@hallyn.com>
Cc: "Serge E. Hallyn" <serue@us.ibm.com>,
containers@lists.osdl.org, netdev@vger.kernel.org
Subject: Re: [PATCH 2/5] C/R: Basic support for network namespaces and devices (v4)
Date: Tue, 23 Feb 2010 09:27:44 -0800 [thread overview]
Message-ID: <87fx4r7tgv.fsf@caffeine.danplanet.com> (raw)
In-Reply-To: <20100223164755.GA31671@hallyn.com> (Serge E. Hallyn's message of "Tue\, 23 Feb 2010 10\:47\:55 -0600")
SH> But there is no guarantee that the checkpointer is in the netns
SH> which we would call the 'top level' netns. Which means that, at
SH> restart, whether or not the devices which are in what we call the
SH> top level netns are in fact inherited or not, will depend on
SH> conditions of the checkpointer. Do we care? (I thought we did,
SH> but maybe we don't... it's unlikely to happen anyway)
Well, when we discussed this on IRC with Oren, I think we came to the
conclusion that since network namespaces aren't hierarchical, that we
would restore things from the "viewpoint" of the process that
checkpointed them. It gives us a sane way to ensure that the peer
devices residing in the init netns can be put back there, even though we
don't checkpoint everything in the init netns (like eth0).
If you checkpoint a veth from within the container and you have a peer
device that is outside the container (but not in a netns that is
checkpointed as part of a task), it's going to fail and tell you that
one of your peers leaked to the outside. I think that's sane and
preferred behavior, no? If you're using macvlan and you checkpoint
from within the container, I think you should be okay, as long as
there is a appropriately named device to base the restored devices on
in whatever netns your restore process is in.
--
Dan Smith
IBM Linux Technology Center
email: danms@us.ibm.com
next prev parent reply other threads:[~2010-02-23 17:27 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-02-16 16:03 Network device and namespace checkpoint/restart (v3) Dan Smith
2010-02-16 16:03 ` [PATCH 1/5] Add checkpoint and collect hooks to net_device_ops Dan Smith
2010-02-16 16:03 ` [PATCH 2/5] C/R: Basic support for network namespaces and devices (v4) Dan Smith
[not found] ` <20100222194523.GA13135@us.ibm.com>
2010-02-23 16:35 ` Dan Smith
2010-02-23 16:47 ` Serge E. Hallyn
2010-02-23 17:27 ` Dan Smith [this message]
2010-02-23 18:49 ` Serge E. Hallyn
2010-02-16 16:03 ` [PATCH 3/5] Add checkpoint support for veth devices (v2) Dan Smith
[not found] ` <1266336187-19105-4-git-send-email-danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2010-02-22 19:56 ` Serge E. Hallyn
2010-02-22 20:25 ` Dan Smith
2010-02-22 20:57 ` Serge E. Hallyn
2010-02-22 21:01 ` Dan Smith
2010-02-16 16:03 ` [PATCH 4/5] Add loopback checkpoint support Dan Smith
2010-02-16 16:09 ` Eric Dumazet
2010-02-16 16:13 ` Dan Smith
2010-02-16 16:03 ` [PATCH 5/5] Add a checkpoint handler to the 'sit' device Dan Smith
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87fx4r7tgv.fsf@caffeine.danplanet.com \
--to=danms@us.ibm.com \
--cc=containers@lists.osdl.org \
--cc=netdev@vger.kernel.org \
--cc=serge@hallyn.com \
--cc=serue@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.