From: ebiederm@xmission.com (Eric W. Biederman)
To: Michael Kerrisk <mtk.manpages@googlemail.com>
Cc: Pavel Emelyanov <xemul@openvz.org>,
David Miller <davem@davemloft.net>,
lkml <linux-kernel@vger.kernel.org>,
linux-man@vger.kernel.org,
Subrata Modak <subrata@linux.vnet.ibm.com>,
Stephen Hemminger <shemminger@linux-foundation.org>,
adobriyan@gmail.com, Patrick McHardy <kaber@trash.net>,
den@openvz.org, Daniel Lezcano <dlezcano@fr.ibm.com>
Subject: Re: Current state of Network Namespaces (NETNS, CLONE_NEWNET)?
Date: Wed, 19 Nov 2008 17:37:35 -0800 [thread overview]
Message-ID: <m1d4grfa8w.fsf@frodo.ebiederm.org> (raw)
In-Reply-To: <492489D1.5080502@gmail.com> (Michael Kerrisk's message of "Wed, 19 Nov 2008 16:49:05 -0500")
Michael Kerrisk <mtk.manpages@googlemail.com> writes:
> Sorry for the shotgun mail, but in the end, it's
> not clear who can best answer my question(s).
>
> I'm currently trying to add documentation of all of
> the undocumented CLONE_* flags. One of these is
> CLONE_NEWNET, and I could use (quite a lot of) help.
>
> My questions:
>
> What is the current state of the network namespace
> implementation? Is it complete?
No. It is fairly close though and there is general agreement
on what it is.
ipv4 and ipv6 are mostly complete and useable.
ip tables support is in progress.
sysfs support is in progress.
decnet and other protocols are possible but there is not currently
any active work in that direction.
> What objects are considered part of the network
> namespace, and therefore distinct for a new network
> namespace?
A network namespace is to user space a new logical
instance of the kernel networking stack.
The full kernel networking stack is available in the
initial network namespace. A subset of the kernel
networking stack is available in other network namespaces
depending upon how much code has been converted.
Network devices live in exactly one network namespace.
> Is there any documentation for network namespaces
> already?
Not much. Nor should it need much unique documentation.
Currently the truly unique command is:
ip link set <netdev> netns <pid>
Which moves a network device from one network namespace to another.
There are the veth pair network devices.
Designed so you can put one end in one network namespace and another
end in another network namespace.
There is the macvlan driver that can be sued to create multiple mac addresses
for your ethernet devices allowing native speed inside of a network namespace
on a machine with only one NIC.
There is the fact that /proc/net is now network namespace unique
There is the interesting games we play with /proc/sys/ so we have per network
namespace sysctls.
Other unique network namespace work under discussion.
- Unix domain sockets across network namespaces.
Is doable but we haven't considered all of the technical details.
- The ongoing discussion about how we provide a more managable interface
to network namespaces for people doing the whole linux-vrf thing.
Eric
next prev parent reply other threads:[~2008-11-20 1:46 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-11-19 21:49 Current state of Network Namespaces (NETNS, CLONE_NEWNET)? Michael Kerrisk
2008-11-20 1:37 ` Eric W. Biederman [this message]
2008-11-20 2:50 ` Alexey Dobriyan
2008-11-20 7:54 ` Daniel Lezcano
2008-11-20 8:04 ` Subrata Modak
2008-11-20 18:20 ` CLONE_NEWNET documentation Michael Kerrisk
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1d4grfa8w.fsf@frodo.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=adobriyan@gmail.com \
--cc=davem@davemloft.net \
--cc=den@openvz.org \
--cc=dlezcano@fr.ibm.com \
--cc=kaber@trash.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-man@vger.kernel.org \
--cc=mtk.manpages@googlemail.com \
--cc=shemminger@linux-foundation.org \
--cc=subrata@linux.vnet.ibm.com \
--cc=xemul@openvz.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox