Pavel Emelyanov
Why network namespace sucks and how to make it suck faster
Linux Plumbers Conference,
Portland, OR,
Wednesday, September 23, 2009 from 10:30 – 10:55am
The talk outlines various ways of establishing a networking
communication between a network namespace (a container)
and the outer world, compares their performance and features.
Each namespace implements its own isolated network stack.
Network packets comes to a network stack from network device.
Five different device types that can be used as a packets
sources for containers are demonstrated. Their properties
(mostly performance and maintainability) and features are
compared.
In addition, one more device type is described — the one that is currently
only implemented in the OpenVZ containers. Its pros and cons,
and ways it can be implemented in the mainline kernel are discussed.