Re: Network stack cloning / virtualization patches
From: Marko Zec (zec_at_tel.fer.hr)
Date: 05/26/03
- Previous message: Attila Nagy: "Re: A problem with too many network interfaces"
- In reply to: Vincent Jardin: "Re: Network stack cloning / virtualization patches"
- Next in thread: Marko Zec: "Re: Network stack cloning / virtualization patches"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 26 May 2003 18:45:01 +0200 To: Vincent Jardin <vjardin@wanadoo.fr>
Vincent Jardin wrote:
> Since the last EuroBSD 2002 conference, there are 2 architectures to support
> VPNs with FreeBSD : your patch and the Riccardo Scandariato one
> (http://softeng.polito.it/freebsd/) that is very good too.
>
> From a VPN point of view, how could both projects be compared ?
> Do you think that both projects could be merged or are there too much
> differences between your two projects ?
Riccardo's VPN patches were designed specifically for supporting VPNs by
basically virtualizing only the IP routing tables. The network stack cloning
model is more generic, as it doesn't stop at the virtualization of the routing
tables, but rather also provides multiple independent network interface lists,
inbound queues, hash & PCB tables, IPFW rulesets, sysctl tunables, traffic
counters / statistics etc. But the basic implementation idea and the motivation
is quite similar for both frameworks, and they can both support IP-tunnel based
overlay VPNs with overlapping addresing spaces.
>From the userland API perspective the two approaches are slightly different.
Riccardo's patches extended the socket API, so that the applications which
require to operate on virtualized routing tables have also to be modified and
recompiled. My model provides a single management utility which can be used to
spawn new processes bound to a specific network stack instance. Once the
processes are assigned to a network stack, all existing userland applications
and utilities can operate on that stack without any modifications. Although the
described two approaches might seem to follow fundamentally different ideas, IMO
both frameworks could be easily modified to adopt the userland API convention of
the other, if necessary.
Marko
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Attila Nagy: "Re: A problem with too many network interfaces"
- In reply to: Vincent Jardin: "Re: Network stack cloning / virtualization patches"
- Next in thread: Marko Zec: "Re: Network stack cloning / virtualization patches"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
