Abstract
Container-based virtualization is the most popular solution for isolating resources among users in a shared testbed. Container achieves good performance but makes the code quite complicated and hard to maintain, to debug and to deploy. We explore an alternative philosophy to enable the isolation based on commodity OS, i.e., utilizing existing features in commodity OS as much as possible rather than introducing complicated containers. Merely granting each user-id in the OS a dedicated and isolated network address as well as specific routing table, we enhance the commodity OS with the functionality of network namespace isolation. We posit that an OS’s built-in features plus our feather-weight enhancement meet basic requirements for separating activities among different users of a shared testbed. Applying our prototype which has been implemented, we demonstrate the functionality of our solution can support a VINI-like environment with marginal cost of engineering and tiny overhead.
This work has been partly supported by Ministry of Internal Affairs and Communications (MIC) of the Japanese Government.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Freebsd architecture handbook, http://www.freebsd.org/doc/en/books/archhandbook/jail.html
Linux network namespace (NetNS), http://lxc.sourceforge.net/network.php
Linux VServer, http://www.linux-vserver.org/
Netperf, http://www.netperf.org/
OpenVZ, http://wiki.openvz.org/MainPage
VMWare, http://www.vmware.com/
Xen, http://www.xen.org/
Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: SOSP 2003: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pp. 164–177. ACM, New York (2003)
Bavier, A., Feamster, N., Huang, M., Peterson, L., Rexford, J.: In vini veritas: realistic and controlled network experimentation. SIGCOMM Comput. Commun. Rev. 36(4), 3–14 (2006)
Bhatia, S., Motiwala, M., Mühlbauer, W., Mundada, Y., Valancius, V., Bavier, A., Feamster, N., Peterson, L., Rexford, J.: Trellis: A platform for building flexible, fast virtual networks on commodity hardware. In: ACM ROADS Workshop 2008, Madrid, Spain (December 2008)
Chen, M., Nakao, A., Bonaventure, O., Li, T.: UOA: Useroriented addressing for slice computing. In: Proceedings of ITC Specialist Seminar on Network Virtualization, Hoi An, Vietnam (May 2009)
Hibler, M., Ricci, R., Stoller, L., Duerig, J., Guruprasad, S., Stack, T., Webb, K., Lepreau, J.: Large-scale virtualization in the emulab network testbed. In: ATC 2008: USENIX, Annual Technical Conference, pp. 113–128. USENIX Association, Berkeley (2008)
Peterson, L., Anderson, T., Culler, D., Roscoe, T.: A Blueprint for Introducing Disruptive Technology into the Internet. In: Proceedings of the 1st Workshop on Hot Topics in Networks (HotNetsI), Princeton, New Jersey (October 2002)
Peterson, L., Muir, S., Roscoe, T., Klingaman, A.: PlanetLab Architecture: An Overview. Technical Report PDN–06–031, PlanetLab Consortium (May 2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 ICST Institute for Computer Science, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Chen, M., Nakao, A. (2011). Feather-Weight Network Namespace Isolation Based on User-Specific Addressing and Routing in Commodity OS. In: Magedanz, T., Gavras, A., Thanh, N.H., Chase, J.S. (eds) Testbeds and Research Infrastructures. Development of Networks and Communities. TridentCom 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 46. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17851-1_4
Download citation
DOI: https://doi.org/10.1007/978-3-642-17851-1_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17850-4
Online ISBN: 978-3-642-17851-1
eBook Packages: Computer ScienceComputer Science (R0)