[
https://issues.apache.org/jira/browse/MESOS-4343?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Avinash Sridharan updated MESOS-4343:
-------------------------------------
Comment: was deleted
(was: Epic describing the net_cls infrastructure being introduced in mesos. )
> Introduce the ability to assign network handles to mesos containers
> -------------------------------------------------------------------
>
> Key: MESOS-4343
> URL: https://issues.apache.org/jira/browse/MESOS-4343
> Project: Mesos
> Issue Type: Epic
> Components: containerization
> Reporter: Avinash Sridharan
> Assignee: Avinash Sridharan
> Labels: containers, mesosphere
>
> Linux provides net_cls as a cgroup subsystem. A net_cls cgroup is associated
> with a 16-bit major handle and a 16-bit minor handle. When a task is
> associated with a net_cls cgroup, the kernel tags every packet being
> generated by the task with the major and minor handle associated with the
> net_cls cgroup that the task belongs too. These tags are then used by network
> performance shaping and firewall tools such as tc (traffic controller) and
> iptables.
> Currently, mesos agents do not provide any isolator that can enable
> mesos-containers in a net_cls cgroup, or assign network handles to a net_cls
> cgroup. As part of this epic we plan to achieve the following:
> a) Implement net_cls cgroup isolator for mesos agents.
> b) Implement an net-handles allocator class that can manage.
> c) Allow operators to set a major network handle when launching an agent.
> d) Expose the net_cls network handle allocated to a container, to entities
> such as operators and frameworks.
> Once the above goals are met operators can learn about network handles
> allocated to containers and apply them to tools such as tc and iptables to
> enforce network policies.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
