[ ... ]
Dmitry Mishin wrote:
Stephen,
Virtualized container can be secure, if it is complete system virtualization,
not just an application container. OpenVZ implements such and it is used hard
over the world. And of course, we care a lot to keep hostile root from
killing whole system.
OpenVZ power !!
OpenVZ uses virtualization on IP level (implemented by Andrey Savochkin,
http://marc.theaimsgroup.com/?l=linux-netdev&m=115572448503723), with all
necessary network objects isolated/virtualized, such as sockets, devices,
routes, netfilters, etc.
No, it uses virtualization at layer 2 and I had already mention it
before (see the first email of the thread), but thank you for the email
thread pointer.
The discussion is not to convince Stephen that layer 2 or layer 3 is the
best but to present the pros and the cons of each solution and to have a
point of view from a network gourou guy.
Regards.
-- Daniel
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
