----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/36281/#review90798 -----------------------------------------------------------
docs/network-isolation.md (line 7) <https://reviews.apache.org/r/36281/#comment143942> "which require to listen" is incorrect "a minimum choose a port in the Linux host ephemeral port range" hmmmm, what? I presume you really mean they should bind(0) and use what the kernel tells them to... saying "specific ports" here will be interpreted as 'I want my container to listen to port 80', not that I want to bind some specific port that I can then discover. docs/network-isolation.md (line 25) <https://reviews.apache.org/r/36281/#comment143925> This sentence is not clear, suggest rewording as "> 2.6.39 is advised for debugging purposes but is not required" docs/network-isolation.md (line 27) <https://reviews.apache.org/r/36281/#comment143926> s/development package for libnl3/libnl3 development package/ docs/network-isolation.md (line 48) <https://reviews.apache.org/r/36281/#comment143927> what does "but only assigned ports will be allocated by the kernel mean"? this is not clear. Please also state here that the ephemeral range is split and assigned. docs/network-isolation.md (line 52) <https://reviews.apache.org/r/36281/#comment143930> I think it's potentially confusing to call them short-lived (yes, I know that's historically how they've been used and how wikipedia categorizes them), since applications are free to bind to them as use them for the entirety of the job lifetime. docs/network-isolation.md (line 60) <https://reviews.apache.org/r/36281/#comment143933> You can write directly to `/proc/sys/net/ipv4/ip_local_port_range`. Please state why the reboot is (strongly) advised. docs/network-isolation.md (line 70) <https://reviews.apache.org/r/36281/#comment143935> Is it also recommended that ephemeral_ports per container be power-2 sized and aligned? Can you be precise in the limit on the number of containers? Can you document here the master flag to set a global limit to the number of containers to each slave used as a workaround because ephemeral ports are not exposed to the master. s/packets/packet/ docs/network-isolation.md (line 77) <https://reviews.apache.org/r/36281/#comment143938> Can you state and explain why there's no shaping/limit on ingress? State explicitly that shaping delays traffic and will not drop packets. - Ian Downes On July 7, 2015, 2:54 p.m., Paul Brett wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/36281/ > ----------------------------------------------------------- > > (Updated July 7, 2015, 2:54 p.m.) > > > Review request for mesos, Ian Downes, Jie Yu, and Cong Wang. > > > Repository: mesos > > > Description > ------- > > Document per-container unique egress flows and network queueing statistics. > > > Diffs > ----- > > docs/home.md bc277910907c381c08835b6e9d485b27d6da5002 > docs/network-isolation.md PRE-CREATION > docs/network-monitoring.md 8889fb165cc70bc382be0c99de8d7748328abf57 > > Diff: https://reviews.apache.org/r/36281/diff/ > > > Testing > ------- > > Rendered at https://www.notehub.org/2015/7/7/network-isolation for review. > > > Thanks, > > Paul Brett > >
