Why network namespace sucks and how to make it suck faster

Short Talk
Scheduled: Wednesday, September 23, 2009 from 10:30 – 10:55am in Salon E


The talk outlines various ways of establishing a networking
communication between a network namespace (a container)
and the outer world, compares their performance and features.


Each namespace implements its own isolated network stack.
Network packets comes to a network stack from network device.
Five different device types that can be used as a packets
sources for containers are demonstrated. Their properties
(mostly performance and maintainability) and features are

In addition, one more device type is described — the one that is currently only implemented in the OpenVZ containers. Its pros and cons, and ways it can be implemented in the mainline kernel are discussed.


containers, openvz, linux, kernel, networking, performance, development


  • Biography

    Pavel Emelyanov is a core PVC/OpenVZ kernel developer working in the project for the last five years. He participates in development of all subsystems and features and maintains development OpenVZ kernel branches. Pavel is also a prolific mainstream kernel contributor. He holds a PhD in Computer Science from the Moscow Institute of Physics and Technology.

Leave a private comment to organizers about this proposal