Hi Herbert, > well, the 'ip subset' approach Linux-VServer and > other Jail solutions use is very clean, it just does > not match your expectations of a virtual interface > (as there is none) and it does not cope well with > all kinds of per context 'requirements', which IMHO > do not really exist on the application layer (only > on the whole system layer) > > IMHO that would be quite simple, have a 'namespace' > for limiting port binds to a subset of the available > ips and another one which does complete network > virtualization with all the whistles and bells, IMHO > most of them are orthogonal and can easily be combined > > - full network virtualization > - lightweight ip subset > - both > > IMHO this requirement only arises from the full system > virtualization approach, just look at the other jail > solutions (solaris, bsd, ...) some of them do not even > allow for more than a single ip but they work quite > well when used properly ... As far as I see, vserver use a layer 3 solution but, when needed, the veth "component", made by Nestor Pena, is used to provide a layer 2 virtualization. Right ? Having the two solutions, you have certainly a lot if information about use cases. From the point of view of vserver, can you give some examples of when a layer 3 solution is better/worst than a layer 2 solution ? Who wants a layer 2/3 virtualization and why ? These informations will be very useful. Regards -- Daniel