"Serge E. Hallyn" <serue-r/Jw6+rmf7HQT0dZR+AlfA@xxxxxxxxxxxxxxxx> writes: > Does anyone else (Eric? Pavel?) have experience with hundreds > or thousands of network namespaces? Hundreds aren't a problem with OpenVZ (I do that in production) and the vanilla kernel namespaces shouldn't be heavier. I don't think performance is a good argument for the patch. However, I do see the appeal of patch anyway. It would be tempting to use cgroups inside a network namespace for administrative reasons, like Grzegorz Nosek proposed. I am not sure if you can create name spaces with the semantics he proposed: - INADDR_LOOPBACK is explicitly allowed (a special case) - INADDR_ANY is remapped to _the_ IP address - _the_ IP address is passed through unharmed - everything else causes -EPERM If you can get those semantics (or something close) already, then the patch isn't useful. /Benny _______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linux-foundation.org/mailman/listinfo/containers