Research Article
Feather-Weight Network Namespace Isolation Based on User-Specific Addressing and Routing in Commodity OS
@INPROCEEDINGS{10.1007/978-3-642-17851-1_4, author={Maoke Chen and Akihiro Nakao}, title={Feather-Weight Network Namespace Isolation Based on User-Specific Addressing and Routing in Commodity OS}, proceedings={Testbeds and Research Infrastructures. Development of Networks and Communities. 6th International ICST Conference, TridentCom 2010, Berlin, Germany, May 18-20, 2010, Revised Selected Papers}, proceedings_a={TRIDENTCOM}, year={2012}, month={10}, keywords={slice computing name space isolation socket networking}, doi={10.1007/978-3-642-17851-1_4} }- Maoke Chen
Akihiro Nakao
Year: 2012
Feather-Weight Network Namespace Isolation Based on User-Specific Addressing and Routing in Commodity OS
TRIDENTCOM
Springer
DOI: 10.1007/978-3-642-17851-1_4
Abstract
Container-based virtualization is the most popular solution for isolating resources among users in a shared testbed. Container achieves good performance but makes the code quite complicated and hard to maintain, to debug and to deploy. We explore an alternative philosophy to enable the isolation based on commodity OS, i.e., utilizing existing features in commodity OS as much as possible rather than introducing complicated containers. Merely granting each user-id in the OS a dedicated and isolated network address as well as specific routing table, we enhance the commodity OS with the functionality of network namespace isolation. We posit that an OS’s built-in features plus our feather-weight enhancement meet basic requirements for separating activities among different users of a shared testbed. Applying our prototype which has been implemented, we demonstrate the functionality of our solution can support a VINI-like environment with marginal cost of engineering and tiny overhead.
