Testbeds and Research Infrastructures. Development of Networks and Communities. 6th International ICST Conference, TridentCom 2010, Berlin, Germany, May 18-20, 2010, Revised Selected Papers

Research Article

Feather-Weight Network Namespace Isolation Based on User-Specific Addressing and Routing in Commodity OS

Download
463 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-17851-1_4,
        author={Maoke Chen and Akihiro Nakao},
        title={Feather-Weight Network Namespace Isolation Based on User-Specific Addressing and Routing in Commodity OS},
        proceedings={Testbeds and Research Infrastructures. Development of Networks and Communities. 6th International ICST Conference, TridentCom 2010, Berlin, Germany, May 18-20, 2010, Revised Selected Papers},
        proceedings_a={TRIDENTCOM},
        year={2012},
        month={10},
        keywords={slice computing name space isolation socket networking},
        doi={10.1007/978-3-642-17851-1_4}
    }
    
  • Maoke Chen
    Akihiro Nakao
    Year: 2012
    Feather-Weight Network Namespace Isolation Based on User-Specific Addressing and Routing in Commodity OS
    TRIDENTCOM
    Springer
    DOI: 10.1007/978-3-642-17851-1_4
Maoke Chen1, Akihiro Nakao2
  • 1: National Institute of Information and Communications Technology (NICT)
  • 2: The University of Tokyo

Abstract

Container-based virtualization is the most popular solution for isolating resources among users in a shared testbed. Container achieves good performance but makes the code quite complicated and hard to maintain, to debug and to deploy. We explore an alternative philosophy to enable the isolation based on commodity OS, i.e., utilizing existing features in commodity OS as much as possible rather than introducing complicated containers. Merely granting each user-id in the OS a dedicated and isolated network address as well as specific routing table, we enhance the commodity OS with the functionality of network namespace isolation. We posit that an OS’s built-in features plus our feather-weight enhancement meet basic requirements for separating activities among different users of a shared testbed. Applying our prototype which has been implemented, we demonstrate the functionality of our solution can support a VINI-like environment with marginal cost of engineering and tiny overhead.