Network stack cloning / virtualization patches

[Marko Zec]

Hi all,

at http://www.tel.fer.hr/zec/vimage/ you can find a set of patches
against 4.8-RELEASE kernel that provide support for network stack
cloning. The patched kernel allows multiple fully independent network
stack instances to simultaneously coexist within a single OS kernel,
providing a foundation for supporting diverse new applications,
including:

- Enhanced virtual hosting (think of jails with its own private set of
network interfaces, IP addresses, routing tables, ipfw and dummynet
instance etc.);
- High-performance real-time network simulation / emulation;
- Fully isolated overlay VPN provisioning (using IP tunnels), including
the possibility of creating nested VPNs.

The network stacks are embedded in new resource container entities
named "virtual images". Each process and network stack instance within
the system has to be associated with a virtual image, which in effect
becomes a light or pseudo virtual machine entity. Additional goodies
include the possibility to control some other resources besides the
network stack, most notably the independent CPU load and usage
accounting, as well as feedback-driven proportional share scheduling
among virtual images. For more details, check the above URL.
Note that the patch was designed to allow all existing applications and
utilities to run unmodified on the patched kernel, so no recompiling of
the userland is necessary.
Hope you'll find use for the new framework :-)
Cheers,

Marko