Network stack cloning / virtualization patches

[Marko Zec]

Jordan K Hubbard wrote:

> Have you thought about
> extending this to the point to where each independent instance truly is
> a functionally independent kernel instance, similar to some of the
> "virtual Linux"  work done by/for IBM so that you can run n "linuxes"
> on a single 3090 processor?

My model is much more in line with the pseudo-VM concepts, like the jail
is
(it actually reuses much of the jail code for userland separation
between
processes running in different virtual images). However, I'm only
virtualizing certain resources _within_ the kernel, albeit the entire
network
stack is quite a big piece of resource :-) This is fundamentally
different
from what IBM does, as they virtualize the entire hardware and run fully
contained OS images within the VMs. Each approach has its advantages and
drawbacks, of course. IMO, the main benefits of the "light" VM model lie
in
near zero performance penalty compared to the unmodified OS, as well as
in
efficient usage of hardware resources (memory, filesystems). On the
other
hand, IBM's true VM shines in isolation between the VMs, but lags in
efficiency...

So, I'd certainly like to virtualize more system resources and make
virtual
images as independent from each other as possible, but they will always
have
to share the same kernel.
Cheers,

Marko