Extending FIBs to support multi-tenancy

Bjoern A. Zeeb bzeeb-lists at lists.zabbadoz.net
Mon Dec 28 23:08:09 UTC 2015


> On 18 Dec 2015, at 22:26 , Ryan Stone <rysto32 at gmail.com> wrote:
> 
> My employer is going through the process of extending our product to
> support multi-tenant networking.  The details of what are product does
> isn't really relevant to the discussion -- it's enough to know that we have
> a number of daemons acting as servers for various network protocols.
> Multi-tenacy, as we've defined the feature, imposes the requirement that
> our network services be able to communicate with clients from completely
> independent networks. This has imposed the following new requirements on us:

Stupid question:  if we’d bring back the original feature that processes could attached to different VNET/VIMAGE stacks would that solve some more of your problems without making the list of problems (a lot [thinking of ifp management]) longer and be a way cleaner solution?

It’s something that’s been in the back of some of our heads and probably help a lot more people.  We’d need to be careful to be able to support both modes (jail with the “security” view) and the other mode with the multi-tenancy-single-daemon in mind (think of routers as well for example).

/bz


More information about the freebsd-transport mailing list