Feather-Weight Network Namespace Isolation Based on User-Specific Addressing and Routing in Commodity OS

Chen, Maoke; Nakao, Akihiro

doi:10.1007/978-3-642-17851-1_4

Feather-Weight Network Namespace Isolation Based on User-Specific Addressing and Routing in Commodity OS

Maoke Chen¹⁹ &
Akihiro Nakao²⁰

Conference paper

970 Accesses

Part of the book series: Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering ((LNICST,volume 46))

Abstract

Container-based virtualization is the most popular solution for isolating resources among users in a shared testbed. Container achieves good performance but makes the code quite complicated and hard to maintain, to debug and to deploy. We explore an alternative philosophy to enable the isolation based on commodity OS, i.e., utilizing existing features in commodity OS as much as possible rather than introducing complicated containers. Merely granting each user-id in the OS a dedicated and isolated network address as well as specific routing table, we enhance the commodity OS with the functionality of network namespace isolation. We posit that an OS’s built-in features plus our feather-weight enhancement meet basic requirements for separating activities among different users of a shared testbed. Applying our prototype which has been implemented, we demonstrate the functionality of our solution can support a VINI-like environment with marginal cost of engineering and tiny overhead.

This work has been partly supported by Ministry of Internal Affairs and Communications (MIC) of the Japanese Government.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Freebsd architecture handbook, http://www.freebsd.org/doc/en/books/archhandbook/jail.html
Linux network namespace (NetNS), http://lxc.sourceforge.net/network.php
Linux VServer, http://www.linux-vserver.org/
Netperf, http://www.netperf.org/
OpenVZ, http://wiki.openvz.org/MainPage
VMWare, http://www.vmware.com/
Xen, http://www.xen.org/
Barham, P., Dragovic, B., Fraser, K., Hand, S., Harris, T., Ho, A., Neugebauer, R., Pratt, I., Warfield, A.: Xen and the art of virtualization. In: SOSP 2003: Proceedings of the Nineteenth ACM Symposium on Operating Systems Principles, pp. 164–177. ACM, New York (2003)
Chapter Google Scholar
Bavier, A., Feamster, N., Huang, M., Peterson, L., Rexford, J.: In vini veritas: realistic and controlled network experimentation. SIGCOMM Comput. Commun. Rev. 36(4), 3–14 (2006)
Article Google Scholar
Bhatia, S., Motiwala, M., Mühlbauer, W., Mundada, Y., Valancius, V., Bavier, A., Feamster, N., Peterson, L., Rexford, J.: Trellis: A platform for building flexible, fast virtual networks on commodity hardware. In: ACM ROADS Workshop 2008, Madrid, Spain (December 2008)
Google Scholar
Chen, M., Nakao, A., Bonaventure, O., Li, T.: UOA: Useroriented addressing for slice computing. In: Proceedings of ITC Specialist Seminar on Network Virtualization, Hoi An, Vietnam (May 2009)
Google Scholar
Hibler, M., Ricci, R., Stoller, L., Duerig, J., Guruprasad, S., Stack, T., Webb, K., Lepreau, J.: Large-scale virtualization in the emulab network testbed. In: ATC 2008: USENIX, Annual Technical Conference, pp. 113–128. USENIX Association, Berkeley (2008)
Google Scholar
Peterson, L., Anderson, T., Culler, D., Roscoe, T.: A Blueprint for Introducing Disruptive Technology into the Internet. In: Proceedings of the 1st Workshop on Hot Topics in Networks (HotNetsI), Princeton, New Jersey (October 2002)
Google Scholar
Peterson, L., Muir, S., Roscoe, T., Klingaman, A.: PlanetLab Architecture: An Overview. Technical Report PDN–06–031, PlanetLab Consortium (May 2006)
Google Scholar

Download references

Author information

Authors and Affiliations

National Institute of Information and Communications Technology (NICT), Tokyo, Japan
Maoke Chen
The University of Tokyo, Japan
Akihiro Nakao

Authors

Maoke Chen
View author publications
You can also search for this author in PubMed Google Scholar
Akihiro Nakao
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Institute for Telecommunications Systems, Technische Universität Berlin, Franklinstr. 28/29, 10587, Berlin, Germany
Thomas Magedanz
Eurescom GmbH, Wieblinger Weg 19/4, 69123, Heidelberg, Germany
Anastasius Gavras
Department of Communication Engineering, Hanoi University of Technology, C9-412, Hanoi, Vietnam
Nguyen Huu Thanh
Department of Computer Science, Duke University, NC 27708-0129, Durham, United States
Jeffry S. Chase

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Chen, M., Nakao, A. (2011). Feather-Weight Network Namespace Isolation Based on User-Specific Addressing and Routing in Commodity OS. In: Magedanz, T., Gavras, A., Thanh, N.H., Chase, J.S. (eds) Testbeds and Research Infrastructures. Development of Networks and Communities. TridentCom 2010. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 46. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17851-1_4

Download citation

DOI: https://doi.org/10.1007/978-3-642-17851-1_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17850-4
Online ISBN: 978-3-642-17851-1
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics