[MESOS-1585] Container level network isolation - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Epic
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.23.0
Component/s: containerization
Labels:
None

Epic Name:
Container Network Isolation
Target Version/s:

0.23.0

Description

The goal here is to provide network isolation between containers so that one container cannot saturate the entire network, affecting the performance of other containers.

There are many options here. With the current network monitoring code (~~MESOS-1228~~, already committed), one option is to add a "tc police action" on the 'veth' of each container to drop packets when the traffic exceeds a certain limit.

Other options include advanced shape control using tc classes (e.g., HTB, CBQ, etc.). We're gonna need to extend the current routing library to support that.

Attachments

Activity

People

Assignee:: Jie Yu

Reporter:: Jie Yu

Votes:: 2 Vote for this issue

Watchers:: 15 Start watching this issue

Dates

Created:: 14/Jul/14 17:07

Updated:: 26/Apr/17 16:53

Resolved:: 18/Jun/15 00:28