​LXC (Linux Containers)

• Support in mainline kernel
  • relevant options enabled in default Ubuntu kernel
• tap-style virtual interfaces, can be bridged

Cons:

• only interfaces are raw system calls and libvirt

Networking

Fully isolated kernel-level networking. Fits into VDE framework with bridging:

Architecture alternatives:

• one bridge per VLAN (pictured above)
  • reduces number of bridges
  • VLAN becomes hub-style broadcast domain (con)
• one bridge per node
  • switch-style broadcast domain thanks to VDE switch
  • same interface as other vnodes
  • one bridge, one vde_plug2tap process, and one tap interface per vnode (con)