First page Back Continue Last page Overview Graphics
Virtualizing everything else
Guest VM system
- Assign memory to it
- Assign processes to it
- Confined processes compete with each other for that memory
Guest network stack
- Separate network node
- Has its own ports, IP addresses, filtering, etc
Notes:
Here's what it means to virtualize some other subsystems. A guest VM system would have some amount of memory assigned to it. Processes loaded into it would compete with each other for this memory, and their total memory usage would be limited to this pool.
The combination of a guest filesystem plus a guest VM system would limit the file caching to this pool, as well, making it a good compartment for something like updatdb.
A guest network stack would be a separate, independent network node. Processes confined to this would have access to a separate set of ports and its own IP address. They would share whatever filtering, QOS, TC, etc applied to the virtual interface in the host kernel.