From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2A8F845D48 for ; Tue, 19 Nov 2024 22:29:08 +0100 (CET) Received: from mails.dpdk.org (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id AD4304025D; Tue, 19 Nov 2024 22:29:07 +0100 (CET) Received: from mail-pl1-f174.google.com (mail-pl1-f174.google.com [209.85.214.174]) by mails.dpdk.org (Postfix) with ESMTP id 25FF34021F for ; Tue, 19 Nov 2024 22:29:07 +0100 (CET) Received: by mail-pl1-f174.google.com with SMTP id d9443c01a7336-20cf3e36a76so50211815ad.0 for ; Tue, 19 Nov 2024 13:29:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=networkplumber-org.20230601.gappssmtp.com; s=20230601; t=1732051746; x=1732656546; darn=dpdk.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=bsQyA7hQd4PQSAPw3cVZHaYe/eHd1y18V7/9RdLWF6k=; b=nSsBD10VCsy7Lof1Q/2t/sQ6eGrgOqhvnQ00kcCgeMPTBHUVZ+cV2Bm4DOqg0fc2Pz s0SM9Xo7PcOV/YPfCNkoZ8tYLbUGdq+PVvZ2t12Gx0gimte7ycQzLmwMMPxH70zfoytY WMizP0Za6Bi0uGZhQY0L6Z6LiV6HeIpBn0jQuypmoINYvtLZJL6LHPvbvk7BMoSYsS7p EVXwaSX5cwm8VFMguSc9FZ4UDl1HlnKW8Y8IHjpoK3M504jPx86LSIert5w1HL1MXWet d/1MRA7UmsOu8wcZ0G+E2em0EpnLmnEsRrZsIArVrf2CGHdVvdmdZX4QL/xFaQIbJABn S9Gw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1732051746; x=1732656546; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:subject:cc:to:from:date:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=bsQyA7hQd4PQSAPw3cVZHaYe/eHd1y18V7/9RdLWF6k=; b=iycDSc70gZL6VPcV5Us7VLrErP/cxWvjBEYrUVbFcn2Xl/deqNhJqzrrTlpV2CcVwC FDiLRcAYlXasYEsbBRL3BkORZUPqRo3kIFLsPDZPeiiI+Te71iCus0iIANp5okGoQCiA R4Trqz2KSzhY2E58dkAMMtF2f8LvW9UyndA7pWP5SyYakW2b6dNDyrMrArtgj5mxcJQO 0XOVfwvG1ZC8edQZ7LtCLhfwgnlgNehkvlPvcPr3I3htW/iHkEg4JqWU05srEilod5gG e+nw2jS1CGMx25vcGgPENDBPDUiqVrW5RU6bUkTAVMYp38Mnpe0/wf5BE/7sKt2fbdCd FtGw== X-Gm-Message-State: AOJu0YxAVqAG4whpAWXgxZiHQnzFHxz2QsZ0TL6YRbp3BWp/HhrFPfZM 6KjSmzlGSxrlVCTxwLNCDyXxfHWDadeYXWGB1QlvdouZqTBKSu5euOqaaYVG5bc= X-Google-Smtp-Source: AGHT+IFBFcZwFdR6vP8B/+YdfggnfppSOwerITmfvsrSA1O3HiTiS0FF/sc3MnFA26YMMLhVWLjl3A== X-Received: by 2002:a17:902:ce0f:b0:212:9b1:e580 with SMTP id d9443c01a7336-2126a473129mr4004955ad.56.1732051745918; Tue, 19 Nov 2024 13:29:05 -0800 (PST) Received: from hermes.local (204-195-96-226.wavecable.com. [204.195.96.226]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-2120c9a1579sm48998535ad.139.2024.11.19.13.29.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 19 Nov 2024 13:29:05 -0800 (PST) Date: Tue, 19 Nov 2024 13:29:03 -0800 From: Stephen Hemminger To: Thea Corinne Rossman Cc: users@dpdk.org Subject: Re: Containernet (Docker/Container Networking) with DPDK? Message-ID: <20241119132903.12fefa8c@hermes.local> In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: users@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK usage discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: users-bounces@dpdk.org On Tue, 19 Nov 2024 12:53:02 -0800 Thea Corinne Rossman wrote: > I'm following up on this to ask a more specific question, since my first > question was a bit all over the place. This is regarding the interplay > between the host and the containers when setting up containers that can run > DPDK applications. > > Based on what I've found so far, it looks like I will have to fully > configure DPDK on the host and then mount devices onto each container, even > if there's no need to connect the containers to the outside world. (Is this > correct?) If so, I don't fully understand this, since a container/container > network should be self-contained. > > - Why do we need to set up DPDK on the host? (Why isn't the container > enough?) > - Why do we need to set up a DPDK-compatible driver on the host NICs? If > the containers are on the same machine, exchanging packets, why would the > host NIC be involved at all? Nothing is going in or out. > - Why do we need to configure hugepages on the host and then mount them > on the container? Why can't you just configure this on the containers? Is > this something that can't be emulated? > Containers are a made up construct. They are made by setting permissions for namespaces and groups for resources. In most cases, DPDK works by passing through the raw hardware (PCI device) to the userspace application. To make it work with a container system you need to either acquire the resource in an restricted environment and then allow access to that resource in the restricted container; or you need to give the restricted container environment lots of privileges to configure and setup the raw hardware directly. In the latter case, there really is no point in having containers. Same applies to hugepages. I don't think hugepages are namespaced either.