Comment by wmf
6 hours ago
Usually network namespaces are linked together with a single bridge so you can get lock contention there.
If you have a separate physical NIC for each namespace you probably won't have any contention.
6 hours ago
Usually network namespaces are linked together with a single bridge so you can get lock contention there.
If you have a separate physical NIC for each namespace you probably won't have any contention.
I think you could get much of the way there by isolating a single NIC's receive queues, so the kernel doesn't decide to run off and service softirqs for random foreign tasks just because your task called tcp_sendmsg.