Firewall programmer gets his way with OpenVZ

SWsoft programmers are working on an open-source virtualization project called OpenVZ that would make it possible to give a single installation of Linux the appearance of being several independent copies of the operating system. But Harald Welte, the lead programmer of the netfilter/iptables firewall software used in Linux, griped last week on his blog that the software didn't support the next-generation IPv6 Internet standard.

Welte's complaint didn't fall on deaf ears. "We have listened to the community and appreciate the feedback and will implement IPv6 support in OpenVZ in a month or two," SWsoft said in a statement.

Welte is delighted with the response. "I never expected such a thorough and immediate response. This is amazing, and it shows how much they actually care even about subjects that might seem a bit obscure in the first place," he told CNET News.com.

Version 6 of the Internet Protocol adds a vastly larger number of Internet addresses than the current IPv4. That's important because some parts of the world--notably Asia--have many fewer fixed addresses than United States companies. Linux and the firewall software has supported IPv6 networking for years.

It's also important for firewall software. Today a technology called network address translation (NAT) effectively lets many computers share the same IP address. But doing so obscures addressing information useful for firewalls--and, according to Welte, standards for voice over Internet Protocol. "NAT breaks end-to-end transparency, which is in turn the single most problematic issue when it comes to fast adoption of new protocols," he said.

Welte would prefer for OpenVZ to make a virtualized version of the lower-level Ethernet network support. That would mean OpenVZ programmers wouldn't have to worry about which higher-level IPv6 or IPv4 a server administrator was using.