Firewall programmer gets his way with OpenVZ

SWsoft programmers are working on an open-source virtualization project called OpenVZ that would make it possible to give a single installation of Linux the appearance of being several independent copies of the operating system. But Harald Welte, the lead programmer of the netfilter/iptables firewall software used in Linux, griped last week on his blog that the software didn't support the next-generation IPv6 Internet standard.

Welte's complaint didn't fall on deaf ears. "We have listened to the community and appreciate the feedback and will implement IPv6 support in OpenVZ in a month or two," SWsoft said in a statement.

Welte is delighted with the response. "I never expected such a thorough and immediate response. This is amazing, and it shows how much they actually care even about subjects that might seem a bit obscure in the first place," he told CNET News.com.

Version 6 of the Internet Protocol adds a vastly larger number of Internet addresses than the current IPv4. That's important because some parts of the world--notably Asia--have many fewer fixed addresses than United States companies. Linux and the firewall software has supported IPv6 networking for years.

It's also important for firewall software. Today a technology called network address translation (NAT) effectively lets many computers share the same IP address. But doing so obscures addressing information useful for firewalls--and, according to Welte, standards for voice over Internet Protocol. "NAT breaks end-to-end transparency, which is in turn the single most problematic issue when it comes to fast adoption of new protocols," he said.

Welte would prefer for OpenVZ to make a virtualized version of the lower-level Ethernet network support. That would mean OpenVZ programmers wouldn't have to worry about which higher-level IPv6 or IPv4 a server administrator was using.

Tags:
Tech Culture
About the author

Stephen Shankland has been a reporter at CNET since 1998 and covers browsers, Web development, digital photography and new technology. In the past he has been CNET's beat reporter for Google, Yahoo, Linux, open-source software, servers and supercomputers. He has a soft spot in his heart for standards groups and I/O interfaces.

 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Delete your photos by mistake?

Whether you've deleted everything on your memory card or there's been a data corruption, here's a way to recover those photos.