Do the partitioned stacks of network namespaces share a single underlying global stack or are they fully independent instances? (And if not, could they be made so?)
replyUsually network namespaces are linked together with a single bridge so you can get lock contention there.
replyIf you have a separate physical NIC for each namespace you probably won't have any contention.
I think you could get much of the way there by isolating a single NIC's receive queues, so the kernel doesn't decide to run off and service softirqs for random foreign tasks just because your task called tcp_sendmsg.
replyio_uring?
replyIf anything, uring makes the problem much worse by reducing the cost of one process flooding kernel internals in a single syscall.
reply