> If using OS-based virtualization, why would you need hardware assistance for "security and isolation"?!
Today most OS based virtualization is using "hardware assistance". Those are for often for memory and IO device managment (even passthrough). Not sure if this is _the_ assistance they mention but just an example of how it could work.
No, actually OS virtualization doesn't generally use any hardware assistance. And my questions don't stem from ignorance; I have extensive experience with the implementation of both OS virtualization[1] and HW virtualization[2] -- which is why I find the LXD specifics so peculiar. (All the more so that they imply that the support is forthcoming, not current -- and that they are talking to "silicon companies" not microprocessor vendors.)
I think the best guess is what derefr posited, above: that they are using HW network virt as a way of avoiding building in proper network stack virtualization like that found in Crossbow.[3] Then again, given the degree to which LXD appears to be aspirational rather than actual, we might be overthinking it: perhaps the conversations with "silicon companies" are like LXD itself -- a daydream about what might be rather than a concrete reality.
Today most OS based virtualization is using "hardware assistance". Those are for often for memory and IO device managment (even passthrough). Not sure if this is _the_ assistance they mention but just an example of how it could work.