If all routing components (OSPF, BGP, etc) are running in a single operating system process, then if that process crashes, all components will go down ?
We need to differentiate between two types of crash:
- Where the process is terminated by the operating system kernel, because the process did something illegal. For instance the process asked to access an invalid address and caused a segfault.
- Where the process itself may choose to panic. For instance when the run-time detects an out of bounds array access.
Since Rust is a memory safe language a process running a Rust application should never cause 1.
For 2. the application gets to choose how to react. The plan for Flock (it is not implemented yet) is to have a small watchdog thread that will restart threads that panic. So for instance if any OSPF thread panics then all OSPF threads are terminated and the OSPF master thread is respawned. The recovery will be much quicker than in other routing suites where say an OSPF *process* crashed, since the messaging between threads is so much faster than between processes.