The networking for Linux "containers" uses virtual veth devices combined with network namespaces that have their own routing table and packet filtering. Now, you are still dependent on what kernel modules the host is running for various capabilities, but otherwise applications running in those network namespaces effectively have their own network stack.
No comments yet.