On 18/12/2015 11:51 AM, Craig Rodrigues wrote:
On Thu, Dec 17, 2015 at 3:48 PM, Garrett Wollman <woll...@bimajority.org>
wrote:
Or is VIMAGE cheap
enough that I won't notice the performance hit?
Vimage is a negligable overhead in a 1 jail (base jail) system and can
actually end up with a negative overhead (gain) in some scenarios.
Most vimage systems use a bridge (either netgraph or if_bridge) to
connect the jails together to the outside world which leads to some
extra packet handling, but in a system with 24 CPUs it's often handled
by an otherwise idle CPU so no performance hit is seen. It can be a
nett gain if you have several interfaces and assign each interface to
a different jail/VNET. In this case the different network stacks are
not contending with each other for locks where in a single stack jail
configuration they would be contending. Different vlan interfaces can
be assigned to different VNETS for the same effect if you don't have
multiple physical interfaces avaliable.
Even with the extra packet handling of bridged VNETs there can be
advantages.. For example you can put your jails behind an extra layer
of routing WITHIN the host so that changes of routes and connectivity
from the machine to the outside world are not seen by the applications.
Olivier did some measurements with VIMAGE:
https://lists.freebsd.org/pipermail/freebsd-arch/2014-October/016054.html
I think you should give VIMAGE a shot, if you are doing any serious work
with jails. I run with VIMAGE configured by default in all my systems
running 10-STABLE
and CURRENT.
--
Craig
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
