On 11/17/14, 3:02 AM, Warner Losh wrote:
On Nov 17, 2014, at 12:46 AM, Craig Rodrigues <rodr...@freebsd.org> wrote:
Hi,
PROPOSAL
==========
I would like to get feedback on the following proposal.
In the head branch (CURRENT), I would like to enable
VIMAGE with this commit:
PATCH
======
Index: sys/conf/NOTES
===================================================================
--- sys/conf/NOTES (revision 274300)
+++ sys/conf/NOTES (working copy)
@@ -784,8 +784,8 @@
device mn # Munich32x/Falc54 Nx64kbit/sec cards.
# Network stack virtualization.
-#options VIMAGE
-#options VNET_DEBUG # debug for VIMAGE
+options VIMAGE
+options VNET_DEBUG # debug for VIMAGE
#
# Network interfaces:
I would like to enable VIMAGE for the following reasons:
REASONS
========
(1) VIMAGE cannot be enabled off to the side in a separate library or
kernel module. When enabled, it is a kernel ABI incompatible change.
This has impact on 3rd party code such as the kernel modules
which come with VirtualBox.
So the time to do it in CURRENT is now, otherwise we can't consider
doing it until FreeBSD-12 timeframe, which is quite a while away.
(2) VIMAGE is used in some 3rd party products, such as FreeNAS.
These 3rd party products are mostly happy with VIMAGE,
but sometimes they encounter problems, and FreeBSD doesn't
see these problems because it is disabled by default.
(3) Most of the major subsystems like ipfw and pf have been fixed for
VIMAGE, and the only
way to shake out the last few issues is to make it the default and
get feedback from the community. ipfilter still needs to be
VIMAGE-ified.
(4) Not everyone uses bhyve. FreeBSD jails are an excellent virtualization
platform for FreeBSD. Jails are still very popular and
performant. VIMAGE makes jails even better by allowing per-jail
network stacks.
(5) Olivier Cochard-Labbe has provided good network performance results
in VIMAGE vs. non-VIMAGE kernels:
https://lists.freebsd.org/pipermail/freebsd-net/2014-October/040091.html
(6) Certain people like Vitaly "wishmaster" <artem...@ukr.net> have been
running VIMAGE
jails in a production environment for quite a while, and would like
to see it
be the default.
ACTION PLAN
===========
(1) Coordinate/communicate with portmgr, since this has kernel ABI
implications
(2) Work with clusteradm@, and try to get a test instance of one of the
PF firewalls in the cluster working with a VIMAGE enabled kernel.
(3) Take a pass through http://wiki.freebsd.org/VIMAGE/TODO
and
https://bugs.freebsd.org/bugzilla/buglist.cgi?quicksearch=vimage%20or%20vnet
and try to clean things up. Get help from net@ developers to do
this.
And if these don’t get cleaned up?
If they are not cleaned/stable up by 11-RELEASE then we turn it off.
That is simple.
(4) Take a pass on trying to VIMAGE-ify ipfilter. I'll need help from
the ipfilter maintainers for this and some net@ developers.
And if this doesn’t happen?
Well we do have 2 other firewalls in the kernel to pick, but we do need
VIMAGE so I will let you draw your own conclusions.
-Alfred
_______________________________________________
freebsd-virtualization@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
To unsubscribe, send any mail to
"freebsd-virtualization-unsubscr...@freebsd.org"
