From owner-freebsd-virtualization@FreeBSD.ORG Mon Nov 17 07:46:35 2014 Return-Path: Delivered-To: freebsd-virtualization@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E49A8FC9; Mon, 17 Nov 2014 07:46:34 +0000 (UTC) Received: from mail-lb0-x230.google.com (mail-lb0-x230.google.com [IPv6:2a00:1450:4010:c04::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DEE9C62; Mon, 17 Nov 2014 07:46:34 +0000 (UTC) Received: by mail-lb0-f176.google.com with SMTP id 10so15204176lbg.7 for ; Sun, 16 Nov 2014 23:46:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:date:message-id:subject:from:to:content-type; bh=4D2Q1NBEuceahcHQqKbIR7QdoXqzHuxlVhcNZsXbwiQ=; b=zVDesiR8Pp86l8ArcFpf/Ha9qmNOJSTHAgYtrRwxqj+QBdWCqtgtChXfXyKoO4E41V Hr1CHXtRFK0CkXiV/KW2iO7tTHZntcGQ1njy4ubYWYRcv9MOAXsJa/QtfWICOwOwLupj pz2T8778wGGjaX7GtJWCtBFfHUReXomDqqeakAz6fxMINLd2gWnyTYJFJpIjTxDc/OnT DKI+KbB0K+1f8cfO/5BluFz7Kz84TOHS8Dls9rNN9+FwLDvdPQG9ZppSj1hcJVWPReQw 0pxTgELge3VhWtCSDjX25OpWyqN6Kf9TdUfVPYNO/W60JoOS4tU7Hd51CMxEjfWSjHUv M+kw== MIME-Version: 1.0 X-Received: by 10.112.225.225 with SMTP id rn1mr1410596lbc.98.1416210392299; Sun, 16 Nov 2014 23:46:32 -0800 (PST) Sender: crodr001@gmail.com Received: by 10.112.130.168 with HTTP; Sun, 16 Nov 2014 23:46:32 -0800 (PST) Date: Sun, 16 Nov 2014 23:46:32 -0800 X-Google-Sender-Auth: 7fMsckax5obPRoH-ujZxjGQN9sg Message-ID: Subject: RFC: Enabling VIMAGE in GENERIC From: Craig Rodrigues To: freebsd-arch , FreeBSD Net , "freebsd-virtualization@freebsd.org" Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Nov 2014 07:46:35 -0000 Hi, PROPOSAL ========== I would like to get feedback on the following proposal. In the head branch (CURRENT), I would like to enable VIMAGE with this commit: PATCH ====== Index: sys/conf/NOTES =================================================================== --- sys/conf/NOTES (revision 274300) +++ sys/conf/NOTES (working copy) @@ -784,8 +784,8 @@ device mn # Munich32x/Falc54 Nx64kbit/sec cards. # Network stack virtualization. -#options VIMAGE -#options VNET_DEBUG # debug for VIMAGE +options VIMAGE +options VNET_DEBUG # debug for VIMAGE # # Network interfaces: I would like to enable VIMAGE for the following reasons: REASONS ======== (1) VIMAGE cannot be enabled off to the side in a separate library or kernel module. When enabled, it is a kernel ABI incompatible change. This has impact on 3rd party code such as the kernel modules which come with VirtualBox. So the time to do it in CURRENT is now, otherwise we can't consider doing it until FreeBSD-12 timeframe, which is quite a while away. (2) VIMAGE is used in some 3rd party products, such as FreeNAS. These 3rd party products are mostly happy with VIMAGE, but sometimes they encounter problems, and FreeBSD doesn't see these problems because it is disabled by default. (3) Most of the major subsystems like ipfw and pf have been fixed for VIMAGE, and the only way to shake out the last few issues is to make it the default and get feedback from the community. ipfilter still needs to be VIMAGE-ified. (4) Not everyone uses bhyve. FreeBSD jails are an excellent virtualization platform for FreeBSD. Jails are still very popular and performant. VIMAGE makes jails even better by allowing per-jail network stacks. (5) Olivier Cochard-Labbe has provided good network performance results in VIMAGE vs. non-VIMAGE kernels: https://lists.freebsd.org/pipermail/freebsd-net/2014-October/040091.html (6) Certain people like Vitaly "wishmaster" have been running VIMAGE jails in a production environment for quite a while, and would like to see it be the default. ACTION PLAN =========== (1) Coordinate/communicate with portmgr, since this has kernel ABI implications (2) Work with clusteradm@, and try to get a test instance of one of the PF firewalls in the cluster working with a VIMAGE enabled kernel. (3) Take a pass through http://wiki.freebsd.org/VIMAGE/TODO and https://bugs.freebsd.org/bugzilla/buglist.cgi?quicksearch=vimage%20or%20vnet and try to clean things up. Get help from net@ developers to do this. (4) Take a pass on trying to VIMAGE-ify ipfilter. I'll need help from the ipfilter maintainers for this and some net@ developers. (5) Enable VIMAGE by default in CURRENT on January 5, 2015. This will *not* be enabled in STABLE. What do people think? Thanks. -- Craig