From owner-freebsd-hackers  Wed Dec  4  2:41:36 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 5338837B401
	for <hackers@freebsd.org>; Wed,  4 Dec 2002 02:41:35 -0800 (PST)
Received: from mail.iskon.hr (inje.iskon.hr [213.191.128.16])
	by mx1.FreeBSD.org (Postfix) with SMTP id 3E94E43EAF
	for <hackers@freebsd.org>; Wed,  4 Dec 2002 02:41:33 -0800 (PST)
	(envelope-from zec@tel.fer.hr)
Received: (qmail 8372 invoked from network); 4 Dec 2002 11:41:30 +0100
Received: from zg05-208.dialin.iskon.hr (HELO tel.fer.hr) (213.191.138.209)
  by mail.iskon.hr with SMTP; 4 Dec 2002 11:41:30 +0100
Message-ID: <3DEDDBD5.3FEF6F04@tel.fer.hr>
Date: Wed, 04 Dec 2002 11:41:25 +0100
From: Marko Zec <zec@tel.fer.hr>
X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Terry Lambert <tlambert2@mindspring.com>
Cc: net@freebsd.org, Tony Finch <dot@dotat.at>, wacky@ns1.vrx.net,
	hackers@freebsd.org
Subject: Re: jail: multiple ip's
References: <E18JVwz-0003Hh-00@chiark.greenend.org.uk> <3DEDD35B.A1E7638E@mindspring.com>
Content-Type: text/plain; charset=iso-8859-2
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Terry Lambert wrote:

> Tony Finch wrote:
> > wacky@ns1.vrx.net (Mike Ghunt) wrote:
> > >  Has anyone hacked the jail code to support more than one ip?
> > >Would it be wise to hack at the code to add such a feature?
> >
> > Probably the best way to address this issue is to incorporate the
> > network stack virtualization patch, then change the jail ID from
> > an IPv4 address into a network stack ID.
>
> I'm really tempted to say that the network virtualization patch
> is special purpose, and introduces a lot of overhead that would
> not be there without the network virtualization patch.

Just the contrary, the network stack virtualization concept is mostly
general-purpose oriented. The (minor) penalty of "a lot of overhead"
introduced by the patch is measurable only on loopback traffic, however
in practice the NIC media sets the limit on traffic throughput, so in
most cases no performance degradation can be observed. Some measurement
results can be found at
http://www.tel.fer.hr/zec/papers/zec-bsdconeurope-2002.pdf

On the other hand, I agree with you that this stuff is still in early
experimental phase, but the patch has been proven to work reliably with
4.7-RELEASE as announced, with a -CURRENT version to follow soon...

Marko


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message