From owner-freebsd-questions@FreeBSD.ORG  Fri Nov 30 19:47:46 2012
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id D8C0F652
 for <freebsd-questions@freebsd.org>; Fri, 30 Nov 2012 19:47:46 +0000 (UTC)
 (envelope-from pulley@dabus.com)
Received: from aegir.dabus.com (aegir.dabus.com [173.14.229.218])
 by mx1.freebsd.org (Postfix) with ESMTP id ADBB58FC12
 for <freebsd-questions@freebsd.org>; Fri, 30 Nov 2012 19:47:46 +0000 (UTC)
Received: from aegir.dabus.com (localhost [127.0.0.1])
 by aegir.dabus.com (Processor) with ESMTP id 72BDC5F317;
 Fri, 30 Nov 2012 12:47:39 -0700 (MST)
DomainKey-Signature: a=rsa-sha1;
 b=IZrCqPyave4MXCOQY+J0dfofRtfZP53oHL66wfGf8jAf8F9xQ5cz+mMah+VV9Rqk/C5XYu28o7aZ2OmisMX/SIHIfttmpdDfztyv8wB1HuuL4rAl8wAhpTg31zoIHW23TMPuzrRH42Uoaih9UD+WQKvlPbHfqrqv1Z93y80djz0=;
 c=nofws; d=dabus.com; q=dns; s=aegir1
Received: from webmail.dabus.com (aegir.dabus.com [173.14.229.218])
 by aegir.dabus.com (Dabus) with ESMTPA id 9EB3A5F2B6;
 Fri, 30 Nov 2012 12:47:38 -0700 (MST)
Received: from 131.77.1.84 by webmail.dabus.com with HTTP;
 Fri, 30 Nov 2012 12:47:38 -0700
Message-ID: <718e2b7cc4060ae731323a040127f0cc.squirrel@webmail.dabus.com>
In-Reply-To: <50B7D63B.6010308@fisglobal.com>
References: <CAHzLAVH78K5f_jjGkaZWQkEg6v-UWac9xzKTm6B-FniKvwtGgg@mail.gmail.com>
 <50B7D4EC.1090505@a1poweruser.com> <50B7D63B.6010308@fisglobal.com>
Date: Fri, 30 Nov 2012 12:47:38 -0700
Subject: Re: How do you manage jails?
From: "Eric S Pulley" <pulley@dabus.com>
To: david.robison@fisglobal.com
User-Agent: SquirrelMail/1.4.22
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Cc: freebsd-questions@freebsd.org
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 30 Nov 2012 19:47:47 -0000


> On 11/29/2012 13:34, Fbsd8 wrote:
>
>> Stay away from using vimage with production jails (vimage provides a
>> network stack for each jail). Vimage is marked as experimental and use
>> at your own risk. You have to compile it into your kernel to deploy it.
>>
>
> FWIW we are using vimages for several critical systems and have had
> great results for many months.
>

I've been doing tests with 9.[01]/vimage jails and it works fine unless I
throw PF into the mix. After that I get a panic about one minute after the
first network activity. I need to try it with IPFW, just never used it
before so I need to read up to convert over what I'm trying to do.