From owner-freebsd-net@FreeBSD.ORG Tue Oct 14 15:42:38 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 46729506; Tue, 14 Oct 2014 15:42:38 +0000 (UTC) Received: from dmz-mailsec-scanner-8.mit.edu (dmz-mailsec-scanner-8.mit.edu [18.7.68.37]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id AED0FDD2; Tue, 14 Oct 2014 15:42:37 +0000 (UTC) X-AuditID: 12074425-f79e46d000002583-55-543d4465f49c Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-8.mit.edu (Symantec Messaging Gateway) with SMTP id D7.DE.09603.5644D345; Tue, 14 Oct 2014 11:42:29 -0400 (EDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id s9EFgSRv013806; Tue, 14 Oct 2014 11:42:29 -0400 Received: from multics.mit.edu (system-low-sipb.mit.edu [18.187.2.37]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s9EFgQ0f013460 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Tue, 14 Oct 2014 11:42:27 -0400 Received: (from kaduk@localhost) by multics.mit.edu (8.12.9.20060308) id s9EFgPni016119; Tue, 14 Oct 2014 11:42:25 -0400 (EDT) Date: Tue, 14 Oct 2014 11:42:25 -0400 (EDT) From: Benjamin Kaduk To: =?ISO-8859-15?Q?Olivier_Cochard-Labb=E9?= Subject: Re: Enabling VIMAGE by default for FreeBSD 11? In-Reply-To: Message-ID: References: User-Agent: Alpine 1.10 (GSO 962 2008-03-14) MIME-Version: 1.0 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprBKsWRmVeSWpSXmKPExsUixCmqrJvmYhti8J7TYvb0aUwWH3a0M1nM uvmVyeLZ1mYWBxaPaV9yPGZ8ms8SwBTFZZOSmpNZllqkb5fAlbH13F7mgu1sFZcmNbI0MK5l 7WLk5JAQMJGYtucgO4QtJnHh3nq2LkYuDiGB2UwSe5dfYIRwNjJK/GiYAtYhJHCISeJ/QwSE 3cAo0XSdD8RmEdCWOLtwCyOIzSagIjHzzUY2EFtEwEniy4957CCDmAXWM0o8b9wOlhAWMJeY 0v8SbCinQKDEgoOLwM7gFXCUWHntDtQZ3UwS628/AysSFdCRWL1/CgtEkaDEyZlPgGwOoKmB EjunaE5gFJyFJDMLIQMSZhbQlXiz6iAThK0tcf9mG9sCRpZVjLIpuVW6uYmZOcWpybrFyYl5 ealFuhZ6uZkleqkppZsYQYHO7qK6g3HCIaVDjAIcjEo8vAWRNiFCrIllxZW5hxglOZiURHlL jG1DhPiS8lMqMxKLM+KLSnNSiw8xSnAwK4nwKnAA5XhTEiurUovyYVLSHCxK4rybfvCFCAmk J5akZqemFqQWwWRlODiUJHgDnIEaBYtS01Mr0jJzShDSTBycIMN5gIZLgdTwFhck5hZnpkPk TzHqcrQ0ve1lEmLJy89LlRLnPeUEVCQAUpRRmgc3B5agXjGKA70lzCsDMooHmNzgJr0CWsIE tOR1sTXIkpJEhJRUA+NJbv9JC0o2dG86USdeuOrdE6sFUcHXLa1yzfhdCyWvLrtRbRJ5fp5z 2uYjstcbxMqFzT+Ja8dZMWx/md1rfzDkTuxXtsS3Wr3f1x31U1QWfK8wxcWk79GORr9JTwTX eyf+rImV6HhW0SL1TeSkSZtx8QbbOgn7/fZm7145n/qvGv9U+vdOSyWW4oxEQy3mouJEAB7O B8wrAwAA Content-Type: TEXT/PLAIN; charset=ISO-8859-15 Content-Transfer-Encoding: QUOTED-PRINTABLE X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: FreeBSD Net , "freebsd-virtualization@freebsd.org" , freebsd-arch X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2014 15:42:38 -0000 On Tue, 14 Oct 2014, Olivier Cochard-Labb=E9 wrote: > I can use my forwarding/firewalling 10Giga lab for testing VIMAGE impact. > Here are my ministat results (smallest packet size, value in > packet-per-second, about 2000 flows). > =3D> I didn't see lot's of performance impact with VIMAGE option added in > kernel. Surely we would also want to test on some "low-end" networks as well ... we still have some 10/half networks here (luckily, nowhere that I frequent). -Ben From owner-freebsd-net@FreeBSD.ORG Tue Oct 14 18:17:51 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B910829E for ; Tue, 14 Oct 2014 18:17:51 +0000 (UTC) Received: from eastrmfepo101.cox.net (eastrmfepo101.cox.net [68.230.241.213]) by mx1.freebsd.org (Postfix) with ESMTP id 60F1FF2 for ; Tue, 14 Oct 2014 18:17:51 +0000 (UTC) Received: from eastrmimpo210 ([68.230.241.225]) by eastrmfepo101.cox.net (InterMail vM.8.01.05.15 201-2260-151-145-20131218) with ESMTP id <20141014181750.FTVU5255.eastrmfepo101.cox.net@eastrmimpo210> for ; Tue, 14 Oct 2014 14:17:50 -0400 Received: from [192.168.3.22] ([72.219.202.186]) by eastrmimpo210 with cox id 36Hp1p00K41obj4016Hp1S; Tue, 14 Oct 2014 14:17:49 -0400 X-CT-Class: Clean X-CT-Score: 0.00 X-CT-RefID: str=0001.0A020205.543D68CE.0025,ss=1,re=0.000,fgs=0 X-CT-Spam: 0 X-Authority-Analysis: v=2.0 cv=aZC/a2Ut c=1 sm=1 a=k40gPPfQ5QH6qv5U/EJc3Q==:17 a=9cW_t1CCXrUA:10 a=f5xKl4ys9bwA:10 a=G8Uczd0VNMoA:10 a=Wajolswj7cQA:10 a=8nJEP1OIZ-IA:10 a=kviXuzpPAAAA:8 a=6I5d2MoRAAAA:8 a=M50rKQ7feiKH07HconkA:9 a=wPNLvfGTeEIA:10 a=SV7veod9ZcQA:10 a=k40gPPfQ5QH6qv5U/EJc3Q==:117 X-CM-Score: 0.00 Authentication-Results: cox.net; none Message-ID: <543D68BF.40707@cox.net> Date: Tue, 14 Oct 2014 14:17:35 -0400 From: "John D. Hendrickson and Sara Darnell" Reply-To: johnandsara2@cox.net User-Agent: Thunderbird 2.0.0.24 (X11/20100228) MIME-Version: 1.0 Subject: Re: Enabling VIMAGE by default for FreeBSD 11? References: <1wLg1p00d2X408g01wLiUx> In-Reply-To: <1wLg1p00d2X408g01wLiUx> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org, "freebsd-virtualization@freebsd.org" , freebsd-arch X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2014 18:17:51 -0000 Alexander V. Chernikov wrote: > On 11 Oct 2014, at 21:58, Craig Rodrigues wrote: > >> Hi, >> >> What action items are left to enable VIMAGE by default for FreeBSD 11? > Are there any tests results showing performance implications on different network-related workloads? >> Not everyone uses bhyve, so VIMAGE is quite useful when using jails. >> >> -- >> Craig >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > > _______________________________________________ > freebsd-arch@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-arch > To unsubscribe, send any mail to "freebsd-arch-unsubscribe@freebsd.org" > i know little about chroot jails or 7 ring processor levels but let me ask rhetorically ... do you mean VIMAGE allows a jail to use an iface device for many IPs or even MAC? i thought that was already the case all cards can "listen" - it's only a headers trick per say. but do you mean a chroot can have access to an iface (which there are pkg for setting up if i remember)? but if a jail is allowed to use an iface why not allocate it - meaning: what is the purpose of middleman vimage connecting device to jail unless there is a strict filter inbetween (ie, strippign headers, or even controlling what iface/routes are alllowed)? i can't see what it's for, but much less making it mandatorily injected upon all jailsm, except maybe it may BREAK existing jails by allowing net access where there is NOT supposed to be any / assumed not to be any if they old programmers didn't want anyone compiling software who logged in: they'd insure there was no compiler. if they didn't want typing at a terminal: they'd take away the keyboard right?