Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 18 Dec 2015 21:45:14 +0800
From:      Julian Elischer <julian@freebsd.org>
To:        freebsd-net@freebsd.org
Subject:   Re: Per-jail private loopback
Message-ID:  <56740DEA.8010704@freebsd.org>
In-Reply-To: <CAG=rPVeuq8DM9wnaNAGrDKeMZs=DtcPh-5ZL46mi3apQ=ER3rg@mail.gmail.com>
References:  <22131.18881.757188.951230@hergotha.csail.mit.edu> <CAG=rPVeuq8DM9wnaNAGrDKeMZs=DtcPh-5ZL46mi3apQ=ER3rg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 18/12/2015 11:51 AM, Craig Rodrigues wrote:
> On Thu, Dec 17, 2015 at 3:48 PM, Garrett Wollman <wollman@bimajority.org>
> wrote:
>
>> Or is VIMAGE cheap
>> enough that I won't notice the performance hit?
Vimage is a negligable overhead in a 1 jail (base jail) system and can 
actually end up with a negative overhead (gain) in some scenarios.

Most vimage systems use a bridge (either netgraph or if_bridge) to 
connect the jails together to the outside world which leads to some 
extra packet handling, but in a system with 24 CPUs it's often handled 
by an otherwise idle CPU so no performance hit is seen.  It can be a 
nett gain if you have several interfaces and assign each interface to 
a different jail/VNET.  In this case the different network stacks are 
not contending with each other for locks where in a single stack jail 
configuration they would be contending. Different vlan interfaces can 
be assigned to different VNETS for the same effect if you don't have 
multiple physical interfaces avaliable.
Even with the extra packet handling of bridged VNETs there can be 
advantages.. For example you can put your jails behind an extra layer 
of routing WITHIN the host so that changes of routes and connectivity 
from the machine to the outside world are not seen by the applications.

> Olivier did some measurements with VIMAGE:
> https://lists.freebsd.org/pipermail/freebsd-arch/2014-October/016054.html
>
> I think you should give VIMAGE a shot, if you are doing any serious work
> with jails.  I run with VIMAGE configured by default in all my systems
> running 10-STABLE
> and CURRENT.
>
> --
> Craig
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?56740DEA.8010704>