From owner-freebsd-questions@freebsd.org Mon Jan 28 18:13:30 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B628A14BAD40 for ; Mon, 28 Jan 2019 18:13:30 +0000 (UTC) (envelope-from parsasamet@icloud.com) Received: from mr85p00im-zteg06021601.me.com (mr85p00im-zteg06021601.me.com [17.58.23.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D973970CDD for ; Mon, 28 Jan 2019 18:13:29 +0000 (UTC) (envelope-from parsasamet@icloud.com) Received: from [172.20.10.4] (unknown [5.62.219.156]) by mr85p00im-zteg06021601.me.com (Postfix) with ESMTPSA id 59B88400144 for ; Mon, 28 Jan 2019 18:13:20 +0000 (UTC) From: Parsa Samet Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Subject: When to use Jails with VNET, and when not?! Message-Id: <097B8CD7-A158-4DEA-8F7C-13B358F90793@icloud.com> Date: Mon, 28 Jan 2019 21:43:14 +0330 To: freebsd-questions@freebsd.org X-Mailer: Apple Mail (2.3445.102.3) X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-01-28_09:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=1 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 mlxscore=0 mlxlogscore=389 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1807170000 definitions=main-1901280136 X-Rspamd-Queue-Id: D973970CDD X-Spamd-Bar: --------- X-Spamd-Result: default: False [-9.04 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; RBL_COMPOSITE_RCVD_IN_DNSWL_MED_DWL_DNSWL_LOW(0.00)[]; FREEMAIL_FROM(0.00)[icloud.com]; R_SPF_ALLOW(-0.20)[+ip4:17.58.0.0/16]; MV_CASE(0.50)[]; TO_DN_NONE(0.00)[]; RCVD_DKIM_ARC_DNSWL_MED(-0.50)[]; DKIM_TRACE(0.00)[icloud.com:+]; RCVD_IN_DNSWL_MED(-0.20)[187.23.58.17.list.dnswl.org : 127.0.5.2]; DMARC_POLICY_ALLOW(-0.50)[icloud.com,quarantine]; MX_GOOD(-0.01)[cached: mx1.mail.icloud.com]; SUBJECT_ENDS_EXCLAIM(0.00)[]; NEURAL_HAM_SHORT(-0.96)[-0.963,0]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; FREEMAIL_ENVFROM(0.00)[icloud.com]; ASN(0.00)[asn:714, ipnet:17.58.16.0/20, country:US]; MID_RHS_MATCH_FROM(0.00)[]; SUBJECT_HAS_QUESTION(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_DKIM_ALLOW(-0.20)[icloud.com:s=04042017]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[multipart/alternative,text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; DWL_DNSWL_LOW(0.00)[icloud.com.dwl.dnswl.org : 127.0.5.1]; IP_SCORE(-1.87)[ip: (-6.19), ipnet: 17.58.16.0/20(-1.54), asn: 714(-1.55), country: US(-0.08)]; WHITELIST_SPF_DKIM(-3.00)[icloud.com:d:+,icloud.com:s:+]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[] Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 Jan 2019 18:13:30 -0000 Would someone please give me a brief explanation of when to use jails = with VNET and when not to? If VLAN-ing is not my concern, and services I = use do not need a separate network stack - let=E2=80=99s say I run = anything from DNS server to MailServer, Database, Java Application = Server, VCS, CICD implementations, Streamers, Log Analyzers and etc., = but believe they don=E2=80=99t in all scenarios need separate stacks - = would there be anything else left for me to benefit from VNET? All services I run on my servers are in a jail, and only some rare = services are in an OpenBSD vm on top of bhyve. Also, I=E2=80=99m on = FreeBSD 12.0-RELEASE-p2 with ZFS.=