Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 08 Nov 2007 00:39:09 -0500
From:      Skip Ford <skip@menantico.com>
To:        Randall Stewart <rrs@cisco.com>
Cc:        freebsd-current@freebsd.org
Subject:   Re: CGL/CGE
Message-ID:  <20071108053909.GD47765@menantico.com>
In-Reply-To: <47323C93.2040506@cisco.com>
References:  <47323C93.2040506@cisco.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Randall Stewart wrote:
> Just curious if anyone has done a comparison between
> a Carrier Grade Environment (CGE) or a Carrier Grade Linux (CGL)
> set of requirements and what a standard FreeBSD system offers?

I'd done so quite a few years ago when the CGL spec was first
being developed.

If by "standard FreeBSD system" you mean the base system, then
it didn't really meet any of the requirements.  It could meet
requirements with minimal work in performance, scalability, and
interoperability, but was severely lacking in availability,
security, and management interface requirements.

The scheduler(s) realtime capabilities weren't flexible enough or
implemented at all with regard to availability.

Clustering isn't supported at all in the base system.  GPL'ed
tools are available in ports to cobble together a cluster, but not
one that meets availability requirements.  

FreeBSD has just never focused on availability or security in a
CGE-context.  It just panics when it reaches any error from which
it can't recover.  It needs the ability to migrate processes off
of a system that has reached an unrecoverable state, and the
definition of "unrecoverable" could be tightened in some cases.

Some of this has changed with the introductions of audit(4),
devfs(5), and mac(4).  At the time, FreeBSD didn't really have a
concept of events, which it now does.  Even with all of the benefits
mac(4) provides, including the ability to run CGL code within
the FreeBSD kernel, there are still some problems with security
and availability.  Any kernel process can bring down all of them
whether it needs that ability or not.  Subsystems really have no
choice, but processes could in some cases.

A lot has changed since I looked into this though.  I see now the
CGL spec will be 4.0 and it wasn't even 1.0 when I researched it
so I really could be out to lunch on this one.  But at the time, I
thought good starting points would be to analyze every panic and
to find unhandled assumptions (such as blindly writing to a device
that may no longer be operational.)

Any CGE-related work would benefit all FreeBSD users.

-- 
Skip



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071108053909.GD47765>