From owner-freebsd-questions@freebsd.org Tue Jan 29 07:17:36 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CE6E914AEECD for ; Tue, 29 Jan 2019 07:17:35 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id E73B26FFDD for ; Tue, 29 Jan 2019 07:17:34 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.117.100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "Let's Encrypt Authority X3" (verified OK)) (Authenticated sender: matthew/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 857C3CB36 for ; Tue, 29 Jan 2019 07:17:34 +0000 (UTC) (envelope-from matthew@FreeBSD.org) Received: from liminal.local (unknown [192.168.100.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: m.seaman@infracaninophile.co.uk) by smtp.infracaninophile.co.uk (Postfix) with ESMTPSA id C3D3F1864B for ; Tue, 29 Jan 2019 07:17:32 +0000 (UTC) Authentication-Results: smtp.infracaninophile.co.uk/C3D3F1864B; dkim=none; dkim-atps=neutral Subject: Re: When to use Jails with VNET, and when not?! To: freebsd-questions@freebsd.org References: <097B8CD7-A158-4DEA-8F7C-13B358F90793@icloud.com> From: Matthew Seaman Openpgp: preference=signencrypt Autocrypt: addr=matthew@FreeBSD.org; prefer-encrypt=mutual; keydata= mQINBFJIL80BEADi7/VbnnErDU6pjEhI/SzEZ/HbDRkJ5g7HroAtqIRm6nj8ZwOAgZ/2ZnWn 5F+fXTuLsG0FLNtkd17FoVcuCi5e/GPliXI5cmamV7E1Yz4T8UsJ7RQolimyxVexccKd16Tc AA7B9bFlJSKkBUSD0buj7VjT07xWhRzu6Vgi5r0UjLALYJz977uZA0F1aOGOXREDEAOhdcNc kSNjynqAwDA6dCT1Elpi4key1fYjv4jyDF+GU/YXul2Y/rguA8FCkHd9vyym5eAsLQ5mG00V V9fkEHIpH5KorNVnl/ufHXnkZqmHAZVpFDcrshb7aZ/pL45PXyWgLj+e6etelgj3a2bZi0JF cVdXCnBZVP2oIyYblM11ugTbfCwodORU8a5KfPeztMdAtDr4e+32NTrPdPi5rLT+GUsYz+PL 3A3m3u8bdsFp40DlIrBtSByVjqERxcfhphrEB4J8BXHUG7OAtXkZMlW/PGKDwXJq0O6Z5Tcg YHAoEiSWbXiexHgXNJyP+sqnIlhLWhSJGeJ+C83wqI6oYlZUCW00NkPxcIHnQPV/z+5wQVci TMyaWC2YCIHz4Ljs+TnwWMz0E8PNFDfHVbQ0W4PRGV7gRAqxfL+yKufauIEGbEq8rNDbSwL3 bcUCxR4ZDlaUEUwT4J8naf7rjdgiEYHs2Ig3jeK1+ER4FPG1sQARAQABtDBNYXR0aGV3IFNl YW1hbiA8bS5zZWFtYW5AaW5mcmFjYW5pbm9waGlsZS5jby51az6JAlcEEwEKAEECGwMFCwkI BwMFFQoJCAsFFgIDAQACHgECF4ACGQEWIQRyz6whebywJLW1RZADb2ye5/OevwUCWttU4QUJ DFmAlAAKCRADb2ye5/Oevwb5EACipbOazgwl5IbqkQI4gELpCh5dqDASS9DQqAD35n/cI91P 0lrYcdyCQbOXadQi5bswnP4AcJqX83mITXbcApDdxVxHujw7VODI069eV3/I9Qz72mHYYAAj w0CHNx4bKED2YCSVS6+jV5hq2sywNEUxL+4I218Oc+IsLts62m4tQ8UxX9fQ2H1kQOvdrYpj x7je5qJX/yujLc+9WWZ8ZBSdP/HVJUEdRgQotwAlgfMp3mRQEE73MAJisG/olj/dSxd+oHIP NbJt1yxMqhZekuEGqZpm3tWvqYgpGcEXdhphJSxeK6oLpTLghuAb7/WdOBrpfL7c2OQYBgOw DK+7Io9NBt/d/rCxL39jmUONW8ohrhnNQ2SALnyYTvZgruxA4tXxOOyM9up0/8mB5E8YC9ML 5YuxRPNTXYeWCexa0zktnkCgT7PhS33evf5gsA0B9Snv7TFCFN9adPAdHlsppZIWfTHDG8e2 Jik8PmvsUG34XNif5k6Ui3++2ZA8ZoKvOyLeomuno1hN8yk1APw8SbX1SPNz9UVbl8W/YgGj 3GhYOuQt4HcMiLyTby6R4lC4nsBaHS1MX+57f6Zxzf2wNjSKxiJK9qS7azbu/GxpafNhbz1Z +iUDIaJkRWA1Gs8C7SMcfVsI5zDtvqHGYtTCgooVMYJ6vRyB68M4bljUYMxRTrkCDQRSUUGj ARAAsPHwcnupWuOqYbboiYwZnd6dNRSUzMxIXN8vkdkrDfw7DvV9WYuAC9IGJ310N0otfh9A zGDiCPRbKl0YayJ2BIgsFzyAavA/kCCRLP5hMZ1mKkZ4K8Fs16EvtmarzPibSBfDQ0wcwzNf nSL2gZVG1JwRHHZ9TtiUsuAIh0R/qRh9+8AcFkS5Pfxb1PzJC/YuWOdlj6cO58u+2FfmNiGm oB6kl1LahmbtGgO8GRInkOYUYlWSUAA4Flw4FzWHBkEGv/STAp++KAZu2Tdl5UZH9iXm+Hsf 4sqt+/ILJketmO2RK2o2ECVwE2a/hQdOjjqmcscd1M5znweKSCk6dR/K4Cv05bZ7KVRCm2vK vuEBpltm/43/ls7OnFwz1UVswX9ch9t5tgSwbGxtTWJ/Mr3ybCz0EE4WaJBI8HTuVZWaJwXM ozz26BZCOV56flkZjDuyRhvRjZG+QhdbbumBDpa6wu3MCjSG8wn4RlNjuQdjDCo6bdqyovGg f8RW6UNCmStZkpTZYZfs8MTEcltmaFiJQjnY39pWa+Fp0aWwcwOVlAkp2wX6FzQeIEbPW515 vAlCjXneJIN7jss4Y2QJtFFQaCw0c+NloESFFhCLvYBhMPf2kccnDu25VRupkLp6njQs94Nf jtSb8mzOa2EhAHY81pRfdetOPosi23P6zIGKLXkAEQEAAYkEuwQYAQoAJgIbAhYhBHLPrCF5 vLAktbVFkANvbJ7n856/BQJa21VJBQkMUG8mAonBvSAEGQEKAGYFAlJRQaNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDY1M0E2OEI5 MTNBNEU2Q0YzRTFFMTMyNkJCMjNBRjUxOEUxQTQwMTMACgkQuyOvUY4aQBNlUBAAlCLRtOug Y70Q3lkGsFSNJZm9oqPJGorOsH+emDdsiZSe5Ut5P2MG+XlIofQOfxvupltzw2pFuJOvHEMS 0rod6lLJ6joInhf0ZQH3P6jF/d2Y8iR9+2nqBtUf27OsHVLRMd/5WHVgyMjjyNBq0urIdv4E wV8Y9CDtGBGeiYyMstaBxHdEH+oM9VZB92lv485p4V8t8k1BgNn7UjQzOMBlITAB7WsUcXGi zTjMMe1tX/IT+f00I4PWAn3w5q8ldvtsWf+muVpIaGpZBMrxBEPxYBD3WGMxiymthQQxgZAB 03GatfLjzixld5Zn8WuGiPOxOTBkJAudhxPvfkO+3jgLGSa7TN46HgNH36OdeEr4SMdspR0i 0lmW1hwHmpmyw3XYLy4BwmhuV9z1XQN3qab8FBxOpxcCxnbO4HoDgXAahQbRNSA7umzz+I7S UcZVnCCG3hCG4BLxklZhBw4RmUtRHiL8vu+MPKrcBnbZ8uJ2s3E6mhB0yM0UnA3pYhAysgwB q3n9jLYN0atzVmHL8Fxjyc7z1EJPgqFdfHfMYl/eLYmCuGNfMsSGlH9O7tWoE10qkDlLmNB7 jbiJNgTf9rc50QKKUqumqp4a1UMEnt+7yf//JqUD7Jf0iJrglLgUyPKSY5te9rJqHPy1wIXT 6pChY5ic8jmtXKsCZaaxL8rEsq0JEANvbJ7n856/RNkQAKiZK5wNuRyNJS21MUJxnP7biEW4 1QuGhV/7Ryw5XXIor8H7SZHCnVR1fCYnJWRwRYn0SyZGoERW/57rgibf8/gkPw741AkCKOhL TDNgvNriEjfWj3I0X6M90AZXhcnGVJTS/moV65g4lUo6jX1GiJyTCD4b9SLyNDzPgiWO2I3W R+Xf/W81PK1820CN7HpIZUrLfGF+Nr6kXUxeOeSpi7ZMB/p3e7ZSzY0Lp7PFqGfL9N1Jg26X 8DVaf/Em0AorutLx84DqqMfO02ySaCq0B83VYzbNB3Ascy4c2JNIvwMiyUbsOEzDKkqB3sYb 0iJtnty9DKvMaLps00eM1+GcYpLsspY4NZQeJTVC+WetRqzFM4k2JH1q3hwymYgIsxDam6kn U3m0bN19WLQYmS5HLPZbkmtpm3P49g6KLFxZHzklS7x8VUOMJ3O97xXScBC9bePB3tqQRDSs wX3YmIywTYVInEeFleNaXH3UoS3Dhw7KP3i/BNreWDM+oZhbc2OkgWzQzXfT+l17EcP9/xML 0CIgM/cJPwMOrKrdqgfL6zAYDUK0IGFgRoxgnAbnpPHCr7ykrELNLbGtnzchzCxnbIyrSVAb m+Dm5MnjQRiNFXbuvpkuVVFqo6a0OhX1cwTuCIzSEfSggRaOOEqXTk559dDOXDqVx9lVKniK vbGzkmhAuQINBFJRQiABEADC0axEKC09VCYGgsH20lUwtAXd6VUVCNENBlW+MXQYsKfCLqO+ XP6vM0pA+sSswaBeSB/Eu3XgdKhuYGKHqAOo4wyKvwk3h9IWmgVNMM8ZQFi/PP2ya56/tuWZ 7kkG2M2OfWQpnBHa97wSN0KWDjZHrQXQMggDq5EqimNc2+hFaB2zIGrP0tjXVrHLJEmJRLq2 ugTxpGKLlNOtBNEsWmiN+MafXpKM6HLDq1scCvrhRICheBsnGtcyGaErwpjNaLA70I0+B552 DfTj+PICOGCMnp4jlP6rmVG7RifZoE5DrkcdTim/IU0pLaO/Epts5lwDodEOW9CKQFH8dswT bp6xhKJf+y1dIwhoOIkEUspoME3rgLtn72+QQW4jw/4pjA7MQu9VOF9bUN/nxTfyn/Rct3Bq sBZPJURdorewPgoBsPxMaA7t8JRoRyuVwXGMacw+wdmv2lldsdUOGokSCB596FoXAcKWndiY dgNjMWJaODy2va9Vlv65hGQRXWcoI2ytMCSwSzslly+V+0jo0ZWoUpd+6BuYRvG1QUW5/Fco aPPJsr/UfU0jzg6bCAw/xw1nuGaiZTqNiNjklrGIKyi0UyY28DGGADn3j9obY7pOrI9nFicc NtxURyhmgHP9tiTYNTVaGPyJh+WV3ZH/Yb7TStZadLoWb5vXAs0DQj+qnQARAQABiQI8BBgB CgAmAhsMFiEEcs+sIXm8sCS1tUWQA29snufznr8FAlrbVUkFCQxQbqkACgkQA29snufznr9M zBAAvn4C8wWYyiObQbqgaAm8GjqlSi0lGEv7ydmcu2ElAAyD0dnxbEMKEGgBpQumGD8/1pdZ FYw3EIKWiazpvMVw+6fFz9GZdviuM1refUYm3duDejaNoH75zmIG9LRTOJ6RBkPd3oQznT40 X5K+ARqLaJDPAzjb6DH7HYINlvNvf89M4CVN0gofv7dcCqtBTF8CtXB3iG0cFAis/12PwpfH 3YzWq529jnJJCLChTD5eEBi2JNLzQRHMeqy8D4Bnkb+Ahkwgbzs5GXGYaXoZeyFKThTAK/sg eJ9Cz15azfKW+EWMUOcvCurqz2QajlLe04N9mU4vPp92VTo274CtfIg/shSguYXnEZ0I/sz3 VFn3Kn2bRYeRu6PyusNUsQ397Uw5wDVmqzQqz+MnOkP6xAJjOvnD05cdj17G4rJ8gTgmzDSA 6v0AfzhUygy6Qf0UgrWrFaFIL4zQWsp9sap/QTMm92SBhLOE/Kc7nkkueEeVp0TtbkWByxLq 77Gbp0m4iZB8zylaac118hY+/vJ87aTuKF4CiCcezaI5FMg8/VVczO7/LV/n8Uu8QUOYEatR cfOB2JNXxpI/LqXVzvXpUidJbwpXY2aZprgzGhahBocuRL9jY8qp4in5CkhyU+rZyHkpQMHI +i45KRHO5GDSDMQcDF2LYGRbDUMg7G1MYTJwzsG5Ag0EUkgvzQEQANi5h27KsPhVw6AKlUo8 htPapW7b4RS26/z2pJe1IJ+lejrD5LveuRxdO3V+5hxqdBMEYNuQRmOlgsjiXkM5XFIgBeEF VGBaDv5yKPZXNfqIJC2nNehcR+rWHq84yrVb/MAvEvfQTvn3GeCTDd51xYnZYVO0An44TLLe 9cKL/i5d4I7flz/NK4DMpSqBRs0z7Tj9uF22LtYDJhNnQPolF4f+ADRLGMsbNHpCKwLcuzCR NlWN+eTY9peGZEfDoJT39u4wdg2ut9aSTv3B+l5HHkfYSS2gNf5yQ3YOVbQp/D6vZvNBCS0n Y5G5ApFil2ZAdoqfllqeQ74eH/dEPqOK1LCiBznKPHoLvTAJgA9v+Lhb9qw1jbIVD56Y88ZW c2iONscDlN2dboAYXGu3pcc8KNFkfc/j3MKRfq6N2l+t/n4ueebtLZypDJ3v9X7cQAkaW90R DhEuPpvvd+MEZGDYH3ZtIokqXZ3G3yiAy4M4TGXg4jX2pQ8ccXciimcp3DaXvqcV/SKnF20Q l6lm0r9sNp8ZBWUkLeMnDnpMdSjlONGuG9TsM50gaDi+kJuy9/fnlA0UGMpQNmBc1wsNAHl/ Q3ObZHUQtsZZN0gYEusDHpNC87SHodMS5YTc/eKx02asEoIoue/vUejkI6dvHWZv93+13y3c ZBhHyfF6SEr5dNkjABEBAAGJAjwEGAEKACYCGwwWIQRyz6whebywJLW1RZADb2ye5/OevwUC WttVSQUJDFmA/AAKCRADb2ye5/Oev9SOD/48JvgAf/PkjW0+TTE5vDaqdlEmNBu3K/vFX4T7 u0YT+qzLGUGYUvISiti9Dl7dV8kTg/Yr20EbHpj2a1Iys03YbR3mn/p6dv9abyqkaSESHN/g PPk1rlEi/j3lyoQsjDN6bpBEwT7Kbgri+Lwtkwp0vGm8I5AOguGlnCuNqsJ2jnHJ6YnEaKKp imIkr8wJVWxmx0OfnZxWrhMr5txD2DG675r1/IyOkU6SnApoD15+fJQmrsSmCKo3cZUMvM5Q 9lUJgdKuC89jJ1NujCzk7SC/EP6xSW0KFGzpqK0leIfh1riQ8DNs9CWreLANKtq35qbDUeGy BHwki0krsRRuNfg+0c+Rc5XOl+vuGmwfblKguIkAKSMSsjslXHqom+9s+mhOqJUSjAHsazlL BkVn00DfooDQBeeOwDlRwmQi+xcV3FomZMf5+4ARmsfzGtRIiJp5pfjek/P9vjeW+UqlE2az teXCmaK0G2LaLVVNnJzrUVQAqpA5eMtd3Ay8IGlhbrfznmAplgUH0aYhR1twIbUF8MeyQYIH fofR+lOnp3/vufJFZWve4S6tbK/OA69+Xr4wKAG95XBw03qZtPFbWu9yk5AYuS02U4akBhFv NfSx4Bs2rcrXZh63VBrlNqecueJdOQiQuY6nGoUa5fiE9glZF5ib9PVa522bBwaI2mW1tbkC DQRSUUKTARAAt6FH3HbDFoumOWUuJlDgOQs3wdp2n3IKv7gqzbDdgaoWW7hDTvjO0Cb6p2PG UKEoxMQQoIdDO0pQ9rgr4Sh4VSVC9WMO/fUwqdrIs2nACIg4OwvNhIccW08S+N72f+yuXWOQ /dv79cwruE26/BEXgIP09MYcOWwcUCXzOoUR3er+jzcsN9uFjcsBVUJLIEru1askHRzCUa5P 9S9GAFBwN49HC5IJWEzdLP27FjjOG5UG3+QZahHrjG1i6S3bIYXtaGsqNyfkp9Is7Wpj2kk+ s9Ua+YMG/V5YVlbANIexa1yr75p1W9biqXpCWnB3TaHSfI0G1t9w8K2qhR/Z1/YLIcRzZ2aH JnvbzJYw5Cs1jfNpFytbASsxj0rbReouftlBvVWFRxsZ+oG1ZXL64/SVKMZAnfBNxd1uajp+ HtoQtYoTu88la6zcdnAhOD5JdOntN2VF8iQnDfPgkidfuSZ1C059xaRPTSRJBgMRDtOlDxgz 7Pxx/7L2jwxRY1dq6NGioflY7CCpGc7bi1K6xnf3lBL8X2nGpRAVsg9Lx1ShIWkgNbTAcPXp XcXlJ1xqz8HS8Twadh6gIfk/RNchBIED9lkVCKHYp/XQb8T8vMwn/kTWUm5WlPkQUFQN4D1b 6+dJw4bwn/wiRS8did1MU1OytJB6tljfEUCx0uKkzqr+33MAEQEAAYkEuwQYAQoAJgIbAhYh BHLPrCF5vLAktbVFkANvbJ7n856/BQJa21VJBQkMUG42AonBvSAEGQEKAGYFAlJRQpNfFIAA AAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDE5 RjE1NEVDQkYxMTJFNTA1NDRFM0YzMDAwNTEzRjEwRTBBOUU0RTcACgkQAFE/EOCp5OdNFg// ZqeVdGoKkMvALPzZjGz84+6l0kcMxSN4TfWmec0YpSmDEzCw4/SZoGqHlZb8lcTevmNrNXg6 c+wVw6P+Ycl20Nzb98Kt9C5sz+zGVmPPK+3O9gaPnEqlIKnnbxKXXNHQdd8Mf0UTpifMqX0I kWOqhe/tQKGoQ9+feKvLIaToIe/NjosW6vJ9YAgFqZ0015zwbElhMNFmgDMOI2SgjBZ9ngP1 U82Mqb7/7G9GxHtnwuJBSnPJgN8tav2O9uWPC0N8deyZBH4y9ERBPTFMc46wjkW030olcq7g 4hZ55rpPIEyGQZCq4u1gGibbiQJZEyUQT7BJm70/PeUr3uNjPlQODV/lF5TBvqGHEmlSQfo6 Yb/QQx07CK9bvhUSO2XP3ybS8JwoMZlgZzZcjiPiQF9ot6152/Cp/XrsKgtk+fg5ARZpyywR lQk1JCHRZvhgXIxqNYA04uwdPFcLI4vPiDaLS8mhXHLRZsSpHmIBqqrnam5Lq7iDc39UZrSJ MM40oy3iAOI2B7AOCbzxRuEplJd3E/tEqrnFGcPVN+h52ka74lEyfkwA2RrASWJJcXLN3/Vs izEj8okepefzjU/UPnU8sirzeWWo8Z4uKddovk//NwAPUJbee4vZLjYE6MWdpEoZP9CZXbtI PWuc9Djg16aHOgv44JPokDMaHA27A4rw2KwJEANvbJ7n856/SPkP/1bGUde7lnRTNd8c0ZrU tEi+OOibKyh7BjLUpzlihj3rGl9ljAF0eCdBrL1We3MDDcyi+XO7VZLiecZTlG6LLXFvEFjY pyPRx3bXlWk1/ahEiBoLWxedseNdFrO+H5XX6ODmKFFLhXgpsXnAxtM6Mxmrx0CGW4qzfUi7 Vsqj86gqlcet0/k5RqPMAhrGX5fNnQNWSAwumeFKM8UgDpKY0u7M2tS07B0ozXOSpqGTSJhX 6Ld2Nl95CL3wbSGuh1pDUOysAnzK5Rl/OQ9LtYpWomAKg6yn7gKYij5XmekAg/E+ybr5Gyx2 PgMQUGtuNmBRWP1qKtVUbrOekiuNz7kpdrP7M2O7i/cxWjGpVtjDNWuGkFgY3c+sKKawBma8 1K4rg044nkGwFX98vfEHVGu+HOd3D+Mv47nv4LQvzynBG/YflwaPmLhpw7HCPvpa4W7y8+5A KxDqWlM2NvrLwmwbmz9dQMGtjnNRm4uHfPX8AyzBoMtDrxNLIvDYlLqh+G2Q1shNNNdRNXn9 Z1pvri6KAHmH9GlISuM/jQfItout+Gtx9QUlNX3aIsdScTLA3jnMOpHcALCGI+XMiBNaVuYU xHgHh+MNYhmjQZZqASBCvVj1HyibDPZa/iQ4DBGBRlJb+8saPPqYVDQhosWSF20aJKwepZII OFjpMgmCIqZAnqK4uQINBFJRQrgBEADUWFag56O3CaycayGght1rYWYz7P9/3s7OlqAuEAId 8/kSz8jXzAb/Qb6t0247a2MD0gxnjgZQy2OiQOsOTrc31L6tUrLVATL5Q3oKIh9hOlNMA+cR jsgY3UmMaSw+Gftp64EJDBQwBXWT7CSUEJw4PqzwMPiTHRkmqQfzdfNagFJVqZ0e+cznoLzI 9WvkccwLW1kicBYEysX5yOXUQ9/PcKqRWcbxLFznJ16JsxL1DeUct5WRWUxECY2rM0t+AkNR a3NpzskiMUSzFhiGmJo9yyy1RS4drjMhEn/IcM1sO21ZF/WWuUVkul65qngFnaFDDRQ5lU3A agWhLhmppmK/yabSVfqz38B1APoBWuldYprslTbAOJrL2xFtiH7m9VYbP2aGdwr9V/C27kiN Wnm/lYzP9Z+dTFkxw2V+BOjiLWzDDD6pEE7YDhiPyoopadOyXtoJf3aK1OI+DBu3piBA/CDD DvavruM+3mjxUxcOo8w8rMaJzDUDLG0yOyhKWef3UW5ly3CKXe8+m/MZe0GavNBJt0ObLQpP mnn9b2kP/xS0ssszo8uzlfSMiGi9AedAoRQ7vFXfI0MBb0M8gJ6Ht/+j1b5Al9ABeeA3PRuu +aBJwBRdFp4AV5BsCa0Qb3aqVJUPuBvtY56aWWB9sSfQ1qeu/loRxkJbHhaPJswscQARAQAB iQI8BBgBCgAmAhsMFiEEcs+sIXm8sCS1tUWQA29snufznr8FAlrbVUkFCQxQbhEACgkQA29s nufznr+YBw//TJtAC9d/FYQQHKQg/QOEkcAL8Qx4HA2SICnhKqv64jPcYIUYocOO8Qayh+IV Da6MGkbsWdweUFuexMsW+17dqETfQjUApx32TUwF44WgIEfARLW2zRdRcXfsT4A2sQJCvNJr JnH3lywiJi+V848Q4sC3sSJREpcJd07oc2jxSKZyYZ1DBPfK1MyiwcBt2uFCTXdyFMham2aY LDP2JYvFP08tjTUAIKhe4B0bPTtldCf5sH5q8xrpaHnKHf0n7qMmK7NtGW/9R6WiCruiNsLn O95fms1tzKKfA4QXIYCEWl8XsRKwp51HZDjQu/KxPsjm6BL4eThnae9t3Zs5J0LiPxoFbN+p W7anft3YCeezB8+gus7I1Rn5yJMRyYRRVHtZZTBDQfoDqHgLY14GYtFGOT0IR/OuAzYM1CoM vVExgqVWixDwF5RH1OHO1TANqTGcrRm1lvasCWIphpoQVtkN4/PXGa+NhzsRmr/c5OUYxQNr oE8cdsK8mOIBRz9D2JpF7d2nr1X+vA4zk2JL61aCnc62BfSYNZWhCcOPJZUhFT9BqAkew0kk JzQ3jwHGAhfcfozTHoFsD08qAW0OUriEtH+EOXl+dYbjlNUjFPjJu49cZbtp/1TpsYOBdME1 QLM1TPanYXa7tb+IrRZN+Oi9i9VVym16DK7q21k3j0qRC0s= Message-ID: Date: Tue, 29 Jan 2019 07:17:31 +0000 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 MIME-Version: 1.0 In-Reply-To: <097B8CD7-A158-4DEA-8F7C-13B358F90793@icloud.com> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="HtM2hS40jmhmefzns4ffKpky5s6tQBKwF" X-Rspamd-Queue-Id: E73B26FFDD X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-2.98 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.98)[-0.985,0]; ASN(0.00)[asn:11403, ipnet:2610:1c1:1::/48, country:US] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Jan 2019 07:17:36 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --HtM2hS40jmhmefzns4ffKpky5s6tQBKwF Content-Type: multipart/mixed; boundary="L6HA6NFjcUXrmxfq1bBhCMIqXvdrr8GvS"; protected-headers="v1" From: Matthew Seaman To: freebsd-questions@freebsd.org Message-ID: Subject: Re: When to use Jails with VNET, and when not?! References: <097B8CD7-A158-4DEA-8F7C-13B358F90793@icloud.com> In-Reply-To: <097B8CD7-A158-4DEA-8F7C-13B358F90793@icloud.com> --L6HA6NFjcUXrmxfq1bBhCMIqXvdrr8GvS Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: quoted-printable On 28/01/2019 18:13, Parsa Samet via freebsd-questions wrote: > Would someone please give me a brief explanation of when to use > jails with VNET and when not to? If VLAN-ing is not my concern, and=20 > services I use do not need a separate network stack - let=E2=80=99s say= I run > anything from DNS server to MailServer, Database, Java Application > Server, VCS, CICD implementations, Streamers, Log Analyzers and etc., > but believe they don=E2=80=99t in all scenarios need separate stacks - = would > there be anything else left for me to benefit from VNET? There is no general clear-cut reason to use VNET jails over traditional ones -- for the vast majority of cases, either style will serve you well. There are some edge cases where the decision is easier: * Jails with no networking -- these might not sound very useful, but for example, they are used heavily by poudriere for providing clean build environments. In this case, there's no need to add all the host-side pieces for a VNET jail, like configuring a bridge0 * Jails where they need an independent routing table or firewall config, typically because management of the jail has been delegated to a different group than manages the containing host. Not always though: on a multi-homed system jailed applications can quite easily need different routing than the main host. These are certainly best served through VNET jails. * Jails where the software needs access to a standard loopback interface or where loopback traffic should not be routed via a network accessible interface for security reasons. Again, VNET jails are appropriate here. * In a mixed environment of bare-metal servers and jails, configuring jails to use VNET means that they behave much more like standard hosts. This may simplify management, particularly if you use configuration management systems like ansible or puppet. An example of software that benefits from the third case is unbound where it rejects packets that appear on a different interface than it expects. I suspect that for the services you mention, there is no compelling case either way between VNET and traditional jails. You get to choose fairly arbitrarily. > All services I run on my servers are in a jail, and only some rare > services are in an OpenBSD vm on top of bhyve. Also, I=E2=80=99m on Fre= eBSD > 12.0-RELEASE-p2 with ZFS. Yes -- 12.0-RELEASE is most suitable for running VNET enabled jails. You could do it on older FreeBSD versions, but the code was a lot less polished and you'ld need a custom kernel. ZFS works nicely with jails -- consider investigating the iocage jail management software: https://github.com/iocage/iocage which stores jail configurations as ZFS properties. Cheers, Matthew --L6HA6NFjcUXrmxfq1bBhCMIqXvdrr8GvS-- --HtM2hS40jmhmefzns4ffKpky5s6tQBKwF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEGfFU7L8RLlBUTj8wAFE/EOCp5OcFAlxP/gxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDE5 RjE1NEVDQkYxMTJFNTA1NDRFM0YzMDAwNTEzRjEwRTBBOUU0RTcACgkQAFE/EOCp 5OfnVg/+IfrVDglKlOEW0GoqI1ZELQcQ7dPnGB+lNbjQFh1VLX8SsSiCXRm+FB4x GLMyXux7se2O1v8zXSEaHfgjlBgofgmCVH78A+5Fl1K2uhClttNyq+oRsEf7zHUg nodhSn+Sqg3AeV7h5iB8BAXUi34SWWi0qgVnSnno0dza1XOtOrFjcwBN4qxMjy43 bkwSPZUYxwB2QcPLHRukqEfd8FJPqVdyWNFqmvIVDRwVXTBTcZo3Wtm/33+6E2mD HOuigGotVH74D9hmWyOwr3SM+TXXngAsWhAh/UbePzpAdP5qUegT+9loi1gM7VVR Kzwj0KXc3tIDlX1F4yjMF7coRgDtc6GkkoYvv+xDHPsfjNJzndlBQcB38aLgpqea ttpceZ3UfSVoMYvy3ST3zxa3B+oIAFD2cR2UZfLEZow+mgATXliyUxZl1PZNfE0B mjcIZMqnkBstEyUcN01Kb21a97VSFex5KBoHbbunGqnbqBL3Ceu/M/+O7MjYVD9k W9fynr+RFEM4jRWWmeyaZVaN064ETnLflqRCpASpUW+ooqMpCnr42pCjUZc/YsRr mOWpxE1jIBQFAGeV/g81IgNPwMXYBWiGtrBIbD3hsWMNnKqwTx0X7s4J0s1hAlIR 7j7GC33isGTaYkn6ySIY8CnEDkiXojEI8IcEJzslT4kNhCXvBls= =ph4y -----END PGP SIGNATURE----- --HtM2hS40jmhmefzns4ffKpky5s6tQBKwF--