From owner-freebsd-jail@FreeBSD.ORG Sat Oct 2 15:25:26 2010 Return-Path: Delivered-To: jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 28131106567A for ; Sat, 2 Oct 2010 15:25:26 +0000 (UTC) (envelope-from jamesbrandongooch@gmail.com) Received: from mail-ww0-f42.google.com (mail-ww0-f42.google.com [74.125.82.42]) by mx1.freebsd.org (Postfix) with ESMTP id AE1548FC0A for ; Sat, 2 Oct 2010 15:25:25 +0000 (UTC) Received: by wwi18 with SMTP id 18so37933wwi.1 for ; Sat, 02 Oct 2010 08:25:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=+0fWWnJfBUcSwZux0/FacWFnB8YcjJDbcneX6gW6n9g=; b=IDhbV/VdwAjW43JyWpuz08NK8kQ6DtTXZSIOLuOsxGYlmSZekJAoNBaWUNgVHfTEgs gQffbs9UnsrkPF9f7cd9mrxaqegU6hWup5/2tR/MlGneXFtHHZWVbnwGxYaU0z1fiRgd zn9ClRpeTDFw07q8NfYcUKCy+zwDwQz2GK/5w= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=A5mcoP6XpkfRzjEW6HhnKGL/ejjBgSHaMrpv10CBDpdZu7FM/6KferSCuX4ityPsgc +0N1JLkPyKdvPEVPVTAHhMEsRp0y+CWhV5ls5d/iNlhdtICUmtwHBsc6I5drvd+VU+AH z+SuYapShtEAy+Zgim3z9Bu1hZMOymAjV+zcY= MIME-Version: 1.0 Received: by 10.216.15.10 with SMTP id e10mr3321556wee.21.1286031436052; Sat, 02 Oct 2010 07:57:16 -0700 (PDT) Received: by 10.216.133.133 with HTTP; Sat, 2 Oct 2010 07:57:15 -0700 (PDT) In-Reply-To: <92C217C3-64ED-4B07-87C5-F188C1BD4D2C@anduin.net> References: <5EBB05A0-53C9-4813-9DF3-031764E13B49@pean.org> <4CA72E5F.1050507@gmx.com> <6734878B-8703-4550-841A-D767CDAE5582@pean.org> <4CA72FB0.4030806@gmx.com> <92C217C3-64ED-4B07-87C5-F188C1BD4D2C@anduin.net> Date: Sat, 2 Oct 2010 09:57:15 -0500 Message-ID: From: Brandon Gooch To: =?ISO-8859-1?Q?Eirik_=D8verby?= Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: "jail@freebsd.org" Subject: Re: VIMAGE and jail. X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Oct 2010 15:25:26 -0000 2010/10/2 Eirik =D8verby : > On 2. okt. 2010, at 15:12, Nikos Vassiliadis wrote: > >> Peter Ankerst=E5l wrote: >>> On 2 okt 2010, at 15.06, Nikos Vassiliadis wrote: >>>> Peter Ankerst=E5l wrote: >>>>> Anyone here used the VIMAGE together with jail? >>>> Is this some kind of poll?:) >>>> >>>> I have used VIMAGE and jail. >>>> >>>> Nikos >>>> >>>> >>> Haha, sorry. Just wanted some pointers. >> >> do ask... > > Then I'd much appreciate some pointers to info about the vimage stuff, av= ailability (8.x?), stability, real-world experiences and tales from the cry= pt.. > > In short: why do I want the visage stuff and what can it do for me? VIMAGE allows you to have a per-jail network stack. This in turn allows for things like per-jail firewalling (only via ipfw for now), ipsec, netgraph, etc... I've been running it on my workstation (8-STABLE) and laptop (9-CURRENT), mostly for academic purposes. In the case of my workstation, I've used VIMAGE with jails (I call them "vnet jails") to serve web sites to couple of different networks while sharing local resources between the two jails and the local machine. This particular setup was very hacked together -- not too difficult really, but not sure how "correct" it is either -- it just works :) On my laptop, I've been experimenting with VIMAGE and the graphical imunes utility to learn a little more about routing and what-not, and also to demonstrate the VIMAGE functionality to others (my university professors) who may be able to use it in an academic environment. In both cases, I've had very few issues in regard to stability. I haven't had a panic in a while although there are still memory leaks when shutting down a vnet jail; haven't had time to look more deeply into that yet. I wish I could point you to some sort of "official" documentation on using it (such as a handbook section or article), but I know of none. I've muddled through using search engine results and the FreeBSD mailing list archives. You can read a little more about the status of the project here: http://www.freebsdfoundation.org/announcements.shtml#Virtualization Also, you may check this out, it's pretty neat: http://old.tel.fer.hr/imunes/ Good luck, and have fun! -Brandon