From owner-freebsd-hackers@FreeBSD.ORG Sun May 25 16:04:38 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4D30537B401; Sun, 25 May 2003 16:04:38 -0700 (PDT) Received: from mail.tel.fer.hr (zg05-198.dialin.iskon.hr [213.191.138.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9CF4043F93; Sun, 25 May 2003 16:04:33 -0700 (PDT) (envelope-from zec@tel.fer.hr) Received: from tel.fer.hr (marko-tp.katoda.net [192.168.201.109]) by mail.tel.fer.hr (8.12.6/8.12.6) with ESMTP id h4PN0Rfa002359; Mon, 26 May 2003 01:00:31 +0200 (CEST) (envelope-from zec@tel.fer.hr) Message-ID: <3ED14BF3.139CAC32@tel.fer.hr> Date: Mon, 26 May 2003 01:04:19 +0200 From: Marko Zec X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: hackers@freebsd.org, net@freebsd.org Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: Network stack cloning / virtualization patches X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 25 May 2003 23:04:38 -0000 Hi all, at http://www.tel.fer.hr/zec/vimage/ you can find a set of patches against 4.8-RELEASE kernel that provide support for network stack cloning. The patched kernel allows multiple fully independent network stack instances to simultaneously coexist within a single OS kernel, providing a foundation for supporting diverse new applications, including: - Enhanced virtual hosting (think of jails with its own private set of network interfaces, IP addresses, routing tables, ipfw and dummynet instance etc.); - High-performance real-time network simulation / emulation; - Fully isolated overlay VPN provisioning (using IP tunnels), including the possibility of creating nested VPNs. The network stacks are embedded in new resource container entities named "virtual images". Each process and network stack instance within the system has to be associated with a virtual image, which in effect becomes a light or pseudo virtual machine entity. Additional goodies include the possibility to control some other resources besides the network stack, most notably the independent CPU load and usage accounting, as well as feedback-driven proportional share scheduling among virtual images. For more details, check the above URL. Note that the patch was designed to allow all existing applications and utilities to run unmodified on the patched kernel, so no recompiling of the userland is necessary. Hope you'll find use for the new framework :-) Cheers, Marko