From owner-freebsd-hackers@FreeBSD.ORG Sun May 25 17:19:13 2003 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 32CDA37B401; Sun, 25 May 2003 17:19:12 -0700 (PDT) Received: from mail.tel.fer.hr (zg05-198.dialin.iskon.hr [213.191.138.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 91DF943F75; Sun, 25 May 2003 17:19:10 -0700 (PDT) (envelope-from zec@tel.fer.hr) Received: from tel.fer.hr (marko-tp.katoda.net [192.168.201.109]) by mail.tel.fer.hr (8.12.6/8.12.6) with ESMTP id h4Q0F3fa002376; Mon, 26 May 2003 02:15:08 +0200 (CEST) (envelope-from zec@tel.fer.hr) Message-ID: <3ED15D6F.1BF1BB37@tel.fer.hr> Date: Mon, 26 May 2003 02:18:55 +0200 From: Marko Zec X-Mailer: Mozilla 4.8 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Jordan K Hubbard References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit cc: hackers@freebsd.org cc: net@freebsd.org Subject: Re: Network stack cloning / virtualization patches X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 26 May 2003 00:19:13 -0000 Jordan K Hubbard wrote: > Have you thought about > extending this to the point to where each independent instance truly is > a functionally independent kernel instance, similar to some of the > "virtual Linux" work done by/for IBM so that you can run n "linuxes" > on a single 3090 processor? My model is much more in line with the pseudo-VM concepts, like the jail is (it actually reuses much of the jail code for userland separation between processes running in different virtual images). However, I'm only virtualizing certain resources _within_ the kernel, albeit the entire network stack is quite a big piece of resource :-) This is fundamentally different from what IBM does, as they virtualize the entire hardware and run fully contained OS images within the VMs. Each approach has its advantages and drawbacks, of course. IMO, the main benefits of the "light" VM model lie in near zero performance penalty compared to the unmodified OS, as well as in efficient usage of hardware resources (memory, filesystems). On the other hand, IBM's true VM shines in isolation between the VMs, but lags in efficiency... So, I'd certainly like to virtualize more system resources and make virtual images as independent from each other as possible, but they will always have to share the same kernel. Cheers, Marko