Date: Fri, 31 Dec 2010 20:52:53 -0600 From: Adam Vande More <amvandemore@gmail.com> To: mailinglistmember@mgwigglesworth.net Cc: freebsd-questions@freebsd.org Subject: Re: How can I implement true vps with FreeBSD as a host? Message-ID: <AANLkTinfeAB8uBRrkkt3=kJGpBbfwcZHzMHOVLQ1kV7a@mail.gmail.com> In-Reply-To: <4D1E9120.1070604@mgwigglesworth.net> References: <4D1E061E.9070306@mgwigglesworth.net> <4D1E68BA.9080001@herveybayaustralia.com.au> <AANLkTi=_vPRmXv%2Bm8AiMADZhQk=HRfd5uO5RGsnJ0zHf@mail.gmail.com> <4D1E74B5.8030100@herveybayaustralia.com.au> <4D1E78D9.6090103@mgwigglesworth.net> <4D1E7BDA.3080909@mgwigglesworth.net> <4D1E7D8C.7060606@herveybayaustralia.com.au> <4D1E9120.1070604@mgwigglesworth.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 31, 2010 at 8:27 PM, Martes G Wigglesworth < mailinglistmember@mgwigglesworth.net> wrote: > > On 12/31/2010 08:04 PM, Da Rock wrote: > >> Depends on what you mean by 'fair'. I think you can now determine CPU >> usage in jails, even allocate cores. I think the man pages can tell you more >> about that, and the docs on freebsd.org. You can unmask some devices >> within the jail and allow only certain jails and users to access it. And >> finally I think you can jail a jail now, so that might be useful- especially >> in CPU allocation. >> > > I was thinking about possible DoS issues with memory management, however, I > have not read far enough into the Jails docs to find out if there is > anything new in this arena. I was actually considering the security aspects > of memory overflows, etc.... That's why you should read the link I posted which is what the current plan of action to allow jail resource limiting. It's simply not possible currently. There were a couple of different patches for this functionality for 7.x series but aren't supported officially(see wiki jails for more info). You also have to worry about IO and cpu starvation from runaway processes/attacks as well. Cpu issues can be mitigated with cpuset(1) and jails but you have no way to control IO other than renice(8). Xen gives similar cpu ability plus IO bandwidth feature. Virtualbox 4 has smp cpu assignment feature and a new IO bandwidth limiter but is not in ports yet. So as already said, if FreeBSD is your host Virtualbox is your only choice(qemu doesn't count for performance reasons). If Virtualbox does not meet your needs, you'll have to find another OS as jails don't provide the isolation you'll need. -- Adam Vande More
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTinfeAB8uBRrkkt3=kJGpBbfwcZHzMHOVLQ1kV7a>