From owner-freebsd-arch@FreeBSD.ORG Tue Oct 16 00:09:29 2007 Return-Path: Delivered-To: arch@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 197E116A46B for ; Tue, 16 Oct 2007 00:09:29 +0000 (UTC) (envelope-from julian@elischer.org) Received: from outR.internet-mail-service.net (outR.internet-mail-service.net [216.240.47.241]) by mx1.freebsd.org (Postfix) with ESMTP id DB6C013C46E for ; Tue, 16 Oct 2007 00:09:28 +0000 (UTC) (envelope-from julian@elischer.org) Received: from mx0.idiom.com (HELO idiom.com) (216.240.32.160) by out.internet-mail-service.net (qpsmtpd/0.40) with ESMTP; Mon, 15 Oct 2007 17:09:28 -0700 X-Client-Authorized: MaGic Cook1e X-Client-Authorized: MaGic Cook1e Received: from julian-mac.elischer.org (nat.ironport.com [63.251.108.100]) by idiom.com (Postfix) with ESMTP id 9D1691266CE; Mon, 15 Oct 2007 17:09:27 -0700 (PDT) Message-ID: <47140146.2020806@elischer.org> Date: Mon, 15 Oct 2007 17:09:42 -0700 From: Julian Elischer User-Agent: Thunderbird 2.0.0.6 (Macintosh/20070728) MIME-Version: 1.0 To: Ade Lovett References: <470E5BFB.4050903@elischer.org> <470FD0DC.5080503@gritton.org> <20071013004539.R1002@10.0.0.1> <47107996.5090607@elischer.org> <2849CFD3-A747-4202-B2CB-759D3783C0B2@FreeBSD.org> In-Reply-To: <2849CFD3-A747-4202-B2CB-759D3783C0B2@FreeBSD.org> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Cc: arch@freebsd.org Subject: Re: kernel level virtualisation requirements. X-BeenThere: freebsd-arch@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussion related to FreeBSD architecture List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Oct 2007 00:09:29 -0000 Ade Lovett wrote: > > On Oct 13, 2007, at 00:53 , Julian Elischer wrote: >> Generally, you can run several hundred (or more) virtual jail/vimage >> style machines. xen/vmware uses so much more resources that you are >> usually limited to >> so number like 20. it is possible in a virtual networking setup to >> have a single process >> spanning several virtual environments (for example one process with a >> socket in each of the child universes). >> It is a valid question, but there is I think a place for both types of >> partitioning. > I'll take anything that can *reliably* allow me to run RELENG_5,6,7 (and > possibly HEAD) on the same (reasonably) beefy machine. Bonus points for > being able to do /i386 on /amd64 (or vice versa). > > Right now, the only solution that comes even close to doing this is > vmware on Windows XP. Bleh. ok, but that 's full virtualisation. There are many levels of virtualisation. I'm cribbing this description from: http://lass.cs.umass.edu/~shenoy/courses/spring07/lectures/Lec05.pdf as it's as good a description as I've seen.. . Machine Emulation – VM emulates/simulates complete hardware – Unmodified guest OS for a different PC can be run + Bochs, VirtualPC for Mac, QEMU • Full/native Virtualization – VM simulates “enough” hardware to allow an unmodified guest OS to be run in isolation + Needs same hardware CPU + IBM VM family, VMWare Workstation, Parallels,… • Para-virtualization – VM does not simulate hardware – Use special API that a modified guest OS must use – Hypercalls trapped by the Hypervisor and serviced + Xen, VMWare ESX Server • OS-level virtualization – OS allows multiple secure virtual servers to be run – Guest OS is the same as the host OS, but appears isolated + apps see an isolated OS + Solaris Containers, BSD Jails, Linux Vserver • Application level virtualization – Application is gives its own copy of components that are not shared + (E.g., own registry files, global objects) - VE prevents conflicts + JVM Each of these has advantages and disadvantages. The one I'm particularly interested in is the kind of which "jails" is a member. It's the one that requires us to make architectural changes to our kernel the most, but it is also the one that can be the most efficient. It does NOT however allow running of different OS's (other than possibly allowing one to have a virtual system that runs a userland we can emulate, e.g. some Linux an dearlier versions of FreeBSD.