Date: Mon, 3 Jun 2019 09:33:25 +0100 From: Matthew Seaman <matthew@FreeBSD.org> To: freebsd-questions@freebsd.org Subject: Re: to jail or not to jail Message-ID: <5d9af532-45fc-b088-893d-ec413460b2ff@FreeBSD.org> In-Reply-To: <1231820b-830b-4a22-8b08-37242226d276@www.fastmail.com> References: <CAPORhP4pbfCC96PXOeErJgswX_2dh%2BmXcBb1TrH6F0f5oN-wDw@mail.gmail.com> <9783db6e-959e-b177-89d5-84af47fd5c3f@FreeBSD.org> <1231820b-830b-4a22-8b08-37242226d276@www.fastmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 02/06/2019 12:41, Dave Cottlehuber wrote: >> think about using vimage jails on 12.0, as that makes the jails seem a >> lot more like just regular VMs, and gives you the ability to effectively >> create a private virtual switch inside your server, rather than having >> services appear on external interfaces. Beware though that there are >> currently some quite severe bandwidth limitations on this sort of >> internally virtualized networking under FreeBSD, so this is not suitable >> for a high-traffic system. > Matthew, anything you can point me to about this limitation? Kristof Provost talked about it during his presentation at BSDCAN -- the video of that is not turning up in my searches, but here's probably a very similar talk from linux.conf.au: https://www.youtube.com/watch?v=2neDPNIcrBk In short the problem is that there's a single thread for handling all the internal traffic. (Possibly a single lock as well?) Cheers, Matthew
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5d9af532-45fc-b088-893d-ec413460b2ff>