BSDCan2007 - Confirmed Schedule

BSDCan 2007
The Technical BSD Conference

Marko Zec
Day 3
Room SITE A0150
Start time 15:00
Duration 01:00
ID 24
Event type Lecture
Track Networking
Language English

Network stack virtualization for FreeBSD 7.0

How many machines do you want?

Due to better scalability and significantly lower performance cost than full hardware virtualization platforms, operating system level virtualization frameworks such as BSD jails often become platforms of choice among production hosting environments. Network stack virtualization allows complete networking independence between jails on a FreeBSD system, including providing each jail with its own virtual network interface set, routing tables, firewall, rate limiting, IPSEC configuration and more. This paper describes the design and implementation of a network stack virtualization framework for FreeBSD -CURRENT.

The original implementation of the virtualized network stack for FreeBSD first appeared and was maintained as a patchset against the 4.x versions of the OS kernel. In this paper I'll describe the design issues, choices and experiences from the from-scratch reimplementation of the network stack virtualization for FreeBSD 7.0-CURRENT. The major questions the paper will address are as follows:

  • what are the major changes to the internal kernel API-s that the virtualization framework introduces;
  • what methodology can be applied for virtualizing the existing kernel code / subsystems - which parts can be done mechanically and which can be expected to be more tricky;
  • what are the performance implications of the stack virtualization: benchmarking against the unmodified OS;
Furthermore, I'll attempt to tackle the traditional monolithic view on system virtualization, asking the question what could be the benefits of a more modular virtualization approach, in a system where diverse virtualized OS resources could be freely combinable in order to create the “right” level of virtualization for specific application scenarios. In contrast to the paper, I believe that in the talk the focus can be slightly shifted from the kernel internals to the usability and application aspects of the full network stack virtualization, compared to the standard FreeBSD jails and other system virtualization platforms. The talk would also include a brief live demo of the technology to illustrate its potentials to the audience.