VIMAGE and jail.
Brandon Gooch
jamesbrandongooch at gmail.com
Sat Oct 2 15:25:26 UTC 2010
2010/10/2 Eirik Øverby <ltning at anduin.net>:
> On 2. okt. 2010, at 15:12, Nikos Vassiliadis <nvass9573 at gmx.com> wrote:
>
>> Peter Ankerstål wrote:
>>> On 2 okt 2010, at 15.06, Nikos Vassiliadis wrote:
>>>> Peter Ankerstål wrote:
>>>>> Anyone here used the VIMAGE together with jail?
>>>> Is this some kind of poll?:)
>>>>
>>>> I have used VIMAGE and jail.
>>>>
>>>> Nikos
>>>>
>>>>
>>> Haha, sorry. Just wanted some pointers.
>>
>> do ask...
>
> Then I'd much appreciate some pointers to info about the vimage stuff, availability (8.x?), stability, real-world experiences and tales from the crypt..
>
> In short: why do I want the visage stuff and what can it do for me?
VIMAGE allows you to have a per-jail network stack. This in turn
allows for things like per-jail firewalling (only via ipfw for now),
ipsec, netgraph, etc...
I've been running it on my workstation (8-STABLE) and laptop
(9-CURRENT), mostly for academic purposes.
In the case of my workstation, I've used VIMAGE with jails (I call
them "vnet jails") to serve web sites to couple of different networks
while sharing local resources between the two jails and the local
machine. This particular setup was very hacked together -- not too
difficult really, but not sure how "correct" it is either -- it just
works :)
On my laptop, I've been experimenting with VIMAGE and the graphical
imunes utility to learn a little more about routing and what-not, and
also to demonstrate the VIMAGE functionality to others (my university
professors) who may be able to use it in an academic environment.
In both cases, I've had very few issues in regard to stability. I
haven't had a panic in a while although there are still memory leaks
when shutting down a vnet jail; haven't had time to look more deeply
into that yet.
I wish I could point you to some sort of "official" documentation on
using it (such as a handbook section or article), but I know of none.
I've muddled through using search engine results and the FreeBSD
mailing list archives. You can read a little more about the status of
the project here:
http://www.freebsdfoundation.org/announcements.shtml#Virtualization
Also, you may check this out, it's pretty neat:
http://old.tel.fer.hr/imunes/
Good luck, and have fun!
-Brandon
More information about the freebsd-jail
mailing list