[Ukfreebsd] Recap: FreeBSD developer summit in Cambridge in August

Robert Watson rwatson at FreeBSD.org
Mon Sep 22 10:37:55 BST 2008

On Mon, 22 Sep 2008, Sevan / Venture37 wrote:

> A couple of questions:
> The network stack virtualisation in 8.0 is that virtnet or something written 
> from scratch??

This is based on Marko Zec's virtnet/vimage/immunes project.  In about 
2006(ish), the NLnet and the FreeBSD Foundation contracted Marko and UZagreb 
to forward-port the work to FreeBSD 7.x from the original 4.x he did it on. 
Due to some schedule slippage it's now in the process of entering the 
8-CURRENT tree.  There are a now a number of other contributors involved, 
including Verio and Cisco.  Verio is looking at open-sourcing their 
FreeBSD-based managed server virtualization product, and merging those parts 
into VImage as well.

The bits are flying right and left as the work takes place, so it's not really 
ready for people to use or test yet, but I hope in the next couple of months 
the prototype will finish entering 8.x and be ready for a larger audience. 
We'll also see other subsystems fully virtualized, including some historically 
defficient areas in Jail, such as System V IPC, POSIX IPC, etc, and a 
much-improved management interface.  Another planned feature is the ability to 
specify which root kernel privileges are allowed in each Jail, something that 
was done on an ad hoc basis for one or two privileges before, but now it will 
be generalized.

The results are quite neat though -- you can create a series of jails, each 
with their own firewalls, rate-limiting, VLANs, IPSEC, etc, each managed from 
within the jail by the jail administrator.

Some notes from recent DevSummits:


And Marko's oldish page:


> Xen DomU support, how far off are we from having a EC2 image for testing???

I don't have recent information, but I believe it is being actively worked on. 
Apparently EC2 relies on a specific (and perhaps modified) version of the Xen 
hypervisor interfaces:


This is also definitely in the work-in-progress area, but lots of heavy 
lifting going on.

Robert N M Watson
Computer Laboratory
University of Cambridge

