Thursday, August 26, 2010

Update on FreeBSD Jail Based Virtualization Project

Bjoern Zeeb has provided a summary regarding the completion of the funded portion of the FreeBSD Jail Based Virtualization Project:

I am happy to report that the funded parts of the FreeBSD Jail Based Virtualization project are completed. Some of the results have been shipping with 8.1-RELEASE while others are ready to be merged to HEAD.

Jails have been the well known operating system level virtualization technique in FreeBSD for over a decade. The import of Marko Zec's network stack virtualization has introduced a new way for abstracting subsystems. As part of this project, the abstraction framework has been generalized. Together with Jamie Gritton's flexible jail configuration syscalls, this will provide the infrastructure for, and will ease the virtualization of, further subsystems without much code duplication. The next subsystems to be virtualized will likely be SYSV/Posix IPC to help, for example, PostgreSQL users. This will probably be followed by the process namespace.

Along with the framework, debugging facilities, such as the interactive kernel debugger, have been enhanced so that every new subsystem will be able to immediately make use of these improvements without modifying a single line of code. Libjail and jls can now work on core dumps and netstat is able to query individual live network stacks attached to jails.

For the virtual network stack, work was focused on network stack teardown, a concept introduced with the network stack virtualization. The primary goal was to prototype a shutdown of the (virtual) network stacks from top to bottom, which means letting interfaces go last rather than first and still being able to cleanly shutdown TCP connections. Good progress was made, but a lot of code over the last two decades was never written in a way to be cleanly stopped. Work on this will have to continue, along with virtualizing the remaining network subsystems to allow long term stability and a leak and panic free shutdown. As a side effect, users of non-virtualized network stacks will also benefit, as other general network stack problems are identified and fixed along the way.

I am happy to see more early adopters, former OpenSolaris users, and people contributing code or reporting problems and would like to encourage people to further support this project.

My special thanks go the FreeBSD Foundation and CK Software GmbH for having sponsored this project, as well as to John Baldwin and Philip Paeps for helping with review and excellent suggestions.

No comments:

Post a Comment

Post a Comment