Jail vnet features

[Fbsd8]

wishmaster wrote:
> 
>  
>  --- Original message ---
>  From: "Fbsd8" <fbsd8 at a1poweruser.com>
>  Date: 11 July 2014, 16:49:08
>   
> 
> 
>> Marcin Michta wrote:
>>> Hello,
>>>
>>>
>>>
>>> I want to ask what are advantages and disadvantages using VNET?
>>>
>>> I know that it allows each jail to have a private networking stack, but what
>>> else?
>>>
>>>
>>>
>>> Regards
>>>
>>> Marthin
>>>
>> Its experimental, it has many bugs posted in PR system, loses memory 
>> every time a vnet jail is stopped, firewalls in vnet jail don't work,
>> other that these show stoppers, use at your own risk.
> 
> Hey, man. Stop panic!
> 
> Firewall works very well. Memory leak on shutdown it is not very big problem.
> Main advantage for me is: I am able to filtering and prioritization traffic coming thought base system. My vnete'ed jails is like a regular LAN clients and they share INET pipe with appropriate weight. I use ipfw.
> 


Oh ya, host panic on boot is another common happing with vimage and 
firewall ipf and pf trying to run inside of a vnet jail and on the host 
at the same time.

Many people DO consider any kind of memory leak in kernel software such 
as vimage is a really big show stopper for not using it in a production 
system.

If you read a little bit closer the previous post you will see it's 
talking about firewall running inside of a vnet/vimage jail. It doesn't 
  say anything about running a host firewall directing traffic to a ip 
number assigned to a vnet jail.

Here is a list of some of the vnet outstanding PR's

143808, 147950, 148155, 152148, 160496, 160541, 161094, 164763, 165252, 
176112, 176929, 178480, 178482, 179264, 182350, 185092, 188010, 191468

vnet/vimage is experimental and should never be used in a production 
system and be exposed to the public network. It is not a secure software 
configuration. Sure you can disregard all warnings and common sense and 
risk your host system, thats your choice.