Multiple IP Jail's patch for FreeBSD 6.2

Helge.Oldach at atosorigin.com Helge.Oldach at atosorigin.com
Tue May 15 08:23:58 UTC 2007 

Julian Elischer wrote on Monday, May 14, 2007 11:05 PM:
> Andre Oppermann wrote:
>> Julian Elischer wrote:
>>> talk with Marko Zec about "immunes".
>>> 
>>> http://www.tel.fer.hr/zec/vimage/
>>> and http://www.tel.fer.hr/imunes/
>>> 
>>> It has a complete virtualized stack for each jail.
>>> ipfw, routing table, divert sockets, sysctls, statistics, netgraph
>>> etc. 
>> 
>> Like I said there is a place for both approaches and they are
>> complementary.  A couple of hosting ISPs I know do not want to
>> give a full virtualized stack to their customers.  They want to
>> retain full control over the network configuration inside and
>> outside of the jail.  In those (mass-hosting) cases it is done
>> that way to ease support (less stuff users can fumble) and to
>> properly position those products against full virtual machines
>> and dedicated servers.  Something like this: jail < vimage <
>> virtual machine < dedicated server.
>> 
>>> He as a set of patches against 7-current that now implements nearly
>>> all the parts you need. It Will be discussed at the devsummit on
>>> Wed/Thurs 
>>> and we'll be discussing whether it is suitable for general inclusion
>>> or to be kept as patches. Note, it can be compiled out, which
>>> leaves a pretty much binarily compatible OS, so I personally would
>>> like to see it included.
>> 
>> I don't think it is mature enough for inclusion into the upcoming
>> 7.0R.  Not enough integration time.  Food for FreeBSD 8.0.
> 
> Actually I am not sure I completely agree. Consider:

Me neither. Markos work started at 4.0 already, which is a *long* time
ago, so I would assume a decent level of maturity in the first place.

> I might add that What Marco has now is very functional
> and that people should kick its tires (tyres) a bit..

Yep.

Also, having this functionality would give us sort of a unique feature
over "the competition".

Helge

Atos Origin GmbH, Theodor-Althoff-Str. 47, D-45133 Essen, Postfach 100 123, D-45001 Essen
Telefon: +49 201 4305 0, Fax: +49 201 4305 689095, www.atosorigin.de
Dresdner Bank AG, Hamburg: Kto. 0954411200, BLZ 200 800 00, Swift Code DRESDEFF200, IBAN DE69200800000954411200
Geschäftsführer: Dominique Illien, Handelsregister Essen HRB 19354, Ust.-ID.-Nr.: DE147861238

More information about the freebsd-hackers mailing list