RFC: Enabling VIMAGE in GENERIC
rodrigc at FreeBSD.org
Mon Nov 17 07:46:35 UTC 2014
I would like to get feedback on the following proposal.
In the head branch (CURRENT), I would like to enable
VIMAGE with this commit:
--- sys/conf/NOTES (revision 274300)
+++ sys/conf/NOTES (working copy)
@@ -784,8 +784,8 @@
device mn # Munich32x/Falc54 Nx64kbit/sec cards.
# Network stack virtualization.
-#options VNET_DEBUG # debug for VIMAGE
+options VNET_DEBUG # debug for VIMAGE
# Network interfaces:
I would like to enable VIMAGE for the following reasons:
(1) VIMAGE cannot be enabled off to the side in a separate library or
kernel module. When enabled, it is a kernel ABI incompatible change.
This has impact on 3rd party code such as the kernel modules
which come with VirtualBox.
So the time to do it in CURRENT is now, otherwise we can't consider
doing it until FreeBSD-12 timeframe, which is quite a while away.
(2) VIMAGE is used in some 3rd party products, such as FreeNAS.
These 3rd party products are mostly happy with VIMAGE,
but sometimes they encounter problems, and FreeBSD doesn't
see these problems because it is disabled by default.
(3) Most of the major subsystems like ipfw and pf have been fixed for
VIMAGE, and the only
way to shake out the last few issues is to make it the default and
get feedback from the community. ipfilter still needs to be
(4) Not everyone uses bhyve. FreeBSD jails are an excellent virtualization
platform for FreeBSD. Jails are still very popular and
performant. VIMAGE makes jails even better by allowing per-jail
(5) Olivier Cochard-Labbe has provided good network performance results
in VIMAGE vs. non-VIMAGE kernels:
(6) Certain people like Vitaly "wishmaster" <artemrts at ukr.net> have been
jails in a production environment for quite a while, and would like
to see it
be the default.
(1) Coordinate/communicate with portmgr, since this has kernel ABI
(2) Work with clusteradm@, and try to get a test instance of one of the
PF firewalls in the cluster working with a VIMAGE enabled kernel.
(3) Take a pass through http://wiki.freebsd.org/VIMAGE/TODO
and try to clean things up. Get help from net@ developers to do
(4) Take a pass on trying to VIMAGE-ify ipfilter. I'll need help from
the ipfilter maintainers for this and some net@ developers.
(5) Enable VIMAGE by default in CURRENT on January 5, 2015.
This will *not* be enabled in STABLE.
What do people think?
More information about the freebsd-virtualization