Craig Rodrigues rodrigc at FreeBSD.org
Mon Nov 17 07:46:35 UTC 2014


I would like to get feedback on the following proposal.
In the head branch (CURRENT), I would like to enable
VIMAGE with this commit:


Index: sys/conf/NOTES
--- sys/conf/NOTES      (revision 274300)
+++ sys/conf/NOTES      (working copy)
@@ -784,8 +784,8 @@
 device         mn      # Munich32x/Falc54 Nx64kbit/sec cards.

 # Network stack virtualization.
-#options       VIMAGE
-#options       VNET_DEBUG      # debug for VIMAGE
+options        VIMAGE
+options        VNET_DEBUG      # debug for VIMAGE

 # Network interfaces:

I would like to enable VIMAGE for the following reasons:


(1)  VIMAGE cannot be enabled off to the side in a separate library or
       kernel module.  When enabled, it is a kernel ABI incompatible change.
       This has impact on 3rd party code such as the kernel modules
       which come with VirtualBox.
       So the time to do it in CURRENT is now, otherwise we can't consider
       doing it until FreeBSD-12 timeframe, which is quite a while away.

(2)  VIMAGE is used in some  3rd party products, such as FreeNAS.
       These 3rd party products are mostly happy with VIMAGE,
       but sometimes they encounter problems, and FreeBSD doesn't
       see these problems because it is disabled by default.

(3)  Most of the major subsystems like ipfw and pf have been fixed for
VIMAGE, and the only
       way to shake out the last few issues is to make it the default and
       get feedback from the community.  ipfilter still needs to be

(4)  Not everyone uses bhyve.  FreeBSD jails are an excellent virtualization
       platform for FreeBSD.  Jails are still very popular and
       performant.  VIMAGE makes jails even better by allowing per-jail
       network stacks.

(5)  Olivier Cochard-Labbe has provided good network performance results
       in VIMAGE vs. non-VIMAGE kernels:


(6)  Certain people like Vitaly "wishmaster" <artemrts at ukr.net> have been
      running VIMAGE
      jails in a production environment for quite a while, and would like
to see it
      be the default.


(1)  Coordinate/communicate with portmgr, since this has kernel ABI

(2)  Work with clusteradm@, and try to get a test instance of one of the
       PF firewalls in the cluster working with a VIMAGE enabled kernel.

(3)   Take a pass through http://wiki.freebsd.org/VIMAGE/TODO
         and try to clean things up.  Get help from net@ developers to do

(4)   Take a pass on trying to VIMAGE-ify ipfilter.  I'll need help from
        the ipfilter maintainers for this and some net@ developers.

(5)   Enable VIMAGE by default in CURRENT on January 5, 2015.
        This will *not* be enabled in STABLE.

What do people think?


More information about the freebsd-virtualization mailing list