Hi Nico,
we already have a working XEN enabled kernel (2.6.18 from RHEL5), so
it would be no extra work for us. I'm sorry but switch kernel at this
point is not feasable ;) We need a rock-solid and stable kernel for
our hardware appliances (mini, mercury, etc.) and 2.6.22 is working
fine and has been stress-tested for over one month on 25 systems.
Neobiker (http://www.neobiker.de/ftp/pub/efw-xen/) is also using the
2.6.18 kernel from RHEL5 and iptables etc. should be working fine. So
for now it would look this way:
default kernel: kernel-2.6.22.15*.rpm (vanilla with some bugfixes/
patches)
xen kernel: kernel-xen-2.6.18-53*.rpm (RHEL5.1 kernel)
You're right that a single kernel would be better, but after 2.2. I've
seen many distributions that have different kernel versions for xen,
it's not the best solution but it should work.
Regards,
Raphael
Am 07.01.2008 um 10:04 schrieb Nico Prenzel:
Hi Raphael,
nice to have an roadmap discussion here.
You've asked following questions:
>>What do you think if for now we just package a "kernel-xen"
package that is separate, and maybe merge it together with the main
kernel in efw 2.3? I think we could use 2.6.24 for efw 2.3, that
>>should work pretty well with xen, right? What's the opinion of the
xen experts out there? :)
One big point I want to mention here is, that your EFW would be the
first XEN-compatible firewall suite. Okay, smoothwall will do that
too, but not easily. I think you've seen that the german Heise
publisher has incorporated the EFW into his ct'server which is XEN-
related. I think you've also seen the movement to virtual appliances
the last years. Of cource you've seen this as your VMWare ready
release demonstrates this.
Of course it will be your decision but pherhaps (and i do think) it
would be better to release an XEN-compatible release of EFW.
What do you mean with "kernel-xen" package?
If you mean an EFW rpm package with an XEN-fitted kernel 2.6.18, I
would say: I wouldn't do that, because you would have to support two
different kernel versions with all their quirks. Think of different
handling of iptables or such things. Of course I don't know which
things are incompatible, but I would say there must be such things
as the two kernel releases are more than one year apart.
I know you wouldn't like to hear that, but I would switch to the
latest stable kernel (2.6.23.12 for now)! This kernel is XEN-fitted
and for me as stable as >2.6.21! You should "simply" give it a try.
Pherhaps it works like a charm and then all would be fine... :-)
Regards,
NicoP.
Raphael Vallazza <[EMAIL PROTECTED]>
Gesendet von: [EMAIL PROTECTED]
04.01.2008 16:00
Bitte antworten an
[email protected]
An
[email protected]
Kopie
Thema
Re: [Efw-user] Antwort: Re: EFW 2.2 Beta1: hwdetect script -
bug (within XEN DomU)?
Hi,
we had some vary bad experience with 2.6.18 on our hardware (random
freeze/locks) and lost a lot of time... so we chose the kernel that
is up-to-date and yet stable/mature, 2.6.22 seemed to be a good
choice and we have it running for over 30 days now on 25 test
machines. Works pretty well.
Many major distributions that aren't bleeding edge use 2.6.22
(OpenSUSE, ubuntu, etc.), it seemed a good kernel for us... to be
honest we just wanted a stable/working kernel, because we where fed
up with compiling/testing/freeze etc. and didn't think about xen. I
must also admit that we don't have much experience with xen, well
it's an interesting technology and we should definitely give it a
try, but we had so much work on the networking and base related
stuff that we didn't have much time for it.
What do you think if for now we just package a "kernel-xen" package
that is separate, and maybe merge it together with the main kernel
in efw 2.3? I think we could use 2.6.24 for efw 2.3, that should
work pretty well with xen, right? What's the opinion of the xen
experts out there? :)
After efw 2.2 we have to shorten the release cycles to 3-5 months
(really ;), 2.2 has taken too long because we changed a lot in the
"core" (uplinks, firewall scripts, etc.), it took over a year of
development.
2.2 should finally be released in early february, and we're in the
bugfixing and cleaning up phase right now. Please help us finding
and fixing bugs! :)
Regards,
Raphael
Am 04.01.2008 um 15:29 schrieb Nico Prenzel:
Hi,
why not try to switch to kernel 2.6.23.x?
This and all subsequent kernel versions include support for xen-
DomU. So, you could eliminate the need to support two different
kernel versions!
Wouldn't that be a desirable aim?
Regards,
NicoP.
Raphael Vallazza <[EMAIL PROTECTED]>
Gesendet von: [EMAIL PROTECTED]
01.01.2008 19:47
Bitte antworten an
[email protected]
An
[email protected]
Kopie
Thema
Re: [Efw-user] EFW 2.2 Beta1: hwdetect script - bug (within
XEN DomU)?
Hi,
we switched to kernel 2.6.22.15 for endian firewall 2.2 because we had
some problems with RHEL 2.6.18 on our hardware appliances (probably
related to rtc/clocksource). 2.6.22 is a very stable kernel and is
definitely a better choice for efw because it features a more modern
netfilter/networking stack. In our labs it ran on 30 machines for 1
month without any problems, 2.6.18 just freezed randomly every 2-5
days.
The only drawback is that it doesn't have XEN support out-of-the-box,
but until the final release of 2.2 we will include an alternative xen
kernel. Right now we're concentrating on bugfixing/stabilizing the
system and we didn't have much time to test the xen kernel, please
give us some feedback about 2.6.18-53.1.4, if it runs fine and stable
we'll include it into the final release :)
Regards,
Raphael
Am 01.01.2008 um 17:55 schrieb Neobiker:
>
> Hi,
> try this one here:
> http://www.neobiker.de/ftp/pub/efw-xen/
> 2.6.18-53.1.4.endian7xen.tar.bz2
> it run's fine with EFW 2.2 Beta1, didn't tried Beta2 yet.
>
> Regards
> neobiker
>
>
> fenice wrote:
>>
>> Hi
>>
>> Is there a xen kernel available for the 2.2 beta2? If there is I'd
>> also
>> like to try testing it. :)
>>
>> Regards
>>
>> Bill
>>
>
> --
> View this message in context:
http://www.nabble.com/EFW-2.2-Beta1%3A-hwdetect-script---bug-%28within-XEN-DomU%29--tp13734683p14568067.html
> Sent from the efw-user mailing list archive at Nabble.com.
>
>
>
-------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Efw-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/efw-user
--
:: e n d i a n
:: open source - open minds
:: raphael vallazza
:: phone +39 0471 631763 :: fax +39 0471 631764
:: http://www.endian.com :: raphael (AT) endian.com
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
--
:: e n d i a n
:: open source - open minds
:: raphael vallazza
:: phone +39 0471 631763 :: fax +39 0471 631764
:: http://www.endian.com :: raphael (AT) endian.com
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
