Hi Raphael,
of course, that would be okay. I'll follow the EFW development and would
also test your XEN-fitted 2.6.18 kernel.
Is that 2.6.18 kernel going to be integrated into the EFW 2.2 release?
Regards.
NicoP-
Raphael Vallazza <[EMAIL PROTECTED]>
Gesendet von: [EMAIL PROTECTED]
07.01.2008 10:24
Bitte antworten an
[email protected]
An
[email protected]
Kopie
Thema
Re: [Efw-user] Antwort: Re: Antwort: Re: EFW 2.2 Beta1: hwdetect script -
bug (within XEN DomU)?
Hi Nico,
we already have a working XEN enabled kernel (2.6.18 from RHEL5), so it
would be no extra work for us. I'm sorry but switch kernel at this point
is not feasable ;) We need a rock-solid and stable kernel for our hardware
appliances (mini, mercury, etc.) and 2.6.22 is working fine and has been
stress-tested for over one month on 25 systems.
Neobiker (http://www.neobiker.de/ftp/pub/efw-xen/) is also using the
2.6.18 kernel from RHEL5 and iptables etc. should be working fine. So for
now it would look this way:
default kernel: kernel-2.6.22.15*.rpm (vanilla with some bugfixes/patches)
xen kernel: kernel-xen-2.6.18-53*.rpm (RHEL5.1 kernel)
You're right that a single kernel would be better, but after 2.2. I've
seen many distributions that have different kernel versions for xen, it's
not the best solution but it should work.
Regards,
Raphael
Am 07.01.2008 um 10:04 schrieb Nico Prenzel:
Hi Raphael,
nice to have an roadmap discussion here.
You've asked following questions:
>>What do you think if for now we just package a "kernel-xen" package that
is separate, and maybe merge it together with the main kernel in efw 2.3?
I think we could use 2.6.24 for efw 2.3, that >>should work pretty well
with xen, right? What's the opinion of the xen experts out there? :)
One big point I want to mention here is, that your EFW would be the first
XEN-compatible firewall suite. Okay, smoothwall will do that too, but not
easily. I think you've seen that the german Heise publisher has
incorporated the EFW into his ct'server which is XEN-related. I think
you've also seen the movement to virtual appliances the last years. Of
cource you've seen this as your VMWare ready release demonstrates this.
Of course it will be your decision but pherhaps (and i do think) it would
be better to release an XEN-compatible release of EFW.
What do you mean with "kernel-xen" package?
If you mean an EFW rpm package with an XEN-fitted kernel 2.6.18, I would
say: I wouldn't do that, because you would have to support two different
kernel versions with all their quirks. Think of different handling of
iptables or such things. Of course I don't know which things are
incompatible, but I would say there must be such things as the two kernel
releases are more than one year apart.
I know you wouldn't like to hear that, but I would switch to the latest
stable kernel (2.6.23.12 for now)! This kernel is XEN-fitted and for me as
stable as >2.6.21! You should "simply" give it a try.
Pherhaps it works like a charm and then all would be fine... :-)
Regards,
NicoP.
Raphael Vallazza <[EMAIL PROTECTED]>
Gesendet von: [EMAIL PROTECTED]
04.01.2008 16:00
Bitte antworten an
[email protected]
An
[email protected]
Kopie
Thema
Re: [Efw-user] Antwort: Re: EFW 2.2 Beta1: hwdetect script - bug (within
XEN DomU)?
Hi,
we had some vary bad experience with 2.6.18 on our hardware (random
freeze/locks) and lost a lot of time... so we chose the kernel that is
up-to-date and yet stable/mature, 2.6.22 seemed to be a good choice and we
have it running for over 30 days now on 25 test machines. Works pretty
well.
Many major distributions that aren't bleeding edge use 2.6.22 (OpenSUSE,
ubuntu, etc.), it seemed a good kernel for us... to be honest we just
wanted a stable/working kernel, because we where fed up with
compiling/testing/freeze etc. and didn't think about xen. I must also
admit that we don't have much experience with xen, well it's an
interesting technology and we should definitely give it a try, but we had
so much work on the networking and base related stuff that we didn't have
much time for it.
What do you think if for now we just package a "kernel-xen" package that
is separate, and maybe merge it together with the main kernel in efw 2.3?
I think we could use 2.6.24 for efw 2.3, that should work pretty well with
xen, right? What's the opinion of the xen experts out there? :)
After efw 2.2 we have to shorten the release cycles to 3-5 months (really
;), 2.2 has taken too long because we changed a lot in the "core"
(uplinks, firewall scripts, etc.), it took over a year of development.
2.2 should finally be released in early february, and we're in the
bugfixing and cleaning up phase right now. Please help us finding and
fixing bugs! :)
Regards,
Raphael
Am 04.01.2008 um 15:29 schrieb Nico Prenzel:
Hi,
why not try to switch to kernel 2.6.23.x?
This and all subsequent kernel versions include support for xen-DomU. So,
you could eliminate the need to support two different kernel versions!
Wouldn't that be a desirable aim?
Regards,
NicoP.
Raphael Vallazza <[EMAIL PROTECTED]>
Gesendet von: [EMAIL PROTECTED]
01.01.2008 19:47
Bitte antworten an
[email protected]
An
[email protected]
Kopie
Thema
Re: [Efw-user] EFW 2.2 Beta1: hwdetect script - bug (within XEN DomU)?
Hi,
we switched to kernel 2.6.22.15 for endian firewall 2.2 because we had
some problems with RHEL 2.6.18 on our hardware appliances (probably
related to rtc/clocksource). 2.6.22 is a very stable kernel and is
definitely a better choice for efw because it features a more modern
netfilter/networking stack. In our labs it ran on 30 machines for 1
month without any problems, 2.6.18 just freezed randomly every 2-5 days.
The only drawback is that it doesn't have XEN support out-of-the-box,
but until the final release of 2.2 we will include an alternative xen
kernel. Right now we're concentrating on bugfixing/stabilizing the
system and we didn't have much time to test the xen kernel, please
give us some feedback about 2.6.18-53.1.4, if it runs fine and stable
we'll include it into the final release :)
Regards,
Raphael
Am 01.01.2008 um 17:55 schrieb Neobiker:
>
> Hi,
> try this one here:
> http://www.neobiker.de/ftp/pub/efw-xen/
> 2.6.18-53.1.4.endian7xen.tar.bz2
> it run's fine with EFW 2.2 Beta1, didn't tried Beta2 yet.
>
> Regards
> neobiker
>
>
> fenice wrote:
>>
>> Hi
>>
>> Is there a xen kernel available for the 2.2 beta2? If there is I'd
>> also
>> like to try testing it. :)
>>
>> Regards
>>
>> Bill
>>
>
> --
> View this message in context:
http://www.nabble.com/EFW-2.2-Beta1%3A-hwdetect-script---bug-%28within-XEN-DomU%29--tp13734683p14568067.html
> Sent from the efw-user mailing list archive at Nabble.com.
>
>
>
-------------------------------------------------------------------------
> This SF.net email is sponsored by: Microsoft
> Defy all challenges. Microsoft(R) Visual Studio 2005.
> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
> _______________________________________________
> Efw-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/efw-user
--
:: e n d i a n
:: open source - open minds
:: raphael vallazza
:: phone +39 0471 631763 :: fax +39 0471 631764
:: http://www.endian.com :: raphael (AT) endian.com
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
--
:: e n d i a n
:: open source - open minds
:: raphael vallazza
:: phone +39 0471 631763 :: fax +39 0471 631764
:: http://www.endian.com :: raphael (AT) endian.com
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Efw-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/efw-user
