subject:"Re\: \[qubes\-users\] Re\: Possible to add second interface to sys\-firewall\?"

Re: [qubes-users] Re: Possible to add second interface to sys-firewall?

2017-10-07 Thread Ron Hunter-Duvar

On 10/06/2017 01:41 PM, Ed wrote:

On 10/06/2017 03:14 PM, Mike Keehan wrote:

On Fri, 6 Oct 2017 12:17:26 -0400
Ed wrote:

On 10/06/2017 12:10 PM, Mike Keehan wrote:

Wouldn't it be possible to add a second Firewall VM to be used
solely by your special single vm?

Yes I believe this would def work, and also should be
automatic/reliable across reboots, but I was really hoping to not
give up 2-4GB of RAM just for this purpose.

I think you will find that the firewall VM runs OK in just 500Mb, maybe
less. Search the mail list for "vm memory" - there have been a number
of discussions about how much is actually used by the system VMs. (I
can't remember the details off hand, or I would give more info!)

It is worth knowing that although a VM is initially set up with a 4Gb
memory allocation, it only uses what it needs. The rest is still
available to the other qubes etc.

Mike.

You know that's not a bad point. I never really looked into reducing
the memory allotment. I just know anecdotally on my systems the
firewall vm's use 2-3GB (when left with the default max of 4GB). I
also know they will run on less if I'm pushing a system out of memory
but I never though to just restrict them to less to start.

I'm not really strapped for memory on the machine I'm working with
here so it does look like adding an additional firewall VM would be
the easiest way to get what I want, it just seemed a tad wasteful to
me, but perfect is the enemy of good

Appreciate the input!

IMO, it's best to leave memory management to the OS until such time as a
definite problem is found (which would most likely show up as swapping,
which would cause massive performance problems).

I suspect you'd find if you looked closely at the vm that most of the
memory used is for caching. That's a good thing. No point having memory
sit unused and forcing to to keep downloading the same files. The moment
the cache is needed for something else, it'll be reallocated.

Ron

--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/976e6d2e-b2ab-4e82-3a9b-4ac1a001c7b5%40shaw.ca.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Possible to add second interface to sys-firewall?

2017-10-06 Thread Unman

On Fri, Oct 06, 2017 at 03:41:26PM -0400, Ed wrote:
> On 10/06/2017 03:14 PM, Mike Keehan wrote:
> > On Fri, 6 Oct 2017 12:17:26 -0400
> > Ed  wrote:
> > 
> > > On 10/06/2017 12:10 PM, Mike Keehan wrote:
> > > 
> > > > 
> > > > Wouldn't it be possible to add a second Firewall VM to be used
> > > > solely by your special single vm?
> > > 
> > > Yes I believe this would def work, and also should be
> > > automatic/reliable across reboots, but I was really hoping to not
> > > give up 2-4GB of RAM just for this purpose.
> > > 
> > 
> > I think you will find that the firewall VM runs OK in just 500Mb, maybe
> > less.  Search the mail list for "vm memory" - there have been a number
> > of discussions about how much is actually used by the system VMs.  (I
> > can't remember the details off hand, or I would give more info!)
> > 
> > It is worth knowing that although a VM is initially set up with a 4Gb
> > memory allocation, it only uses what it needs.   The rest is still
> > available to the other qubes etc.
> > 
> > 
> > Mike.
> > 
> 
> You know that's not a bad point.  I never really looked into reducing the
> memory allotment.  I just know anecdotally on my systems the firewall vm's
> use 2-3GB (when left with the default max of 4GB).  I also know they will
> run on less if I'm pushing a system out of memory but I never though to just
> restrict them to less to start.
> 
> I'm not really strapped for memory on the machine I'm working with here so
> it does look like adding an additional firewall VM would be the easiest way
> to get what I want, it just seemed a tad wasteful to me, but perfect is the
> enemy of good
> 
> Appreciate the input!

I standardly reduce memory on all system qubes to 300M with no ill
effects, and restrict most of my other qubes to 400M.
Compiling and number crunching I set high.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171006224554.pzwyoets53mrh53j%40thirdeyesecurity.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Possible to add second interface to sys-firewall?

2017-10-06 Thread Mike Keehan

On Fri, 6 Oct 2017 12:17:26 -0400
Ed  wrote:

> On 10/06/2017 12:10 PM, Mike Keehan wrote:
> 
> > 
> > Wouldn't it be possible to add a second Firewall VM to be used
> > solely by your special single vm?
> >   
> 
> Yes I believe this would def work, and also should be
> automatic/reliable across reboots, but I was really hoping to not
> give up 2-4GB of RAM just for this purpose.
> 

I think you will find that the firewall VM runs OK in just 500Mb, maybe
less.  Search the mail list for "vm memory" - there have been a number
of discussions about how much is actually used by the system VMs.  (I
can't remember the details off hand, or I would give more info!)

It is worth knowing that although a VM is initially set up with a 4Gb
memory allocation, it only uses what it needs.   The rest is still
available to the other qubes etc.

   Mike.

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/20171006201423.20721c2b.mike%40keehan.net.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] Re: Possible to add second interface to sys-firewall?

Re: [qubes-users] Re: Possible to add second interface to sys-firewall?

Re: [qubes-users] Re: Possible to add second interface to sys-firewall?

3 matches

Site Navigation

Mail list logo

Footer information