Re: VIMAGE, epair/if_bridge or netgraph?
29 mar 2014 kl. 19:08 skrev dte...@freebsd.org: -Original Message- From: dte...@freebsd.org [mailto:dte...@freebsd.org] Sent: Saturday, March 29, 2014 10:58 AM To: 'Palle Girgensohn' Cc: freebsd-virtualization@FreeBSD.org; 'Devin Teske' Subject: RE: VIMAGE, epair/if_bridge or netgraph? -Original Message- From: owner-freebsd-virtualizat...@freebsd.org [mailto:owner-freebsd- virtualizat...@freebsd.org] On Behalf Of Palle Girgensohn Sent: Monday, June 11, 2012 2:37 PM To: freebsd-virtualization@FreeBSD.org Subject: VIMAGE, epair/if_bridge or netgraph? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I'm updating some jail servers, and want to use VIMAGE. Compiled it into the kernel, learned the hard way not to even include PF in the same kernel [1], so now it works quite well. I am setting up many similar jails, some for testing, some for production. The applications are web servers, som tomcat+apache's, and some other standard type of services like email and ldap, simple stuff. I need no fancy network control, I just need it to work. For each jail there are two interfaces, one public, connected to a software bridge (if_bridge or ng_bridge) acting as a switch, and one internal, for maintenance, connected to a different software bridge. To each software bridge, I connect a physical external interface from the jail host. I am trying to decide whether to use epair and if_bridge, or to use netgraph. For netgraph, there is a nice package at DruidBSD [3]. When I found that, I had already rewritten the standard jail script, using the v2 patches from polymorf [4]. They work equally fine for my purpose. So now I need to know which scales best, is there a difference in performance or stability between netgraph and epair/if_bridge? Cheers, Palle [1] http://forums.freebsd.org/showthread.php?t=31765 [2] http://forums.freebsd.org/showthread.php?t=31949 [3] http://druidbsd.sourceforge.net/vimage.shtml [4] http://wiki.polymorf.fr/index.php?title=Howto:FreeBSD_jail_vnet [Devin Teske] Never saw a reply to this and I'm locating round-tuits to tackle e-mails that I've marked as needing reply: I have not profiled Ugh, that was originally I have not profiled [epair but I have profiled] netgraph -- Cheers, Devin netgraph to have a limitation of 65530 eiface devices off a single if_bridge, but are allowed multiple bridges with that many devices. The problems that you run into with that many devices is that if all the interfaces are visible to a single jail or single host... your ifconfig command could take several hours (about 4) to enumerate each iface to the screen. I didn't mess much with epair because it failed to produce a situation where I could speak separate subnets over the same wire. Netgraph made it easy by way of being able to enable promiscuous and disable the autosrc feature (as you perhaps already found in my code you linked to above). -- Cheers, Devin Thanks for the response. I have since created a setup with epair, only to abandon it and pursue a setup with netgraph instead. I can't yet say which will best serve my needs, I can get back to that when I have more data. I do know that shutting down a jail that has epairs enabled very likely will panic the kernel. I'm not certain that netgraph is any different, but I have no data yey. I do know that some fixes have been made to kernel to avoid crashes. I'll get back with more info as I have more info to reveal. :) Cheers, Palle signature.asc Description: Message signed with OpenPGP using GPGMail
RE: VIMAGE, epair/if_bridge or netgraph?
-Original Message- From: Palle Girgensohn [mailto:gir...@freebsd.org] Sent: Monday, March 31, 2014 4:44 AM To: dte...@freebsd.org Cc: freebsd-virtualization@FreeBSD.org Subject: Re: VIMAGE, epair/if_bridge or netgraph? 29 mar 2014 kl. 19:08 skrev dte...@freebsd.org: -Original Message- From: dte...@freebsd.org [mailto:dte...@freebsd.org] Sent: Saturday, March 29, 2014 10:58 AM To: 'Palle Girgensohn' Cc: freebsd-virtualization@FreeBSD.org; 'Devin Teske' Subject: RE: VIMAGE, epair/if_bridge or netgraph? -Original Message- From: owner-freebsd-virtualizat...@freebsd.org [mailto:owner-freebsd- virtualizat...@freebsd.org] On Behalf Of Palle Girgensohn Sent: Monday, June 11, 2012 2:37 PM To: freebsd-virtualization@FreeBSD.org Subject: VIMAGE, epair/if_bridge or netgraph? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I'm updating some jail servers, and want to use VIMAGE. Compiled it into the kernel, learned the hard way not to even include PF in the same kernel [1], so now it works quite well. I am setting up many similar jails, some for testing, some for production. The applications are web servers, som tomcat+apache's, and some other standard type of services like email and ldap, simple stuff. I need no fancy network control, I just need it to work. For each jail there are two interfaces, one public, connected to a software bridge (if_bridge or ng_bridge) acting as a switch, and one internal, for maintenance, connected to a different software bridge. To each software bridge, I connect a physical external interface from the jail host. I am trying to decide whether to use epair and if_bridge, or to use netgraph. For netgraph, there is a nice package at DruidBSD [3]. When I found that, I had already rewritten the standard jail script, using the v2 patches from polymorf [4]. They work equally fine for my purpose. So now I need to know which scales best, is there a difference in performance or stability between netgraph and epair/if_bridge? Cheers, Palle [1] https://urldefense.proofpoint.com/v1/url?u=http://forums.freebsd.org /showthread.php?t%3D31765k=%2FbkpAUdJWZuiTILCq%2FFnQg%3D%3D %0Ar=Mr js6vR4%2Faj2Ns9%2FssHJjg%3D%3D%0Am=55OQxWzTO24ZzksQHz%2Bx0S %2BolAmp ovPuqBDL%2FSJ3eiM%3D%0As=14d4e7005de0720881a8a37c21d7738c5efac 19fd3 6a40fd9d86339469412b1c [2] https://urldefense.proofpoint.com/v1/url?u=http://forums.freebsd.org /showthread.php?t%3D31949k=%2FbkpAUdJWZuiTILCq%2FFnQg%3D%3D %0Ar=Mr js6vR4%2Faj2Ns9%2FssHJjg%3D%3D%0Am=55OQxWzTO24ZzksQHz%2Bx0S %2BolAmp ovPuqBDL%2FSJ3eiM%3D%0As=526e98adfe7b28bb2e9387eda1ad4745c142 4e8662 2109a1b26d53e1ed4526b3 [3] https://urldefense.proofpoint.com/v1/url?u=http://druidbsd.sourcefor ge.net/vimage.shtmlk=%2FbkpAUdJWZuiTILCq%2FFnQg%3D%3D%0Ar= Mrjs6vR4 %2Faj2Ns9%2FssHJjg%3D%3D%0Am=55OQxWzTO24ZzksQHz%2Bx0S%2Bol AmpovPuqB DL%2FSJ3eiM%3D%0As=fa628e6b3896b8f1b75b2eda070a9b65375e564e736 21da1 ddf12c18fe56c612 [4] https://urldefense.proofpoint.com/v1/url?u=http://wiki.polymorf.fr/i ndex.php?title%3DHowto:FreeBSD_jail_vnetk=%2FbkpAUdJWZuiTILCq%2F FnQ g%3D%3D%0Ar=Mrjs6vR4%2Faj2Ns9%2FssHJjg%3D%3D%0Am=55OQxWz TO24ZzksQH z%2Bx0S%2BolAmpovPuqBDL%2FSJ3eiM%3D%0As=2762f34c39dd7b58b8b3 98d89fa 0f7fe7e4900978664f25eafb66e1d4aedcdeb [Devin Teske] Never saw a reply to this and I'm locating round-tuits to tackle e-mails that I've marked as needing reply: I have not profiled Ugh, that was originally I have not profiled [epair but I have profiled] netgraph -- Cheers, Devin netgraph to have a limitation of 65530 eiface devices off a single if_bridge, but are allowed multiple bridges with that many devices. The problems that you run into with that many devices is that if all the interfaces are visible to a single jail or single host... your ifconfig command could take several hours (about 4) to enumerate each iface to the screen. I didn't mess much with epair because it failed to produce a situation where I could speak separate subnets over the same wire. Netgraph made it easy by way of being able to enable promiscuous and disable the autosrc feature (as you perhaps already found in my code you linked to above). -- Cheers, Devin Thanks for the response. I have since created a setup with epair, only to abandon it and pursue a setup with netgraph instead. I can't yet say which will best serve my needs, I can get back to that when I have more data. I do know that shutting down a jail that has epairs enabled very likely will panic the kernel. I'm not certain that netgraph is any different, but I have no data yey. I do know that some fixes have been made to kernel to avoid crashes. I'll get back with more info as I have more info to reveal. :) In my experience (which has been with 8.1, 8.3, 8.4, stable/8, 9.0,
Bhyve support in Libvirt
Hi! I was suggested it'd be useful to share that info on this list. The news is that libvirt 1.2.2 released around a month ago was the first libvirt version with Bhyve support! Libvirt is the virtualization library which aims to provide a unified API for hypervisors (and actually even more things, storage for example). Libvirt webpage is here: http://libvirt.org/ I've provided some more details in a blog post I wrote couple of weeks ago: http://empt1e.blogspot.ru/2014/03/bhyve-in-libvirt.html also, there is some info on the Qemu driver status as well in the blog, if you're interested. Roman Bogorodskiy pgpTgbNt36J7l.pgp Description: PGP signature
Bhyve on a Core i7-920
Howdy folks, i have encountered a strange issue when i was trying to run CentOS 6.5 with bhyve on a server with 11.0-CURRENT FreeBSD Installed: VM unrestricted guest capability required Error in initializing VM the machine has 48GB of ram, and the cpu is a i7 920 as stated in the subject of this email. It has the instructions required to run bhyve ( VMX and POPCNT, as they appear in the dmesg log and in the Intel's Ark: http://ark.intel.com/products/37147/Intel-Core-i7-920-Processor-8M-Cache-2_66-GHz-4_80-GTs-Intel-QPI?q=core%20i7-920 ). Is there something wrong with this CPU? Thanks Brando ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Bhyve support in Libvirt
On Mon, Mar 31, 2014 at 10:00 AM, Roman Bogorodskiy no...@freebsd.org wrote: http://empt1e.blogspot.ru/2014/03/bhyve-in-libvirt.html This is a huge step forward for bhyve! Thank you! There is a sizable ecosystem of software for managing hypervisors built on top of libvirt. Have you tested any of this software, such as virsh? Are there any GUI or web UI utilities built on top of libvirt which work with bhyve? You might want to consider submitting a status report at: https://www.freebsd.org/news/status/status.html -- Craig ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Bhyve on a Core i7-920
Do you have VT-d enabled in your bios? A disturbingly large number of servers and workstations come set factory default with virtualization support disabled. -Daniel bRa B bra...@itaserv.net writes: Howdy folks, i have encountered a strange issue when i was trying to run CentOS 6.5 with bhyve on a server with 11.0-CURRENT FreeBSD Installed: VM unrestricted guest capability required Error in initializing VM the machine has 48GB of ram, and the cpu is a i7 920 as stated in the subject of this email. It has the instructions required to run bhyve ( VMX and POPCNT, as they appear in the dmesg log and in the Intel's Ark: http://ark.intel.com/products/37147/Intel-Core-i7-920-Processor-8M-Cache-2_66-GHz-4_80-GTs-Intel-QPI?q=core%20i7-920 ). Is there something wrong with this CPU? Thanks Brando ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Bhyve support in Libvirt
Craig Rodrigues wrote: On Mon, Mar 31, 2014 at 10:00 AM, Roman Bogorodskiy no...@freebsd.org wrote: http://empt1e.blogspot.ru/2014/03/bhyve-in-libvirt.html This is a huge step forward for bhyve! Thank you! There is a sizable ecosystem of software for managing hypervisors built on top of libvirt. Have you tested any of this software, such as virsh? Are there any GUI or web UI utilities built on top of libvirt which work with bhyve? virsh is an official client that is a part of libvirt. I use it for development and testing and also it's the main tool I use to manage VMs with libvirt. I know there's a GUI application called virt-manager (deskutils/virt-manager port), but I didn't try that. I'm not aware of web UI applications, but I didn't looks specifically. You might want to consider submitting a status report at: https://www.freebsd.org/news/status/status.html I'll take a look, thanks for a suggestion. Roman Bogorodskiy ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org