Re: Enabling VIMAGE by default for FreeBSD 11?
On Wed, Oct 15, 2014 at 04:27:28PM -0700, Craig Rodrigues wrote: On Sun, Oct 12, 2014 at 6:35 AM, Kris Moore k...@pcbsd.org wrote: It was for a while in 9.2, but we removed it from 10.0 and later due to stability issues we kept getting reports about. Haven't tried it since then, dont know if those issues are fixed. I fixed some of the problems with VIMAGE that I encountered with Bluetooth: https://lists.freebsd.org/pipermail/svn-src-head/2013-July/049582.html ... which still lacks a proper implementation that doesn't constitute a gross layering violation in generic bus code. Hiroo Onoo submitted this patch, which I committed to fix problems with VIMAGE encountered with removable USB Ethernet: https://lists.freebsd.org/pipermail/svn-src-all/2014-February/081025.html Martin Matuska committed this fix for PF: https://lists.freebsd.org/pipermail/svn-src-head/2014-April/057803.html So a lot of the stability problems with VIMAGE which were in PC-BSD 9.2 and FreeBSD 9.x have been slowly been fixed. Marius ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
On Fri, 17 Oct 2014 13:37:37 +0200 Marius Strobl mar...@alchemy.franken.de wrote: On Wed, Oct 15, 2014 at 04:27:28PM -0700, Craig Rodrigues wrote: On Sun, Oct 12, 2014 at 6:35 AM, Kris Moore k...@pcbsd.org wrote: It was for a while in 9.2, but we removed it from 10.0 and later due to stability issues we kept getting reports about. Haven't tried it since then, dont know if those issues are fixed. I fixed some of the problems with VIMAGE that I encountered with Bluetooth: https://lists.freebsd.org/pipermail/svn-src-head/2013-July/049582.html ... which still lacks a proper implementation that doesn't constitute a gross layering violation in generic bus code. By all means please go ahead and propose a layering-clean alternative, not as ugly and intrusive as this part which I assume bodes you eyes: - return (device_attach(dev)); + + CURVNET_SET_QUIET(vnet0); + error = device_attach(dev); + CURVNET_RESTORE(); + return error; Marko Hiroo Onoo submitted this patch, which I committed to fix problems with VIMAGE encountered with removable USB Ethernet: https://lists.freebsd.org/pipermail/svn-src-all/2014-February/081025.html Martin Matuska committed this fix for PF: https://lists.freebsd.org/pipermail/svn-src-head/2014-April/057803.html So a lot of the stability problems with VIMAGE which were in PC-BSD 9.2 and FreeBSD 9.x have been slowly been fixed. Marius ___ freebsd-...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
On 10/17/14, 7:51 PM, Marko Zec wrote: On Fri, 17 Oct 2014 13:37:37 +0200 Marius Strobl mar...@alchemy.franken.de wrote: On Wed, Oct 15, 2014 at 04:27:28PM -0700, Craig Rodrigues wrote: On Sun, Oct 12, 2014 at 6:35 AM, Kris Moore k...@pcbsd.org wrote: It was for a while in 9.2, but we removed it from 10.0 and later due to stability issues we kept getting reports about. Haven't tried it since then, dont know if those issues are fixed. I fixed some of the problems with VIMAGE that I encountered with Bluetooth: https://lists.freebsd.org/pipermail/svn-src-head/2013-July/049582.html ... which still lacks a proper implementation that doesn't constitute a gross layering violation in generic bus code. By all means please go ahead and propose a layering-clean alternative, not as ugly and intrusive as this part which I assume bodes you eyes: - return (device_attach(dev)); + + CURVNET_SET_QUIET(vnet0); + error = device_attach(dev); + CURVNET_RESTORE(); + return error; Marko I think he means the entire bluetooth implementation, which is done from within netgraph. Hiroo Onoo submitted this patch, which I committed to fix problems with VIMAGE encountered with removable USB Ethernet: https://lists.freebsd.org/pipermail/svn-src-all/2014-February/081025.html Martin Matuska committed this fix for PF: https://lists.freebsd.org/pipermail/svn-src-head/2014-April/057803.html So a lot of the stability problems with VIMAGE which were in PC-BSD 9.2 and FreeBSD 9.x have been slowly been fixed. Marius ___ freebsd-...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org ___ freebsd-...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
On Sat, Oct 11, 2014 at 10:58 AM, Craig Rodrigues rodr...@freebsd.org wrote: Hi, What action items are left to enable VIMAGE by default for FreeBSD 11? Not everyone uses bhyve, so VIMAGE is quite useful when using jails. Based on the discussion in this thread, I started writing down a list of action items before enabling VIMAGE by default: https://wiki.freebsd.org/VIMAGE/TODO Does that look reasonable? -- Craig ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
On 10/17/14, 1:43 PM, vijju.singh wrote: We've seen issues with vnet delete causing stale pointers in mbufs referencing the per-vnet loopback interface (deleted with the vnet). you can also see this sort of problem with removable devices. e.g. USB network interfaces, so it's not unique to vnet. Sent via the Samsung GALAXY S®4, an ATT 4G LTE smartphone div Original message /divdivFrom: Dag-Erling Smørgrav d...@des.no /divdivDate:10/16/2014 10:39 AM (GMT-08:00) /divdivTo: Bjoern A. Zeeb bzeeb-li...@lists.zabbadoz.net /divdivCc: freebsd-...@freebsd.org,freebsd-virtualization@freebsd.org,freebsd-arch freebsd-a...@freebsd.org /divdivSubject: Re: Enabling VIMAGE by default for FreeBSD 11? /divdiv /divBjoern A. Zeeb bzeeb-li...@lists.zabbadoz.net writes: Dag-Erling Smørgrav d...@des.no writes: There are other serious issues with our current pf (checksum corruption) which I think can only be resolved by importing a newer version. Sorry, but you lost context. I was talking about security implications in VIMAGE context, not about random bugs. I realize that, but you're talking about patching our current pf, and I think that's a waste of time; we should import a newer version instead (which I assume already has those patches). DES ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
On Sun, Oct 12, 2014 at 6:35 AM, Kris Moore k...@pcbsd.org wrote: It was for a while in 9.2, but we removed it from 10.0 and later due to stability issues we kept getting reports about. Haven't tried it since then, dont know if those issues are fixed. I fixed some of the problems with VIMAGE that I encountered with Bluetooth: https://lists.freebsd.org/pipermail/svn-src-head/2013-July/049582.html Hiroo Onoo submitted this patch, which I committed to fix problems with VIMAGE encountered with removable USB Ethernet: https://lists.freebsd.org/pipermail/svn-src-all/2014-February/081025.html Martin Matuska committed this fix for PF: https://lists.freebsd.org/pipermail/svn-src-head/2014-April/057803.html So a lot of the stability problems with VIMAGE which were in PC-BSD 9.2 and FreeBSD 9.x have been slowly been fixed. -- Craig ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
Something that just popped up here in local hacking is ensuring that all the vnet state is correctly torn down _after_ the system has finished with things that reference it. For example, having the vnet state torn out from underneath say, active TCP timers that haven't yet been cleaned up. Is that fixed or not a problem in -HEAD? -a ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
On Sat, Oct 11, 2014 at 1:20 PM, Alexander V. Chernikov melif...@ipfw.ru wrote: On 11 Oct 2014, at 21:58, Craig Rodrigues rodr...@freebsd.org wrote: Hi, What action items are left to enable VIMAGE by default for FreeBSD 11? Are there any tests results showing performance implications on different network-related workloads? Alexander, Do you have a testbed where you could run a quick network test for non-virtualized workload: - CURRENT without VIMAGE in kernel config - CURRENT with VIMAGE in kernel config and provide some results ? -- Craig ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
在 14-10-13 0:38, Bjoern A. Zeeb 写道: On 12 Oct 2014, at 16:25 , Yamagi Burmeister li...@yamagi.org wrote: Hello, it's been a while since I tested VIMAGE, but at the last time somewhere in 10-CURRENT some UMA memory leaks were left when destroying vnets. They weren't showstoppers for most workloads, but pretty anoying... Have those been fixed? No, an old perforce branch of mine had all but the last TCP ones fixed. The code is still there. Did you mean it's still leaked with TCP services, eg. HTTP ? Simon ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
On Tue, Oct 14, 2014 at 8:20 AM, Craig Rodrigues rodr...@freebsd.org wrote: On Sat, Oct 11, 2014 at 1:20 PM, Alexander V. Chernikov melif...@ipfw.ru wrote: On 11 Oct 2014, at 21:58, Craig Rodrigues rodr...@freebsd.org wrote: Hi, What action items are left to enable VIMAGE by default for FreeBSD 11? Are there any tests results showing performance implications on different network-related workloads? Alexander, Do you have a testbed where you could run a quick network test for non-virtualized workload: - CURRENT without VIMAGE in kernel config - CURRENT with VIMAGE in kernel config and provide some results ? I can use my forwarding/firewalling 10Giga lab for testing VIMAGE impact. Here are my ministat results (smallest packet size, value in packet-per-second, about 2000 flows). = I didn't see lot's of performance impact with VIMAGE option added in kernel. Forwarding difference : x forwarding.r272978-VIMAGE + forwarding.r272978 +--+ |x +x x +++ xx +| | |_M__A| | | |MA| | +--+ N Min MaxMedian AvgStddev x 5 1929165 1998339 1963904 1966801.4 27506.256 + 5 1953943 2005868 1971503 1976523 19087.721 No difference proven at 95.0% confidence ipfw-statefull difference: x ipfw-statefull.r272978-VIMAGE + ipfw-statefull.r272978 +--+ | x x * * +x+ +| ||_MA__| | ||___M___A___| | +--+ N Min MaxMedian AvgStddev x 5 1490042 1531750 1503590 1505175 16403.596 + 5 1502719 1589778 1517320 1529871.8 35404.181 No difference proven at 95.0% confidence pf-statefull difference: x pf-statefull.r272978-VIMAGE + pf-statefull.r272978 +--+ |x++xx *+x +| ||__AM_| | | |A_M_| | +--+ N Min MaxMedian AvgStddev x 5 1315594 1341130 1334215 1331310 9769.922 + 5 1324108 1351078 1336257 1335044.2 10562.448 No difference proven at 95.0% confidence Regards ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
On Tue, 14 Oct 2014, Olivier Cochard-Labbé wrote: I can use my forwarding/firewalling 10Giga lab for testing VIMAGE impact. Here are my ministat results (smallest packet size, value in packet-per-second, about 2000 flows). = I didn't see lot's of performance impact with VIMAGE option added in kernel. Surely we would also want to test on some low-end networks as well ... we still have some 10/half networks here (luckily, nowhere that I frequent). -Ben ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
Alexander V. Chernikov wrote: On 11 Oct 2014, at 21:58, Craig Rodrigues rodr...@freebsd.org wrote: Hi, What action items are left to enable VIMAGE by default for FreeBSD 11? well the next step is to make it a dependancy so that free bsd won't install without it, and to inject it in many binaries that insure it's in use. like ssh ! the key is: 98 117C FE83 22EA B843 3E86 6486 4320 545E 1B2A FA1C just change anything you don't like in any jails being upgraded and tada you may get what's protected! can i have some? ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
Alexander V. Chernikov wrote: On 11 Oct 2014, at 21:58, Craig Rodrigues rodr...@freebsd.org wrote: Hi, What action items are left to enable VIMAGE by default for FreeBSD 11? Are there any tests results showing performance implications on different network-related workloads? Not everyone uses bhyve, so VIMAGE is quite useful when using jails. -- Craig ___ freebsd-...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org ___ freebsd-a...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-arch To unsubscribe, send any mail to freebsd-arch-unsubscr...@freebsd.org i know little about chroot jails or 7 ring processor levels but let me ask rhetorically ... do you mean VIMAGE allows a jail to use an iface device for many IPs or even MAC? i thought that was already the case all cards can listen - it's only a headers trick per say. but do you mean a chroot can have access to an iface (which there are pkg for setting up if i remember)? but if a jail is allowed to use an iface why not allocate it - meaning: what is the purpose of middleman vimage connecting device to jail unless there is a strict filter inbetween (ie, strippign headers, or even controlling what iface/routes are alllowed)? i can't see what it's for, but much less making it mandatorily injected upon all jailsm, except maybe it may BREAK existing jails by allowing net access where there is NOT supposed to be any / assumed not to be any if they old programmers didn't want anyone compiling software who logged in: they'd insure there was no compiler. if they didn't want typing at a terminal: they'd take away the keyboard right? ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
On Tue, Oct 14, 2014 at 11:17 AM, John D. Hendrickson and Sara Darnell johnandsa...@cox.net wrote: do you mean VIMAGE allows a jail to use an iface device for many IPs or even MAC? i thought that was already the case all cards can listen - it's only a headers trick per say. Search for VIMAGE here: https://www.freebsd.org/cgi/man.cgi?query=jail That gives a pretty good description of what VIMAGE and jails can do. -- Craig ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
On 13.10.2014 09:35, Julian Elischer wrote: On 10/12/14, 1:55 PM, wishmaster wrote: --- Original message --- From: Alexander V. Chernikov melif...@ipfw.ru Date: 11 October 2014, 23:20:39 On 11 Oct 2014, at 21:58, Craig Rodrigues rodr...@freebsd.org wrote: Hi, What action items are left to enable VIMAGE by default for FreeBSD 11? Are there any tests results showing performance implications on different network-related workloads? the last time we teste things vnet made things faster. if you spread 100 sessions over N vnets and had 100 sessions on one system, then there are 1/N as many locking collisions as each vnet is its own locking domain. Sure. I'm mostly concerned about performance impact on non-virtualized workloads (e.g. web server or firewall workload types). Julian ___ freebsd-...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
... is it enabled by default on pcbsd? -a ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
On Sat, Oct 11, 2014 at 11:15 PM, Adrian Chadd adr...@freebsd.org wrote: ... is it enabled by default on pcbsd? -a It was enabled in PCBSD here: https://github.com/trueos/trueos/commit/3108bbe003bc38339fbd4a26542b184b2ccb271a -- Craig ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
Should also add here that for those using PF as a firewall that VIMAGE enabled kernels don't play to well together Unless you like looking at cores all day. -- Jason Hellenthal Mobile: +1 (616) 953-0176 jhellent...@dataix.net JJH48-ARIN On Oct 12, 2014, at 01:15, Adrian Chadd adr...@freebsd.org wrote: ... is it enabled by default on pcbsd? -a ___ freebsd-...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
It was for a while in 9.2, but we removed it from 10.0 and later due to stability issues we kept getting reports about. Haven't tried it since then, dont know if those issues are fixed. On Oct 12, 2014, 2:15 AM, at 2:15 AM, Adrian Chadd adr...@freebsd.org wrote: ... is it enabled by default on pcbsd? -a ___ freebsd-a...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-arch To unsubscribe, send any mail to freebsd-arch-unsubscr...@freebsd.org ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
On 12 Oct 2014, at 16:25 , Yamagi Burmeister li...@yamagi.org wrote: Hello, it's been a while since I tested VIMAGE, but at the last time somewhere in 10-CURRENT some UMA memory leaks were left when destroying vnets. They weren't showstoppers for most workloads, but pretty anoying... Have those been fixed? No, an old perforce branch of mine had all but the last TCP ones fixed. The code is still there. — Bjoern A. Zeeb Come on. Learn, goddamn it., WarGames, 1983 ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
On Sun, Oct 12, 2014 at 5:33 AM, Allan Jude allanj...@freebsd.org wrote: On 2014-10-12 07:28, Jason Hellenthal wrote: Should also add here that for those using PF as a firewall that VIMAGE enabled kernels don't play to well together Unless you like looking at cores all day. There have been patches to address this. I know Martin m...@freebsd.org had something, I was talking to him about it at AsiaBSDCon this spring. pf patches for vnet have been committed to this branch: https://svnweb.freebsd.org/base/projects/pf/head/ Some of the patches have been merged to HEAD such as this: https://svnweb.freebsd.org/base?view=revisionrevision=264689 -- Craig ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
On 10/12/14, 1:55 PM, wishmaster wrote: --- Original message --- From: Alexander V. Chernikov melif...@ipfw.ru Date: 11 October 2014, 23:20:39 On 11 Oct 2014, at 21:58, Craig Rodrigues rodr...@freebsd.org wrote: Hi, What action items are left to enable VIMAGE by default for FreeBSD 11? Are there any tests results showing performance implications on different network-related workloads? the last time we teste things vnet made things faster. if you spread 100 sessions over N vnets and had 100 sessions on one system, then there are 1/N as many locking collisions as each vnet is its own locking domain. Julian ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
Re: Enabling VIMAGE by default for FreeBSD 11?
On 11 Oct 2014, at 21:58, Craig Rodrigues rodr...@freebsd.org wrote: Hi, What action items are left to enable VIMAGE by default for FreeBSD 11? Are there any tests results showing performance implications on different network-related workloads? Not everyone uses bhyve, so VIMAGE is quite useful when using jails. -- Craig ___ freebsd-...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to freebsd-virtualization-unsubscr...@freebsd.org
