Subscribe to the RSS Feed

 

VIMAGE - Better virtualization in FreeBSD 8

Now that FreeBSD 8 is out, among many changes we can find enhancements in the field of virtualization as well. A newly developed virtualization container called VIMAGE has been implemented to enable virtualization of the FreeBSD network stack.

As you may know previous releases of FreeBSD had support only for jails with IP addresses of the main network stack; meaning once you configured IP/IPv6 addresses on your host system, a subset of those addresses could be associated to each one of your jails. As simple as it sounds, it actually doesn’t let you perform several networking related tasks inside of a jail, and you couldn’t separate your jails from each other with a firewall as there were no real interfaces present in your system.

With VIMAGE you have a jail with full instance of the host’s networking stack, including loopback interface, routing tables, etc. Network interfaces created on the host system can be moved to any VIMAGE jail to enable its connection to the outside world with a new option of ifconfig called “vnet”.

vnet jail
Move the interface to the jail , specified by name or JID. If the jail has a virtual network stack, the interface will disap- pear from the current environment and become visible to the jail.

Note: Option “-vnet” does the opposite.

As you might not have as many network interfaces as jails, you might need some workarounds to tunnel network traffic between two interfaces of your system.

Forget TUN/TAP and VPNs. FreeBSD 8 has a special network device called epair , which lets you create a pair of interconnected ethernet interfaces. If you move one of them to a VIMAGE jail you are basicly done. Feel free to bridge them or use VLANs, they will still work. I don’t know about the overhead of epair, but if all you care about is security, this might be the best choice for you on FreeBSD.

To enable VIMAGE you have to add “option VIMAGE” to your kernel configuration file and recompile/reinstall it.

Posted 2009/11/27 22:06 by jos


Comments

  1. Dec 3, 09:27 PM

    Eric Says:

    Great post – I am having some issues with a similar setup – I have searched all over but this is a fairly new topic. If you think you might be able to offer some insight – please see this post! http://forums.freebsd.org/showthread.php?t=8901

    I greatly appreciate the help!

  2. May 13, 05:21 AM

    best Nikon sunglasses Says:

    Thank you for sharing with me. Those are very beautiful and i hope that you continue to make more of them.

  3. May 20, 05:13 AM

    women's Mont Blanc handbags Says:

    This article is very good, I like,
    thank you, I’m more understanding

  4. May 23, 04:14 AM

    SGPG replica handbags Says:

    Thank you! I LOVE this. I made one. I use it all the time. I will be posting a picture of mine and providing a link on my blog.

  5. Feb 17, 09:05 AM

    Elvie Deczky Says:

    Good write-up. I certainly appreciate this site. Stick with it.

  6. Mar 12, 08:49 AM

    http://www.copa.org.uk/modules.php?name=Your_account&op=userinfo&username=bebewetze Says:

    Valuable info. Lucky me I found your website unintentionally, and I’m stunned why this accident didn’t
    happened earlier! I bookmarked it.

  7. May 21, 02:43 PM

    farrah Says:

    I really like your blog.. very nice colors & theme.
    Did you create this website yourself or did you hire someone to do it for you?
    Plz answer back as I’m looking to design my own blog and would like to find out where u got this from. thanks a lot

  8. Oct 25, 01:45 PM

    kelly brook nude Says:

    What’s up to all, the contents existing at this web
    page are genuinely awesome for people experience, well,
    keep up the good work fellows.

Leave a Comment

Add your comment. Preview then Submit.


Hidden


Textile Help