Re vkernel and all

Oliver Fromme check+jbwoi100rsdzxbzw at fromme.com
Mon Jan 15 03:10:29 PST 2007


Yury Tarasievich wrote:
 > Regarding the vkernel work and other exciting things happening: how
 > (if at all) will this affect the scope of the application base
 > supported by dragonfly?

In addition to what Matt and others wrote, I have a few
ideas for what kind of things vkernels might be useful.

For example, an admin could easily emulate a network on
a single machine.  Given the fact that each vkernel has
its own TCP/IP stack, own routing table, packet filter
etc., you can set up a network testing machine.  You run
several virtual network components (routers, switches,
fire walls, file servers etc.), each its own vkernel,
and interconnect themp with virtual vke/tap interfaces
and bridges.  That's a whole lot better, cheaper and
faster (once you have set up vkernel templates for your
virtual components) than stacking physical hardware and
plugging real RJ45 cables.  There are people doing such
network testing and evaluation with vmware on Linux or
with qemu on FreeBSD.  It should certainly be possible
to do the same with DragonFly's vkernels.

Another use of vkernels is, of course, to build secure
environments.  Just like the jail(2) feature, but with
an even stronger separation from the host system.  I
think the vkernel feature will be appreciated by people
who are sufficiently paranoid.

Of course, a vkernel costs a lot more resources than a
jail, especially because you have to assign a certain
amount of RAM to the virtual machine.  While you can
run hundreds of jails at once on a single machine with
moderate RAM, you probably can run only a dozen vkernels
(or less) on the same machine, depending on what you
need to run inside them.

I'm sure people will find more uses that vkernels.

Best regards
   Oliver

-- 
Oliver Fromme,  secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing
Dienstleistungen mit Schwerpunkt FreeBSD: http://www.secnetix.de/bsd

Any opinions expressed in this message may be personal to the author
and may not necessarily reflect the opinions of secnetix in any way.





More information about the Kernel mailing list